Exam PCDRA topic 1 question 36 discussion

Kernel exploits are harder to prevent and is their ultimate goal for further control of an endpoint.

Kernel is the goal.

It's clearly stated in Beacon > Cortex XDR 3: Getting Started with Endpoint Protection > Cortex XDR 3: Exploit Protection > Application Exploit Prevention > Application Exploits and Kernel Exploits https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/2394329/original/index.html?_courseId=905962#/page/612c6346db387a0de433778d

I think it is A, only because the other answers feel wrong but I can't find definite reason why A is right

The attacker's ultimate goal is to reach the kernel because if he reaches the kernel, he can do anything he wants and to execute something he will not need privileged access. There are many mitigation techniques with Application Exploits but not many for the kernel.

C, From https://beacon.paloaltonetworks.com

I vote A because exploit does NOT nead to reach the kernel. So not C. Kernel exploits are really hard to defend against as it's the very root of the OS. So not B. Definitively not D. So remains an A. So how can I explain that it is A? I would say with this circle that Palo Alto commonly spreads on the internet: https://www.paloaltonetworks.co.uk/research/apac-ondemand-webinar-2016-how-to-complete-the-security-puzzle-with-wildfire-and-traps Usually they say if we can interrupt one part of the exploit the chain will be broken. So in the center we got the application of an exploit permitted. Hence why I vote A. Ultimate goal of an exploit is to reach application.

Regarding to this page https://www.csoonline.com/article/571799/exploit-chains-explained-how-and-why-attackers-target-multiple-vulnerabilities.html “The goal with exploit chain attacks is to gain kernel/root/system level access to compromise a system in order to execute an attack,” he answer is C

Exploit Protection Overview An exploit is a sequence of commands that takes advantage of a bug or vulnerability in a software application or process. Attackers use these exploits to access and use a system to their advantage. Blocking any attempt to exploit a vulnerability in the chain will block the entire exploitation attempt. https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Prevent-Administrator-Guide/Endpoint-Protection

C should be right.