MOST LIKELY to leave discoverable artifacts is the key phrase here. While active recon CAN leave artifacts, you can use sparse techniques which are almost completely unnoticeable. Data collection and exfiltration is more likely to leave artifacts.
I sided with A until I read this...
Artifacts are residual traces left behind by the actions of attackers or malicious actors within a computer system or network. These artifacts can include log files, event records, system logs, network traffic captures, timestamps, registry entries, and more.
Recon was passive and ACTIVE so there must of been traces of evidence.
My answer is D.
Active reconnaissance mean interacting with the network and that is the fastest way to get caught . C is living off the land very limited chances of being notice.
D - Data collection/exfiltration: APT X stages and exfiltrates data sets ranging from 1GB to 5GB. This phase involves copying files from the target's systems and transferring them to external servers controlled by the group. This phase is also likely to leave artifacts as it involves creating new files, modifying existing files, and transferring data over the network. These activities can be detected by monitoring network traffic, analyzing system logs, and using file integrity monitoring tools.
Artifact: A piece of data that may or may not be relevant to the investigation / response. Examples include registry keys, files, time stamps, and event logs. You can see many defined in the ForensicArtifacts project on github.
I would select D - Reconnaisance as they did also Active Reconnaisance and Reconnaisance is part of Lockhead Martin Kill chain.
Defenseive evasion - is not mentioned at all in the APT description.
Lateral movement is done using existing resources so has small potential to leave artifacts
DataCollection / Exfiltration has the potential if they are logging netflow data and see the anomaly...
They are asking for the most likely so I would go with Reconnaisnace(D)
This section is not available anymore. Please use the main Exam Page.CS0-002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
DonRonJon
1 year, 7 months agodickchappy
1 year, 7 months agoChilaqui1es
1 year, 8 months agoBig_Dre
1 year, 9 months agoBig_Dre
1 year, 10 months agoSleezyglizzy
1 year, 11 months agoHotWings8
1 year, 11 months agoHotWings8
1 year, 11 months agoHershey2025
2 years agokarpal
2 years agotutita
2 years agoMeowson
2 years, 1 month ago