312-50V13 Question #518: Real Exam Question with Answer & Explanation

Question

A cyber attacker has initiated a series of activities against a high-profile organization following the Cyber Kill Chain Methodology. The attacker is presently in the "Delivery" stage. As an Ethical Hacker, you are trying to anticipate the adversary's next move. What is the most probable subsequent action from the attacker based on the Cyber Kill Chain Methodology?

Options

• AThe attacker will attempt to escalate privileges to gain complete control of the compromised
• BThe attacker will exploit the malicious payload delivered to the target organization and establish a
• CThe attacker will initiate an active connection to the target system to gather more data.
• DThe attacker will start reconnaissance to gather as much information as possible about the target.

Explanation

According to the Cyber Kill Chain Methodology, after the 'Delivery' stage, where a malicious payload is transmitted, the most probable next action for the attacker is 'Exploitation,' followed by establishing a foothold on the target system.

Common mistakes.

• A. Privilege escalation typically occurs later in the kill chain, during the 'Actions on Objectives' phase, after initial access and a foothold have been established.
• C. Initiating an active connection to gather more data or control the system falls under 'Command and Control' or 'Actions on Objectives,' which occur after successful exploitation and installation.
• D. Reconnaissance is the very first stage of the Cyber Kill Chain, occurring long before the 'Delivery' stage.

Concept tested. Cyber Kill Chain stages

Reference. https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html

No community discussion yet for this question.