During a security assessment, activities were divided into two phases: internal and external exploitation. The security assessment team set a hard time limit on external activities before moving to a compromised box within the enterprise perimeter. Which of the following methods is the assessment team most likely to employ NEXT?
A) Pivoting from the compromised, moving laterally through the enterprise, and trying to exfiltrate data and compromise devices.
B) Conducting a social engineering attack attempt with the goal of accessing the compromised box physically.
C) Exfiltrating network scans from the compromised box as a precursor to social media reconnaissance
D) Open-source intelligence gathering to identify the network perimeter and scope to enable further system compromises.

Question

During a security assessment, activities were divided into two phases: internal and external exploitation. The security assessment team set a hard time limit on external activities before moving to a compromised box within the enterprise perimeter. Which of the following methods is the assessment team most likely to employ NEXT?
A) Pivoting from the compromised, moving laterally through the enterprise, and trying to exfiltrate data and compromise devices.
B) Conducting a social engineering attack attempt with the goal of accessing the compromised box physically.  
C) Exfiltrating network scans from the compromised box as a precursor to social media reconnaissance
D) Open-source intelligence gathering to identify the network perimeter and scope to enable further system compromises.

Quizplus · Accepted Answer

The team is likely to pivot from the compromised box, move laterally through the enterprise, and attempt to exfiltrate data and compromise additional devices, as this is a common next step after gaining an initial foothold within a network.

During a Security Assessment, Activities Were Divided into Two Phases