CompTIA Security Plus Mock Test Q660

After analyzing and correlating activity from multiple sensors, the security administrator has determined that a group of very well organized individuals from an enemy country is responsible for various attempts to breach the company network, through the use of very sophisticated and targeted attacks. Which of the following is this an example of?

A. Privilege escalation
B. Advanced persistent threat
C. Malicious insider threat
D. Spear phishing

Correct Answer: B
Section: Threats and Vulnerabilities

Explanation:
Definitions of precisely what an APT is can vary widely, but can best be summarized by their named requirements:
Advanced – Criminal operators behind the threat utilize the full spectrum of computer intrusion technologies and techniques. While individual components of the attack may not be
classed as particularly “advanced” (e.g. malware components generated from commonly available DIY construction kits, or the use of easily procured exploit materials), their operators
can typically access and develop more advanced tools as required. They combine multiple attack methodologies and tools in order to reach and compromise their target.
Persistent – Criminal operators give priority to a specific task, rather than opportunistically seeking immediate financial gain. This distinction implies that the attackers are guided by
external entities. The attack is conducted through continuous monitoring and interaction in order to achieve the defined objectives. It does not mean a barrage of constant attacks and
malware updates. In fact, a “low-and-slow” approach is usually more successful.
Threat – means that there is a level of coordinated human involvement in the attack, rather than a mindless and automated piece of code. The criminal operators have a specific
objective and are skilled, motivated, organized and well funded.

Incorrect Answers:
A: Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are
normally protected from an application or user. The attack described in the question is not an example of privilege escalation.
C: A malicious insider threat as the name suggests is carried out by an insider. In this question, the attackers are in an enemy country.
D: Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. As with the e-mail messages used in
regular phishing expeditions, spear phishing messages appear to come from a trusted source. Phishing messages usually appear to come from a large and well-known company or
Web site with a broad membership base, such as eBay or PayPal. In the case of spear phishing, however, the apparent source of the e-mail is likely to be an individual within the
recipient’s own company and generally someone in a position of authority. The attack described in the question is not an example of spear phishing.

References:
https://www.damballa.com/advanced-persistent-threats-a-brief-description/
http://searchsecurity.techtarget.com/definition/spear-phishing