Register
During a security assessment, activities were divided into two phases: internal and external exploitation. The security assessment team set a hard time limit on external activities before moving to a compromised
145k views
4 votes
During a security assessment, activities were divided into two phases: internal and external exploitation. The security assessment team set a hard time limit on external activities before moving to a compromised box within the enterprise perimeter.

Which of the following methods is the assessment team most likely to employ NEXT?

A. Pivoting from the compromised, moving laterally through the enterprise, and trying to exfiltrate data and compromise devices.
B. Conducting a social engineering attack attempt with the goal of accessing the compromised box physically.
C. Exfiltrating network scans from the compromised box as a precursor to social media reconnaissance
D. Open-source intelligence gathering to identify the network perimeter and scope to enable further system compromises.

User Mafei
by
8.0k points

1 Answer

0 votes

Final answer:

Following the preliminary external activities, the security team will likely pivot from the compromised system to conduct internal exploitation, like lateral movement and data exfiltration, to assess defense effectiveness.

Step-by-step explanation:

After the security assessment team has limited their external activities and moved to a compromised box within the enterprise perimeter, the method they are most likely to employ next is pivoting from the compromised system. This involves moving laterally through the enterprise network, trying to exfiltrate data and compromise additional devices. The goal of this phase is to simulate an attacker leveraging the initial foothold to deepen their presence within the network, assessing the effectiveness of the internal defenses and the potential impact of an internal threat.

This approach is consistent with using intelligence services to defeat external threats and using counterintelligence services to protect from internal threats by exposing vulnerabilities. The assessment team's activities during the internal exploitation phase will be based on gathering evidence to demonstrate the reality of the threat and the workability of the potential solutions, while complying with legal frameworks such as the Personal Data Notification & Protection Act of 2017.

User Abhijithvijayan
by
7.7k points
Ask a Question
Welcome to QAmmunity.org, where you can ask questions and receive answers from other members of our community.

9.4m questions

12.1m answers

Other Questions

“What does it mean when we “rework” copyrighted material?”
Seven basic internal components found in a computer tower
Please help me ! All you do is just put it it all in your own words ! Please this is for my reported card!i don't know how to put it in my own words because my English is not that good!
Explain why binary codes are used to represent characters, numbers and symbols :)
What is an example of a dedicated computer system?
Link Copied!