I really got laughed when I saw the answer is "segment the network".
Which this solution requires careful design, consideration, and implementation. Which takes time. I don't know how security team can respond to the network by segment it at that time. What kind of network is this?
The keyword is "response to hacker"
A. Warn users of a breach - could be internal users or stakeholders, not a direct response to a hacker
B. Reset all passwords - won't help as the attacker has gained access to a network
C. Segment the network - best option as you don't want attackers to break more systems with gained access
D. Shut down the network - can't afford it as it may affect business operations
Given the urgency and potential damage an attacker can cause, the most effective immediate response is D. Shut down the network.
Shutting down the network can prevent the attacker from moving laterally and causing further harm. This action buys time to assess the situation, contain the breach, and implement necessary security measures, including network segmentation, without the attacker causing additional damage.
While network segmentation is crucial for long-term security, shutting down the network is the most immediate and effective way to stop an active attack.
Segmenting the network is not a practical emergecny response. in all but the smallest of IT enfironments, this kind of thing would need extensivie planning and time to execute. in the end will cause service disruptionss and will allow attaker to move latterly. If rushed re-segmenting the network could crash services. . This is the kind of suggestion from a security professional that would prove to everyone else in IT that the securiy profession knows nothing.
Six ways to prevent Lateral Movement:
• Enforce least privilege access
• Implement zero trust
• Require MFA
• Segment networks
• Keep software up to date
• Privileged Access Management (PAM) solution
You need to contain the threath immediately. Segmenting is not done by a day. So shutdown is the answer. And B is not bad to do but, if he has already a domain admin account. He easily can bypass that.
The most effective response is to kill everything. It might not be the best immediate one for business as it also stops the business, but at least it will stop the hacker.
I see lots of people talk about segmenting the network. That's a preventive measure, not a response. Segmenting the network is done at design, and changing the network architecture takes hours (if not well done at all), or weeks (if properly done).
Option C sounds correct, but segmenting the network after the hacker is already on it may not be effective. Unless you know which part of the network the hacker has accessed, so that you can disconnect that part and segment the network.
The most effective response to a hacker who has already gained access to a network and may attempt to pivot to other resources is to segment the network (option C)
T think it should be B. According to NIST Cybersecurity Framework.
Identify->Protect->Detect->Response->Recovery
A. Warn users of a breach - This is a response to the threat but it's not effective response.
B. Reset all passwords - This is a good response and should be the first step to response hacker to prevent gaining access or lateral movement to other resources in the network.
If the hacker can gain access into the network that means that some credentials were compromised.
C. Segment the network - This should be done in protect state. You have to re-design and re-configure the network diagram and it may take time.
D. Shut down the network - This is a response but if you shut down the network you can't access the network also.
I also agree with B as best option for this scenario.
Because the hacker seems know at least one password. If we force all passwords to be reset, this is an effective and rapid response. But of course not a complete one.
Unplug the network.... but forensic people might not like you for that or what if is a bigger network?. I don't like this question.... am going with "C" but i do believe is a bit too late to VLAN/Segment the network bcs the attacker is already in the network.
But the question is: do you actually have time to segment the network while attack is in progress..? Option C seems to be more in line with the strategy on the long run. However, none of the other options doesn't seem to be viable either. Hope I am not getting this kind of questions during the real exam..
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
oudmaster
Highly Voted 1 year, 11 months agosomkiatr
1 year, 10 months agogeorgegeorge125487
1 year, 3 months agodev46
Highly Voted 2 years, 2 months agojackdryan
1 year, 6 months agostack120566
Most Recent 5 days, 7 hours agostack120566
5 days, 7 hours agoangellorv
1 week, 2 days agoMP26
7 months ago73f8ac3
7 months, 2 weeks agoYesPlease
11 months, 2 weeks agoMShaaban
1 year, 3 months agoBach1968
1 year, 4 months agosomkiatr
1 year, 10 months agooudmaster
1 year, 10 months agoIvanchun
1 year, 11 months agosphenixfire
2 years agofranbarpro
2 years, 1 month agojsnow2258
2 years, 1 month ago