Certified Threat Intelligence Analyst (CTIA) — Question 22

John, a professional hacker, is trying to perform APT attack on the target organization network. He gains access to a single system of a target organization and tries to obtain administrative login credentials to gain further access to the systems in the network using various techniques.
What phase of the advanced persistent threat lifecycle is John currently in?

Answer options

• A. Initial intrusion
• B. Search and exfiltration
• C. Expansion
• D. Persistence

Correct answer: C

Explanation

John is in the Expansion phase because he has already gained access to the system and is working to obtain further credentials to enhance his access. The Initial intrusion stage refers to gaining the first entry point, while Search and exfiltration involves gathering and extracting data, and Persistence relates to maintaining access over time.