Implementing Cisco Cybersecurity Operations (SECOPS, legacy) — Question 1

You see confidential data being exfiltrated to an IP address that is attributed to a known Advanced Persistent Threat group. Assume that this is part of a real attack and not a network misconfiguration. Which category does this event fall under as defined in the Diamond Model of Intrusion?

Answer options

• A. reconnaissance
• B. weaponization
• C. delivery
• D. action on objectives

Correct answer: C

Explanation

The correct answer is C, 'delivery', as this stage involves the transmission of the exploit to the targeted system, which aligns with the observed data exfiltration. Option A, 'reconnaissance', refers to the information-gathering phase, while B, 'weaponization', involves creating a payload. Option D, 'action on objectives', is about achieving the attacker's goals after successfully compromising the target.