CertNexus Certified Cyber Secure Coder (CSC) — Question 99

While performing routing maintenance on a Windows Server, a technician notices several unapproved Windows Updates and that remote access software has been installed. The technician suspects that a malicious actor has gained access to the system. Which of the following steps in the attack process does this activity indicate?

Answer options

• A. Expanding access
• B. Covering tracks
• C. Scanning
• D. Persistence

Correct answer: A

Explanation

The correct answer is A, as the installation of unauthorized updates and remote access software indicates that the attacker is attempting to broaden their control over the compromised system. Options B, C, and D do not accurately reflect this activity, as covering tracks relates to obfuscating evidence, scanning involves searching for vulnerabilities, and persistence refers to maintaining access over time.