Certified Ethical Hacker (CEH v13) — Question 45

During a comprehensive security assessment, your cybersecurity team at XYZ Corp stumbles upon signs that point toward a possible Advanced Persistent Threat (APT) infiltration in the network infrastructure. These sophisticated threats often exhibit subtle indicators that distinguish them from other types of cyberattacks. To confirm your suspicion and adequately isolate the potential APT, which of the following actions should you prioritize?

Answer options

• A. Investigate for anomalies in file movements or unauthorized data access attempts within your database system
• B. Scrutinize for repeat network login attempts from unrecognized geographical regions
• C. Vigilantly monitor for evidence of zero-day exploits that manage to evade your firewall or antivirus software
• D. Search for proof of a spear-phishing attempt, such as the presence of malicious emails or risky attachments

Correct answer: A

Explanation

The correct answer is A because investigating anomalies in file movements or unauthorized data access is critical in identifying APTs, which often exfiltrate data. Options B, C, and D, while relevant to cybersecurity, do not directly address the subtle indicators typical of APTs or focus on potential data compromise, which is a primary concern in such situations.