312-50V11 · Question #924
At what stage of the cyber kill chain theory model does data exfiltration occur?
The correct answer is A. Actions on objectives. Data exfiltration occurs in the final stage of the Cyber Kill Chain, 'Actions on Objectives,' where the attacker completes their goal after gaining full access to the target environment.
Question
At what stage of the cyber kill chain theory model does data exfiltration occur?
Options
- AActions on objectives
- BWeaponization
- Cinstallation
- DCommand and control
How the community answered
(47 responses)- A87% (41)
- B6% (3)
- C4% (2)
- D2% (1)
Why each option
Data exfiltration occurs in the final stage of the Cyber Kill Chain, 'Actions on Objectives,' where the attacker completes their goal after gaining full access to the target environment.
In the Lockheed Martin Cyber Kill Chain model, 'Actions on Objectives' is the seventh and final stage where the attacker executes their intended goal - this includes data exfiltration, data destruction, encryption for ransom, or lateral movement. It only occurs after all prior stages (reconnaissance through C2) have been successfully completed.
Weaponization is the second stage where the attacker creates a deliverable payload (e.g., coupling an exploit with a backdoor), not where data is stolen.
Installation is the fifth stage where a remote access tool or backdoor is installed on the victim system to maintain persistence, not where data exfiltration occurs.
Command and Control (C2) is the sixth stage where the attacker establishes a communication channel to remotely control the compromised system, not where data is extracted.
Concept tested: Cyber Kill Chain stages and data exfiltration
Source: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
Topics
Community Discussion
No community discussion yet for this question.