CompTIA CySA+ (CS0-003) — Question 338

After a series of UEBA alerts, a company’s SOC observes an extended period of suspicious outbound traffic all with the same destination. Which of the following steps of the cyber kill chain has this attack completed?

Answer options

• A. Weaponization
• B. Command and control
• C. Reconnaissance
• D. Exploitation

Correct answer: B

Explanation

The correct answer is B, Command and control, as the observed suspicious outbound traffic indicates that the attacker is communicating with compromised systems to control them. The other options represent earlier phases in the cyber kill chain, such as Weaponization, Reconnaissance, and Exploitation, which do not involve maintaining communication with the compromised environment.