ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam
Go to Exam

Exam CAS-004 topic 1 question 579 discussion

Actual exam question from CompTIA's CAS-004
Question #: 579
Topic #: 1
[All CAS-004 Questions]

During an active attack, a security analyst evaluated a system for indicators of compromise. As part of the initial attack, the attacker executed a buffer overflow to perform privilege escalation. The file integrity monitoring system received an alert indicating an escalation. In which of the following MITRE ATT&CK framework phases does this alert belong?

  • A. Reconnaissance
  • B. Data gathering
  • C. Persistence
  • D. Pivoting
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Bright07 at Jan. 25, 2025, 2:36 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
chooksmagooks
1 month, 3 weeks ago
Selected Answer: C
Terrible question, very flawed.... answer should be Privilege Escalation. None of the answers provided address the question at hand. However, if I'm forced to choose the least incorrect answer, I think it should be persistence. Persistence can take place at any moment within the MITRE ATT&CK framework (e.g., after initial access or following a successful increase in privileges).
upvoted 3 times
...
Leroy_24
2 months ago
Selected Answer: D
Pivoting: in the MITRE ATT&CK framework refers to an attacker gaining access to a higher-privileged account or system after initially compromising a lower-level system. This allows them to access more sensitive information or further compromise the network. In the scenario described, the attacker used a buffer overflow to escalate privileges, which is a classic example of pivoting.
upvoted 2 times
...
Bright07
5 months ago
Selected Answer: C
. Persistence: Persistence refers to maintaining access to a system over time. If an attacker uses a buffer overflow to escalate privileges, it could be an attempt to establish or maintain access to the system after initial exploitation. A file integrity monitoring alert triggered by an escalation indicates the attacker may be attempting to gain elevated privileges to remain in the system and continue the attack. This is closely aligned with the Persistence phase, where the attacker aims to establish a foothold for continued access.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel