Cybersecurity - Advanced Threat Protection
An organization wants to detect APT activity by analyzing network logs. Which combination of indicators would best suggest an ongoing APT?
An organization wants to detect APT activity by analyzing network logs. Which combination of indicators would best suggest an ongoing APT?
hard🚀 Application Q8 of 15
Step-by-Step Solution
Solution:
Step 1: Identify typical APT network indicators
APTs often show encrypted outbound data, brute force login attempts, and contact with suspicious domains.Step 2: Exclude normal or unrelated activities
Spam, password resets, or normal backups do not indicate APT presence.Final Answer:
Unusual outbound encrypted traffic, repeated login attempts, and connections to rare domains -> Option AQuick Check:
APT detection = Encrypted traffic + login attempts + rare domains [OK]
Quick Trick: Look for encrypted traffic plus suspicious logins and domains [OK]
Common Mistakes:
MISTAKES- Confusing spam or backups with APT signs
- Ignoring login attempts as irrelevant
- Assuming large downloads always mean attack
Master "Advanced Threat Protection" in Cybersecurity
Want More Practice?
15+ quiz questions · All difficulty levels · Free
Free Signup - Practice All QuestionsMore Cybersecurity Quizzes