CompTIA CySA+ CS0-003 Practice Question
An incident responder observes traffic indicating an external server is receiving exfiltrated data from a host within the company's DMZ. This activity seems to be controlled by a command structure that adapts to changing network configurations. To which two consecutive stages of the cyber kill chain does this scenario most accurately correspond?
Exfiltration and Actions on Objectives
Weaponization and Delivery
Establish Foothold and Command & Control (C2)
Command & Control (C2) and Exfiltration