Palo Alto Networks (PANW) Certified Cybersecurity Entry-level Technician (PCCET) Practice Exam

Which behavior does an advanced persistent threat use to elude detection?

• A. Do everything at night, when nobody is monitoring
• B. Rely exclusively on insiders with privileged access
• C. Do everything quickly with scripting so that the effect of the threat is achieved by the time it is detected
• D. Use a low and slow approach to avoid triggering alarms

The correct answer is: Use a low and slow approach to avoid triggering alarms

Advanced persistent threats (APTs) are known for their stealthy and patient approach to achieving their objectives. The tactic of using a "low and slow" strategy is particularly effective in avoiding detection. This involves executing their activities gradually and subtly over an extended period, which minimizes the chance of triggering security alerts or drawing attention to their presence. By operating slowly, APTs can blend in with normal network traffic and behaviors, making it more difficult for security personnel and automated detection systems to identify malicious activities. This approach allows them to gather data, establish footholds within the network, and move laterally without raising alarms. They might execute tasks like data exfiltration or reconnaissance in small, inconspicuous increments instead of in one large, easily detectable operation. This method contrasts with tactics that rely on speed or heavy reliance on insiders, as these are more likely to generate immediate suspicion or alert mechanisms. The subtlety of the low and slow approach effectively enhances the longevity and success rate of APTs in compromising systems and remaining undetected for as long as possible.