CompTIA CySA+ CS0-003 Practice Question
An incident responder observes traffic indicating an external server is receiving exfiltrated data from a host within the company's DMZ. This activity seems to be controlled by a command structure that adapts to changing network configurations. To which two consecutive stages of the cyber kill chain does this scenario most accurately correspond?
Command & Control (C2) and Exfiltration
Weaponization and Delivery
Exfiltration and Actions on Objectives
Establish Foothold and Command & Control (C2)