"C" is correct
Here are the steps of the Kill Chain Model.
The example are in the context of the question
1) Reconnaissance - identified vulnerabilities
2) Weaponization - prepare (in lab) the weapon, for example a file with malware code.
3) Delivery - transmit the file (e-mail, website, etc)
4) Exploitation - trigger the weapon (execute the code), exploiting the vulnerability
5) Installation - the weapon installs a backdoor (server)
6) Command and control (C2 or CnC) - connection to the treat actor
7) Actions on objectives - do the job (stealing information, for example)
The correct answer is C. Exploitation, as it refers to the process of taking advantage of a weakness in a system or application in order to carry out some sort of malicious activity.
Here's why the other options are incorrect:
A. Action on objectives refers to the specific goals and objectives that an attacker is trying to achieve through their attack. For example, an attacker's objective might be to steal sensitive data, disrupt normal operations, or install malware on a target system.
B. Delivery refers to the method by which an attacker delivers their attack payload (such as malware or other malicious code) to the target system. This might involve phishing emails, drive-by downloads, or other types of social engineering tactics.
D. Installation refers to the process of actually installing the malicious payload onto the target system. This step in the attack process may involve running a malicious program or script, or modifying existing system files to enable continued access for the attacker.
Here are the steps of the Kill Chain Model. The example are in the context of the question
1) Reconnaissance - identified vulnerabilities
2) Weaponization - prepare (in lab) the weapon, for example a file with malware code.
3) Delivery - transmit the file (e-mail, website, etc)
4) Exploitation - trigger the weapon (execute the code), exploiting the vulnerability 5) Installation - the weapon installs a backdoor (server)
6) Command and control (C2 or CnC) - connection to the treat actor
7) Actions on objectives - do the job (stealing information, for example)
Reconnaissance: Intruder selects target, researches it, and attempts to identify vulnerabilities in the target network.
Weaponization: Intruder creates remote access malware weapon, such as a virus or worm, tailored to one or more vulnerabilities.
Delivery: Intruder transmits weapon to target (e.g., via e-mail attachments, websites or USB drives)
Exploitation: Malware weapon's program code triggers, which takes action on target network to exploit vulnerability.
Installation: Malware weapon installs access point (e.g., "backdoor") usable by intruder.
Command and Control: Malware enables intruder to have "hands on the keyboard" persistent access to target network.
Actions on Objective: Intruder takes action to achieve their goals, such as data exfiltration, data destruction, or encryption for ransom.
(source: https://en.wikipedia.org/wiki/Kill_chain)
So C is the right answer
upvoted 2 times
...
This section is not available anymore. Please use the main Exam Page.200-201 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
anonymous1966
Highly Voted 8 months, 1 week agodrdecker100
Most Recent 8 months agokenprewitt
11 months, 2 weeks agomsg01
1 year, 6 months agoPrettyMs
1 year, 6 months agoAhmedAbdalla
1 year, 7 months agochantips
1 year, 10 months agohalamah
3 years, 6 months agoLeo_Visser
3 years, 11 months ago