题目
题目

Introduction to Security and Forensic Technologies (052025-MHH) Case study: Office 365 - A Favorite for Cyberattack Persistence (IAM)

多重下拉选择题

Question 1: Threat actors exploit Blank 1 Question 16[select: , Office 365, eDiscovery, OAuth, Power Automate] to launch cyberattacks on remote workers during the COVID-19 pandemic. Question 2: Attackers exploit three key features of Office 365 to perform a variety of attacks: Blank 2 Question 16[select: , Office 365, eDiscovery, OAuth, Power Automate] , Power Automate, and OAuth. Question 3: Blank 3 Question 16[select: , Office 365, eDiscovery, OAuth, Power Automate] is an open standard for access authentication used in Office 365 that attackers exploit to maintain persistent and undetected access to accounts. Question 4: Blank 4 Question 16[select: , Office 365, eDiscovery, OAuth, Power Automate] is a feature in Office 365 that lets users create custom integrations and automated workflows between applications, and is exploited by attackers for command and control and lateral movement in cyberattacks.

查看解析

查看解析

标准答案
Please login to view
思路分析
Question analysis begins by identifying what each blank is asking for and which option best fits that blank. Blank 1 options: Office 365, eDiscovery, OAuth, Power Automate - Office 365: The statement says threat actors exploit Blank 1 to launch cyberattacks on remote workers during the COVID-19 pandemic. Using the platform itself (Office 365) as the initial attack surface makes sense because attackers often target cloud-enabled work environments and tenant configurations to gain access to accounts and services used by remote workers. This framing aligns with a broad platform-based attack surface where attackers abuse legitimate services. - eDiscovery: This feature is primarily a data-search tool within Office 365 used for e-discovery processes. While it has security implications, it is not commonly described as the initial vector attackers exploit to launch attacks on remote workers. - OAuth: OAuth is an open authentication standard that attackers might abuse to gain access tokens, but in the context of the blank as a launcher for cyberattacks against remote workers during the pandemic, the que......Login to view full explanation

登录即可查看完整答案

我们收录了全球超50000道考试原题与详细解析,现在登录,立即获得答案。

类似问题

An MIS professional is tasked with evaluating the security risks of a new cloud-based software system. They need to find comprehensive information on industry best practices for cloud security, relevant regulatory compliance standards, and potential vulnerabilities specific to the chosen software. Which combination of resources would be most effective for this research?

An Amazon EC2 security group cannot filter based on which of the following? [1 Mark]

What involves applications such as anti-virus software delivered over the Internet with constant virus definitions updates that are not reliant on user compliance?

Which service enables you to review the security of your Amazon S3 buckets by checking for open access permissions?

更多留学生实用工具

加入我们,立即解锁 海量真题独家解析,让复习快人一步!