A technician is reviewing the logs and notices a large number of files were transferred to remote sites over the course of three months. This activity then stopped.
The files were transferred via TLS-protected HTTP sessions from systems that do not send traffic to those sites.
The technician will define this threat as:
This scenario describes an advanced persistent threat (APT). An APT is characterized by prolonged and targeted cyber activities aimed at specific organizations or systems. The activity described involved the transfer of a large number of files over three months, indicating persistent and covert action. Additionally, advanced techniques like utilizing TLS-protected HTTP sessions to avoid detection further suggest that this is an APT. The existence of unusual traffic patterns, where systems that do not typically send traffic to those remote sites were involved, reinforces the notion of a targeted and well-planned operation typical of APTs.
C. An advanced persistent threat. This question doesn't describe a DROWN, Zero-Day or on-path attack. The malicious actor was persistent over time (three months) and exfiltrated the data it needed. Then stopped once its objective was met.
The malicious actor was persistent over time (three months) and exfiltrated the data it needed. Then stopped once the objective was met.
APT fits the description
C - Advance Persistent Threat
APT Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)
I agree with CKRET's analysis. C seems to be correct.
The key characteristics of an APT that align with the scenario described are: Prolonged activity: The large number of files were transferred over three months. Stealthy operation: The activity was detected after the fact, indicating the attackers were able to operate without immediate detection. Unexpected sources: The systems involved in the transfer do not typically send traffic to those remote sites, indicating unusual and targeted behavi
The threat described, where a large number of files were transferred to remote sites via TLS-protected HTTP sessions from systems that do not usually send traffic to those sites, is commonly indicative of: C. An advanced persistent threat (APT).
C. I might lean towards A if it said SSL, but TLS is the successor to SSL...
The Decrypting RSA with Obsolete and Weakened Encryption (DROWN) Attack is a serious vulnerability that affects HTTPS and other services that rely on Secure Sockets Layer (SSL)/Transport Layer Security (TLS).
It doesn't say what version of TLS (1.0 , 1.1, 1.2 - all backwards compatible) which maybe would have pointed more towards DROWN more. The answer is APT, it was over three months and undetected during the data breach.