Which phase immediately follows Installation in Lockheed Martin's Cyber Kill Chain?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the SANS Advanced Incident Response exam. Boost your skills with flashcards and multiple-choice questions, featuring hints and explanations. Ace your exam faster!

Multiple Choice

Which phase immediately follows Installation in Lockheed Martin's Cyber Kill Chain?

Explanation:
The phase immediately after Installation is Command and Control. Once the malware is installed on the target system, it needs a remote channel to reach back to the attacker, receive instructions, report status, and exfiltrate data. Establishing this C2 channel enables the attacker to control the infected host and coordinate actions across the network. Delivery and Exploitation occur earlier in the chain—Delivery brings the payload to the target, and Exploitation triggers the vulnerability or user action that allows the payload to run. Therefore they are not the steps that follow Installation. After Command and Control, the attacker typically proceeds to Actions on Objectives, but the immediate successor to Installation is the establishment of the C2 channel.

The phase immediately after Installation is Command and Control. Once the malware is installed on the target system, it needs a remote channel to reach back to the attacker, receive instructions, report status, and exfiltrate data. Establishing this C2 channel enables the attacker to control the infected host and coordinate actions across the network.

Delivery and Exploitation occur earlier in the chain—Delivery brings the payload to the target, and Exploitation triggers the vulnerability or user action that allows the payload to run. Therefore they are not the steps that follow Installation. After Command and Control, the attacker typically proceeds to Actions on Objectives, but the immediate successor to Installation is the establishment of the C2 channel.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy