Certified Information Systems Security Professional (CISSP) — Question 198

Which of the following attacks describes the intent behind the pivoting method used by attackers or penetration testers?

Answer options

• A. Interrupt the communications flows on the network
• B. Use a compromised or obsolete system to traverse the network
• C. Extract sensitive data from resources on the network
• D. Escalate compromised user permissions within the network

Correct answer: B

Explanation

The correct answer is B, as pivoting involves using a compromised system to move laterally within a network to access other systems. Options A, C, and D describe different attack methods that do not specifically relate to the concept of pivoting, which focuses on traversing the network using an already compromised system.