Certified Ethical Hacker (CEH v12) — Question 238

During a comprehensive security assessment, your cybersecurity team at XYZ Corp stumbles upon signs that point toward a possible Advanced Persistent Threat (APT) infiltration in the network infrastructure. These sophisticated threats often exhibit subtle indicators that distinguish them from other types of cyberattacks. To confirm your suspicion and adequately isolate the potential APT, which of the following actions should you prioritize?

Answer options

• A. Investigate for anomalies in file movements or unauthorized data access attempts within your database system
• B. Scrutinize for repeat network login attempts from unrecognized geographical regions
• C. Vigilantly monitor for evidence of zero-day exploits that manage to evade your firewall or antivirus software
• D. Search for proof of a spear-phishing attempt, such as the presence of malicious emails or risky attachments

Correct answer: A

Explanation

The correct answer is A because investigating anomalies in file movements or unauthorized data access can reveal signs of APT activity, which is characterized by stealthy data exfiltration. While options B, C, and D are also important security measures, they are not as directly indicative of APT behavior as monitoring file and data access anomalies.