An incident responder observes traffic indicating an external server is receiving exfiltrated data from a host within the company's DMZ. This activity seems to be controlled by a command structure that adapts to changing network configurations. To which two consecutive stages of the cyber kill chain does this scenario most accurately correspond?
Weaponization and Delivery
Exfiltration and Actions on Objectives
Establish Foothold and Command & Control (C2)
Command & Control (C2) and Exfiltration
|Incident Response and Management
|Reporting and Communication