nerdexam
Cisco

210-255 · Question #23

You see confidential data being exfiltrated to an IP address that is attributed to a known Advanced Persistent Threat group. Assume that this is part of a real attach and not a network misconfiguratio

The correct answer is D. action on objectives. Data exfiltration to a known threat actor's IP address represents the 'Actions on Objectives' phase, where the attacker fulfills their ultimate mission goal.

Attack Methods

Question

You see confidential data being exfiltrated to an IP address that is attributed to a known Advanced Persistent Threat group. Assume that this is part of a real attach and not a network misconfiguration. Which category does this event fall under as defined in the Diamond Model of Intrusion?

Options

  • Areconnaissance
  • Bweaponization
  • Cdelivery
  • Daction on objectives

How the community answered

(35 responses)
  • A
    3% (1)
  • B
    6% (2)
  • C
    14% (5)
  • D
    77% (27)

Why each option

Data exfiltration to a known threat actor's IP address represents the 'Actions on Objectives' phase, where the attacker fulfills their ultimate mission goal.

Areconnaissance

Reconnaissance is an early-stage activity focused on passive or active information gathering about the target, not the live transmission of stolen data to an external IP.

Bweaponization

Weaponization involves crafting or modifying a payload or exploit tool, which occurs well before any active intrusion against the target environment.

Cdelivery

Delivery refers to the mechanism used to transmit the weapon to the victim - such as a phishing email or malicious link - not the final exfiltration stage.

Daction on objectivesCorrect

In the Cyber Kill Chain framework, 'Actions on Objectives' is the final phase where the attacker completes their intended mission, which commonly includes exfiltrating confidential data to an external system. Seeing data leave the network toward an APT-attributed IP confirms the attacker has successfully traversed all prior kill chain stages and is now executing their end goal. Note that while the question references the Diamond Model, the listed choices correspond to Cyber Kill Chain phases - 'Actions on Objectives' correctly categorizes active exfiltration regardless of this labeling discrepancy.

Concept tested: Cyber Kill Chain actions on objectives phase classification

Source: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html

Topics

#Diamond Model#APT#data exfiltration#action on objectives

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice