CompTIA Security+ (SY0-601) — Question 73

During an incident response, an analyst applied rules to all inbound traffic on the border firewall and implemented ACLs on each critical server. Following an investigation, the company realizes it is still vulnerable because outbound traffic is not restricted, and the adversary is able to maintain a presence in the network.
In which of the following stages of the Cyber Kill Chain is the adversary currently operating?

Answer options

• A. Reconnaissance
• B. Command and control
• C. Actions on objective
• D. Exploitation

Correct answer: B

Explanation

The correct answer is B, Command and control, because the adversary needs to maintain communication with compromised systems to execute further actions. The other options do not apply as Reconnaissance involves gathering information, Actions on objective pertains to achieving specific goals after exploitation, and Exploitation refers to the initial breach, which has already occurred.