Cisco
210-255 · Question #23
210-255 Question #23: Real Exam Question with Answer & Explanation
The correct answer is D: action on objectives. Data exfiltration to a known threat actor's IP address represents the 'Actions on Objectives' phase, where the attacker fulfills their ultimate mission goal.
Question
You see confidential data being exfiltrated to an IP address that is attributed to a known Advanced Persistent Threat group. Assume that this is part of a real attach and not a network misconfiguration. Which category does this event fall under as defined in the Diamond Model of Intrusion?
Options
- Areconnaissance
- Bweaponization
- Cdelivery
- Daction on objectives
Explanation
Data exfiltration to a known threat actor's IP address represents the 'Actions on Objectives' phase, where the attacker fulfills their ultimate mission goal.
Common mistakes.
- A. Reconnaissance is an early-stage activity focused on passive or active information gathering about the target, not the live transmission of stolen data to an external IP.
- B. Weaponization involves crafting or modifying a payload or exploit tool, which occurs well before any active intrusion against the target environment.
- C. Delivery refers to the mechanism used to transmit the weapon to the victim - such as a phishing email or malicious link - not the final exfiltration stage.
Concept tested. Cyber Kill Chain actions on objectives phase classification
Reference. https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
Community Discussion
No community discussion yet for this question.