200-201 · Question #510
200-201 Question #510: Real Exam Question with Answer & Explanation
The correct answer is C: installation. In the Cyber Kill Chain framework, the installation phase occurs when the attacker establishes persistence by deploying malicious files or code onto the victim’s system. - The malicious file was detected by a malware scanner while attempting to execute commands. - Analysis showed
Question
An engineer received a ticket to investigate a potentially malicious file detected by a malware scanner that was trying to execute multiple commands. During the initial review, the engineer discovered that the file was created two days prior. Further analyses show that the file was downloaded from a known malicious domain after a successful phishing attempt on an asset owner. At which phase of the Cyber Kill Chain was this attack mitigated?
Options
- Areconnaissance
- Bexploitation
- Cinstallation
- Ddelivery
Explanation
In the Cyber Kill Chain framework, the installation phase occurs when the attacker establishes persistence by deploying malicious files or code onto the victim’s system. - The malicious file was detected by a malware scanner while attempting to execute commands. - Analysis showed that the file was downloaded after a phishing attack, indicating that the initial delivery was successful. - Because the malware was detected before execution, the attack was mitigated at the installation phase, preventing further exploitation and command execution.
Topics
Community Discussion
No community discussion yet for this question.