What is causing the lack of data visibility needed to detect the attack?

An employee reports that someone has logged into their system and made unapproved changes, files are out of order, and several documents have been placed in the recycle bin. The security specialist reviewed the system logs, found nothing suspicious, and was not able to determine what occurred. The software is up to date; there are no alerts from antivirus and no failed login attempts.

What is causing the lack of data visibility needed to detect the attack?
A . The threat actor used a dictionary-based password attack to obtain credentials.
B . The threat actor gained access to the system by known credentials.
C . The threat actor used the teardrop technique to confuse and crash login services.
D . The threat actor used an unknown vulnerability of the operating system that went undetected.

Answer: B

Explanation:

The lack of data visibility needed to detect the attack is caused by the threat actor gaining access to the system by known credentials. This means that the threat actor either obtained the employee’s username and password through phishing, social engineering, or other means, or used a compromised account that had legitimate access to the system. This would explain why there were no suspicious logs, alerts, or failed login attempts, as the threat actor appeared to be a normal user.

Reference: https://learningnetworkstore.cisco.com/on-demand-e-learning/understanding-cisco-cybersecurity-operations-fundamentals-cbrops-v1-0/CSCU-LP-CBROPS-V1-028093.html (Module 2, Lesson 2.1.2)

Latest 200-201 Dumps Valid Version with 154 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments