Q1
Q2
Which two statements are true regarding the command-and-control (CnC) phase in the cyber kill
chain model? (Choose two.)
a. CnC is the process of the external threat actor beaconing inbound connec on to secure
servers or hosts in an organiza on to establish a communica on channel.
b. CnC is the process of the exploited hosts beaconing outbound or out of the network to an
Internet-based controller to establish a communica ons channel.
c. Once CnC is established with the exploited target, threat actors have access to the target
system and ul mately the en re network itself.
d. APT malware and most other forms of implants do not require manual interac on with the
target to begin the process of data exfiltra on or other reconnaissance ac ons that are
external to the outside network.
, Q3
Which two statements are true regarding the reconnaissance phase in the cyber kill chain model?
(Choose two.)
a. External to the network, threat actors review available informa on and resources about your
organiza on and public-facing network assets.
b. Poten al targets are selected when they are considered to be rela vely protected and
guarded.
c. Company websites, news ar cles, and social media can be used to develop a list of poten al
targets of network infiltra on vectors.
d. During the reconnaissance phase, threat actors will randomly select the target network.
Q4
Which two statements are true regarding the exploita on phase in the cyber kill chain model?
(Choose two.)
a. Selec on of the exploit is not important in the exploita on phase.
b. The exploita on phase describes what occurs once the malicious code is executed before the
weapon delivery.
c. Threat actors commonly exploit or target one of three cri cal weaknesses in the defensive
posture: an applica on, an opera ng system vulnerability, or the users.
d. When the exploit is conducted, the a acker “breaks” the vulnerability to gain control of the
machine.
Q5
Which two statements are true regarding the installa on or persistence phase in the cyber kill chain
model? (Choose two.)
a. This phase does not survive the system re-boots and the a ack needs to be ini ated again.
b. Sustained access generally provides the threat actor a way to access the system whenever
desired without aler ng the system users or network defenders.
c. Although the threat actor creates successful opera ons against the targeted host, individual
or network, the a ack cannot extend over a prolonged length of me.
d. The installa on phase (or persistence phase) describes ac ons taken by the threat actor to
establish a back door onto the targeted system.
Q2
Which two statements are true regarding the command-and-control (CnC) phase in the cyber kill
chain model? (Choose two.)
a. CnC is the process of the external threat actor beaconing inbound connec on to secure
servers or hosts in an organiza on to establish a communica on channel.
b. CnC is the process of the exploited hosts beaconing outbound or out of the network to an
Internet-based controller to establish a communica ons channel.
c. Once CnC is established with the exploited target, threat actors have access to the target
system and ul mately the en re network itself.
d. APT malware and most other forms of implants do not require manual interac on with the
target to begin the process of data exfiltra on or other reconnaissance ac ons that are
external to the outside network.
, Q3
Which two statements are true regarding the reconnaissance phase in the cyber kill chain model?
(Choose two.)
a. External to the network, threat actors review available informa on and resources about your
organiza on and public-facing network assets.
b. Poten al targets are selected when they are considered to be rela vely protected and
guarded.
c. Company websites, news ar cles, and social media can be used to develop a list of poten al
targets of network infiltra on vectors.
d. During the reconnaissance phase, threat actors will randomly select the target network.
Q4
Which two statements are true regarding the exploita on phase in the cyber kill chain model?
(Choose two.)
a. Selec on of the exploit is not important in the exploita on phase.
b. The exploita on phase describes what occurs once the malicious code is executed before the
weapon delivery.
c. Threat actors commonly exploit or target one of three cri cal weaknesses in the defensive
posture: an applica on, an opera ng system vulnerability, or the users.
d. When the exploit is conducted, the a acker “breaks” the vulnerability to gain control of the
machine.
Q5
Which two statements are true regarding the installa on or persistence phase in the cyber kill chain
model? (Choose two.)
a. This phase does not survive the system re-boots and the a ack needs to be ini ated again.
b. Sustained access generally provides the threat actor a way to access the system whenever
desired without aler ng the system users or network defenders.
c. Although the threat actor creates successful opera ons against the targeted host, individual
or network, the a ack cannot extend over a prolonged length of me.
d. The installa on phase (or persistence phase) describes ac ons taken by the threat actor to
establish a back door onto the targeted system.
