CompTIA CySA+ (CS0-003) — Question 497

An analyst finds that an IP address outside of the company network that is being used to run network and vulnerability scans across external-facing assets. Which of the following steps of an attack framework is the analyst witnessing?

Answer options

• A. Exploitation
• B. Reconnaissance
• C. Command and control
• D. Actions on objectives

Correct answer: B

Explanation

The correct answer is B, as reconnaissance involves gathering information about a target, including network and vulnerability assessments. Options A, C, and D represent other phases of an attack framework that occur after the initial reconnaissance phase, focusing on exploitation, establishing control, and achieving specific goals respectively.