An incident responder observes traffic indicating an external server is receiving exfiltrated data from a host within the company's DMZ. This activity seems to be controlled by a command structure that adapts to changing network configurations. To which two consecutive stages of the cyber kill chain does this scenario most accurately correspond?
Establish Foothold and Command & Control (C2)
Command & Control (C2) and Exfiltration
Exfiltration and Actions on Objectives
Weaponization and Delivery