Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) — Question 167

A security engineer notices confidential data being exfiltrated to a domain `Ransome4144-mware73-978` address that is attributed to a known advanced persistent threat group. The engineer discovers that the activity is part of a real attack and not a network misconfiguration. Which category does this event fall under as defined in the Cyber Kill Chain?

Answer options

• A. reconnaissance
• B. delivery
• C. action on objectives
• D. weaponization

Correct answer: C

Explanation

The correct answer is C, as the event signifies the attackers executing their goals by exfiltrating confidential data, which aligns with the 'action on objectives' phase. The other options represent earlier stages of the Cyber Kill Chain that do not involve the actual execution of an attack on the target's objectives.