An attacker has obtained the user ID and password of a datacenter’s backup operator and has gained access to a production system.
Which of the following would be the attacker’s NEXT action?
A . Perform a passive reconnaissance of the network.
B . Initiate a confidential data exfiltration process.
C . Look for known vulnerabilities to escalate privileges.
D . Create an alternate user ID to maintain persistent access.
Answer: B