CompTIA CASP+ (CAS-004) — Question 637
A law firm experienced a breach in which access was gained to a secure server. During an investigation to determine how the breach occurred, an employee admitted to clicking on a spear-phishing link. A security analyst reviewed the event logs and found the following:
• PAM had not been bypassed.
• DLP did not trigger any alerts.
• The antivirus was updated to the most current signatures.
Which of the following MOST likely occurred?
Answer options
- A. Exploitation
- B. Exfiltration
- C. Privilege escalation
- D. Lateral movement
Correct answer: D
Explanation
The most likely scenario is lateral movement because the security measures in place, such as PAM and updated antivirus, were not compromised. Since DLP did not trigger any alerts, it suggests the data was not exfiltrated or exploited, but rather that the attacker moved within the network after the initial access through the spear-phishing link.