CompTIA CASP+ Practice Test

What type of attack should the incident mitigation plan focus on after the recent security incident?

• A. Network sniffing
• B. Privilege escalation
• C. DDoS attack
• D. Password cracking

The correct answer is: Privilege escalation

Focusing on privilege escalation in the incident mitigation plan is crucial after a security incident because such attacks can significantly compromise the integrity of a system. Privilege escalation occurs when an attacker gains elevated access to resources that are normally protected from the user. If this type of attack was involved in the security incident, it indicates that the attacker may have exploited a vulnerability or misconfiguration to gain higher access rights, which could lead to further exploitation or exfiltration of sensitive data. Mitigating future risks requires understanding how the escalation occurred, fixing any vulnerabilities in the permission settings, and implementing stricter access controls. This could involve patch management, implementing the principle of least privilege, monitoring user activities through more stringent logging, and conducting regular audits of user permissions. By addressing the root cause of privilege escalation, organizations can enhance their security posture and reduce the likelihood of similar incidents occurring in the future. The other types of attacks, while also significant, may not directly relate to the immediate consequences of the recent incident or its root cause. Network sniffing, DDoS attacks, and password cracking fall under different attack vectors that may not necessarily be linked to privilege escalation as a particular attack vector that needs urgent attention in the mitigation plan.