Certified Ethical Hacker (CEH v12) — Question 181

In a recent cyber-attack against a large corporation, an unknown adversary compromised the network and began escalating privileges and lateral movement. The security team identified that the adversary used a sophisticated set of techniques, specifically targeting zero-day vulnerabilities. As a Certified Ethical Hacker (CEH) hired to understand this attack and propose preventive measures, which of the following actions will be most crucial for your initial analysis?

Answer options

• A. Identifying the specific tools used by the adversary for privilege escalation.
• B. Analyzing the initial exploitation methods, the adversary used.
• C. Checking the persistence mechanisms used by the adversary in compromised systems.
• D. Investigating the data exfiltration methods used by the adversary.

Correct answer: B

Explanation

The initial analysis should focus on the methods the adversary used for exploitation, as this provides insights into how the breach occurred and reveals vulnerabilities that need immediate attention. Identifying tools for privilege escalation, persistence mechanisms, and data exfiltration methods are important but come after understanding the initial exploitation techniques, which are critical for formulating a defense strategy.