An advanced threat emulation engineer is conducting testing against a client's network.
The engineer conducts the testing in as realistic a manner as possible.
Consequently, the engineer has been gradually ramping up the volume of attacks over a long period of time.
Which of the following combinations of techniques would the engineer MOST likely use in this testing? (Choose three.)
Click on the arrows to vote for the correct answer
A. B. C. D. E. F. G.AEF.
The advanced threat emulation engineer is conducting realistic testing against the client's network, gradually ramping up the volume of attacks over a long period of time. This approach allows the engineer to mimic the behavior of an actual attacker, and test the network's defenses against a range of attacks.
Based on this scenario, the engineer would most likely use the following techniques:
Black box testing: In black box testing, the engineer has no prior knowledge of the internal workings of the network, and attempts to identify vulnerabilities and attack surfaces by simulating the behavior of a real attacker. This approach is useful in mimicking the external threat landscape, and allows the engineer to identify weaknesses that might be exploited by an attacker with no prior knowledge of the network.
Gray box testing: Gray box testing is a hybrid approach that combines elements of both black box and white box testing. In this case, the engineer has some knowledge of the internal workings of the network, but not the full extent of it. This approach is useful for identifying vulnerabilities and weaknesses that are not immediately visible from an external perspective.
Vulnerability assessment: Vulnerability assessment involves using automated tools to scan the network for known vulnerabilities and weaknesses. This approach is useful in identifying common vulnerabilities that might be present in the network, such as outdated software or misconfigured systems.
In addition to these techniques, the engineer might also use other approaches such as code review, social engineering, and pivoting. Code review involves examining the network's source code for vulnerabilities, while social engineering involves attempting to trick employees into divulging sensitive information. Pivoting involves using compromised systems as a springboard to attack other systems within the network.
The engineer would not use self-assessment or external auditing, as these approaches are not suitable for testing the network's defenses against realistic attacks. Self-assessment involves the organization assessing its own security posture, while external auditing involves an independent third party assessing the organization's security posture. Neither of these approaches involves simulating the behavior of a real attacker.
Finally, white teaming involves a collaborative approach where a team of engineers works with the organization to identify and mitigate vulnerabilities in the network. While this approach can be effective in improving the organization's security posture, it is not suitable for the specific scenario described in the question.