CS0-003 Question #595: Real Exam Question with Answer & Explanation

The correct answer is B: Command and control. The command and control phase of the cyber kill chain involves establishing a persistent outbound connection from the compromised system to an external server. The observed suspicious outbound traffic to the same destination indicates the attacker has already compromised the syst

Submitted by devops_kid· Mar 6, 2026Security Operations

Question

After a series of UEBA alerts, a company's SOC observes an extended period of suspicious outbound traffic all with the same destination. Which of the following steps of the cyber kill chain has this attack completed?

Options

AWeaponization
BCommand and control
CReconnaissance
DExploitation

Explanation

The command and control phase of the cyber kill chain involves establishing a persistent outbound connection from the compromised system to an external server. The observed suspicious outbound traffic to the same destination indicates the attacker has already compromised the system and is now maintaining control.

Topics

#Cyber Kill Chain#command and control#UEBA#network traffic analysis

Community Discussion

No community discussion yet for this question.

Full CS0-003 Practice Browse All CS0-003 Questions