During an assessment, an organization uses an advanced detection system with behavioral analytics. Which technique allows an assessor to operate while staying less noticeable to the system?
Flood the analytics service with multiple login attempts
Remove the detection system using a known exploit
Deploy a customized Trojan that performs a direct port scan from inside
Use standard administrative utilities that align with normal workflows
Blending in with normal processes by using common utilities and typical traffic patterns is usually not flagged as unusual. Approaches such as flooding the system with logins or removing the detection system often raise immediate suspicions and actions. Using a customized Trojan can also generate warnings as it introduces unrecognized binaries and suspicious behaviors.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are behavioral analytics in security systems?
Open an interactive chat with Bash
Why is using standard administrative utilities less noticeable to detection systems?
Open an interactive chat with Bash
What are the limitations of flooding and removing detection systems?