Certified Ethical Hacker (CEH v13) — Question 149

In a recent cyber-attack against a large corporation, an unknown adversary compromised the network and began escalating privileges and lateral movement. The security team identified that the adversary used a sophisticated set of techniques, specifically targeting zero-day vulnerabilities. As a Certified Ethical Hacker (CEH) hired to understand this attack and propose preventive measures, which of the following actions will be most crucial for your initial analysis?

Answer options

• A. Identifying the specific tools used by the adversary for privilege escalation.
• B. Analyzing the initial exploitation methods, the adversary used.
• C. Checking the persistence mechanisms used by the adversary in compromised systems.
• D. Investigating the data exfiltration methods used by the adversary.

Correct answer: B

Explanation

The correct answer is B because understanding the initial exploitation methods provides crucial insight into how the attacker gained access, which is essential for preventing future incidents. While identifying tools (A), checking persistence mechanisms (C), and investigating data exfiltration (D) are important, they are secondary to understanding the initial entry point that allowed the attack to occur.