Register
A security analyst receives an email from a peer that includes a sample of code from a piece of malware found in an application running in the organization's staging environment. During the incident response
86.9k views
1 vote
A security analyst receives an email from a peer that includes a sample of code from a piece of malware found in an application running in the organization's staging environment. During the incident response process, it is determined the code was introduced into the environment as a result of a compromised laptop being used to harvest credentials and access the organization's code repository. While the laptop itself was not used to access the code repository, an attacker was able to leverage the harvested credentials from another system in the development environment to bypass the ACLs limiting access to the repositories.

Which of the following controls MOST likely would have interrupted the kill chain in this attack?

A. IP whitelisting on the perimeter firewall
B. MFA for developer access
C. Dynamic analysis scans in the production environment
D. Blue team engagement in peer-review activities
E. Time-based restrictions on developer access to code repositories

User Monogate
by
7.7k points

1 Answer

1 vote

Final answer:

MFA for developer access is the control that most likely would have interrupted the kill chain in this attack.

Step-by-step explanation:

The control that MOST likely would have interrupted the kill chain in this attack is MFA for developer access. Multi-Factor Authentication (MFA) adds an extra layer of security by requiring users to provide multiple credentials to verify their identity. In this case, if MFA was implemented for developer access, the compromised laptop's harvested credentials would not have been sufficient to bypass ACLs and access the code repository. Even if the harvested credentials were used, the attacker would still need to provide the secondary authentication factor to gain access.



IP whitelisting on the perimeter firewall could help restrict access to the organization's network, but it would not have prevented the attacker from leveraging the harvested credentials to bypass ACLs.



Dynamic analysis scans in the production environment are important for detecting and addressing potential malware, but in this case, the compromise occurred through a different pathway and would not have been stopped by these scans.



Engagement in peer-review activities by the blue team could help identify security flaws and vulnerabilities in code, but it may not have prevented the initial compromise and access to the code repository.



Time-based restrictions on developer access to code repositories might limit the window during which an attacker could access the repositories, but it would not address the issue of compromised credentials being used to bypass ACLs.

User Alconja
by
8.1k points
Ask a Question
Welcome to QAmmunity.org, where you can ask questions and receive answers from other members of our community.

8.6m questions

11.3m answers

Other Questions

“What does it mean when we “rework” copyrighted material?”
The book shows how to add and subtract binary and decimal numbers. However, other numbering systems are also very popular when dealing with computers. The octal (base 8) numbering system is one of these.
Seven basic internal components found in a computer tower
Please help me ! All you do is just put it it all in your own words ! Please this is for my reported card!i don't know how to put it in my own words because my English is not that good!
describe an advance in technology that makes life more enjoyable. what discoveries contribute to this technology?
Link Copied!