CompTIA CySA+ (CS0-003) — Question 242

Which of the following most accurately describes the Cyber Kill Chain methodology?

Answer options

• A. It is used to correlate events to ascertain the TTPs of an attacker.
• B. It is used to ascertain lateral movements of an attacker, enabling the process to be stopped.
• C. It provides a clear model of how an attacker generally operates during an intrusion and the actions to take at each stage.
• D. It outlines a clear path for determining the relationships between the attacker, the technology used, and the target.

Correct answer: C

Explanation

The correct answer, C, accurately summarizes the Cyber Kill Chain as a structured model that outlines the steps an attacker takes during an attack and the respective actions that can be taken at each step. Options A and B focus on specific aspects of incident response rather than the overall methodology, while option D discusses relationships but does not capture the sequential nature of the attack process as effectively as C does.