Other organizations similar to your own have been reporting an increase in advanced persistent threat $($APT$)$ attacks. In the reported cases, initial compromise has been through email attachment malware infections exploiting zero$-$day vulnerabilities, which download and install RATs from C&C servers at various locations scattered around the Internet. This is followed by lateral movement of the attackers throughout the organization$$s network. The attackers are using pass$-$the$-$hash techniques to gain administrative credentials; with those, they easily spread from host to host. The director of IT has asked you to prepare recommendations on how best to prepare for such an attack on your own organization$$s network.

$15.$

Which of the following is LEAST likely to help you detect attempted or successful compromise of your organization$$s network?

Scanning computers for indicators of compromise $($IOC$)$ such as file hashes and registry entries, shared by partner organizations that have already suffered attacks.

Reviewing DMZ web server logs for HTTP requests with unusual or unexpected user$-$agent strings.

Reviewing Windows domain controller security logs for anomalous user logon events.

Reviewing perimeter firewall logs for anomalous outbound Internet traffic.