The correct answer is A, Long dwell time. In CEH security operations and threat-detection concepts, an Advanced Persistent Threat, or APT, is characterized by advanced techniques, persistence, stealth, and a long-term objective. CEH-related material describes an APT as a continuous process of stealing information, often focused on private organizations or political motives, and explains that “persistent” involves continuous monitoring and data fetching from a target. It also lists APT criteria such as timeliness, meaning time spent probing and accessing the target, and risk tolerance, meaning the ability to remain undetected. Long dwell time means the attacker remains inside the environment for an extended period before detection, often performing internal reconnaissance, privilege escalation, lateral movement, credential theft, persistence, and quiet data exfiltration. Malware spam is usually broad and noisy, a one-time exploit lacks persistence, and brute force is only a technique. Therefore, long dwell time best indicates APT behavior.