An incident responder observes traffic indicating an external server is receiving exfiltrated data from a host within the company's DMZ. This activity seems to be controlled by a command structure that adapts to changing network configurations. To which two consecutive stages of the cyber kill chain does this scenario most accurately correspond?
The correct answer is Command & Control (C2) followed by Exfiltration. In the cyber kill chain, the Command & Control stage is where the attacker maintains remote control over the compromised system to manipulate it based on their objectives. Immediately following this control is the Exfiltration stage, where the attacker begins to move the valuable data out of the victim's network to a location they control. 'Establish Foothold' occurs earlier in the kill chain when the attacker first gains access to the network. 'Weaponization' is part of the preparation phase before the attacker breaches the target.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the cyber kill chain?
Open an interactive chat with Bash
What does Command & Control (C2) mean in cybersecurity?
Open an interactive chat with Bash
Why is the Exfiltration stage significant in a cyber attack?