A law firm experienced a breach in which access was gained to a secure server. During an

investigation to determine how the breach occurred, an employee admitted to clicking on a spearphishing

link.

A

security

analyst

reviewed

the

event

logs

and

found

the

following:

$-$

PAM had not been

bypassed.

$-$

DLP did not trigger any

alerts.

$-$

The antivirus was updated to the most current

signatures.

Which

of

the

following

MOST

likely

occurred?

A$.$

Exploitation

B$.$ Exfiltration

C$.$ Privilege escalation

D$.$ Lateral movement