CompTIA CASP+ (CAS-003) — Question 266

During a security assessment, activities were divided into two phases: internal and external exploitation. The security assessment team set a hard time limit on external activities before moving to a compromised box within the enterprise perimeter.
Which of the following methods is the assessment team most likely to employ NEXT?

Answer options

• A. Pivoting from the compromised, moving laterally through the enterprise, and trying to exfiltrate data and compromise devices.
• B. Conducting a social engineering attack attempt with the goal of accessing the compromised box physically.
• C. Exfiltrating network scans from the compromised box as a precursor to social media reconnaissance
• D. Open-source intelligence gathering to identify the network perimeter and scope to enable further system compromises.

Correct answer: A

Explanation

The correct answer is A because pivoting allows the assessment team to leverage the compromised box to gain access to other systems within the network, facilitating data exfiltration and further compromises. Options B and C focus on physical access or preliminary reconnaissance, which are less effective after gaining a foothold in the network. Option D, while useful for initial assessments, is not the immediate next step after compromising a system.