An incident responder observes traffic indicating an external server is receiving exfiltrated data from a host within the company's DMZ. This activity seems to be controlled by a command structure that adapts to changing network configurations. To which two consecutive stages of the cyber kill chain does this scenario most accurately correspond?
Exfiltration and Actions on Objectives
Establish Foothold and Command & Control (C2)
Weaponization and Delivery
Command & Control (C2) and Exfiltration