Implementing Cisco Cybersecurity Operations (SECOPS, legacy) — Question 6

You see 100 HTTP GET and POST requests for various pages on one of your webservers. The user agent in the requests contain php code that, if executed, creates and writes to a new php file on the webserver. Which category does this event fall under as defined in the Diamond Model of Intrusion?

Answer options

• A. delivery
• B. reconnaissance
• C. action on objectives
• D. installation
• E. exploitation

Correct answer: D

Explanation

The correct answer is D, installation, because the event involves creating and writing to a new PHP file, which indicates that the malicious code is being installed on the server. The other options are incorrect as delivery refers to the transmission of malicious payloads, reconnaissance is about gathering information, action on objectives relates to achieving the attacker's goals, and exploitation involves taking advantage of vulnerabilities, not necessarily installing code.