CompTIA CySA+ (CS0-003) — Question 140
An analyst discovers unusual outbound connections to an IP that was previously blocked at the web proxy and firewall. Upon further investigation, it appears that the proxy and firewall rules that were in place were removed by a service account that is not recognized. Which of the following parts of the Cyber Kill Chain does this describe?
Answer options
- A. Delivery
- B. Command and control
- C. Reconnaissance
- D. Weaponization
Correct answer: B
Explanation
This situation illustrates the Command and Control phase of the Cyber Kill Chain, as it involves an attacker gaining unauthorized access to manipulate network controls for communication. The other options, such as Delivery, Reconnaissance, and Weaponization, do not pertain to the active management of established connections like this scenario does.