Name a common cyber threat actor and a typical tactic they employ.

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the AFSC Cyberspace Operations Officer Exam. Engage with detailed questions and explanations to enhance your understanding and improve your exam readiness. Pass with confidence!

Multiple Choice

Name a common cyber threat actor and a typical tactic they employ.

Explanation:
Advanced Persistent Threat groups are organized, patient attackers that aim to stay inside a target’s network for extended periods, often backed by nation-states or large criminal enterprises. A typical tactic they use is spear-phishing to gain initial access, paired with credential harvesting to acquire valid logins. Spear-phishing targets specific individuals within an organization, using personalized emails, messages, or attachments that appear trustworthy. The goal is to trick the recipient into clicking a link or opening a file that delivers malware or prompts for credentials. Because the messages are tailored, they’re more convincing and harder to spot than generic phishing. Credential harvesting then takes any obtained login information and uses it to access systems from legitimate accounts. Once attackers have valid credentials, they can move through the network with reduced friction, escalate privileges, and establish a long-term foothold without triggering obvious alarms. Other actors and tactics described in the other choices exist in the threat landscape, but they don’t capture the combination of a organized, persistent actor and the go-to initial access technique that spear-phishing and credential harvesting represent for these groups.

Advanced Persistent Threat groups are organized, patient attackers that aim to stay inside a target’s network for extended periods, often backed by nation-states or large criminal enterprises. A typical tactic they use is spear-phishing to gain initial access, paired with credential harvesting to acquire valid logins.

Spear-phishing targets specific individuals within an organization, using personalized emails, messages, or attachments that appear trustworthy. The goal is to trick the recipient into clicking a link or opening a file that delivers malware or prompts for credentials. Because the messages are tailored, they’re more convincing and harder to spot than generic phishing.

Credential harvesting then takes any obtained login information and uses it to access systems from legitimate accounts. Once attackers have valid credentials, they can move through the network with reduced friction, escalate privileges, and establish a long-term foothold without triggering obvious alarms.

Other actors and tactics described in the other choices exist in the threat landscape, but they don’t capture the combination of a organized, persistent actor and the go-to initial access technique that spear-phishing and credential harvesting represent for these groups.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy