Chapter 3 - Understanding Incident Analysis Flashcards

1
Q

List the seven phases in the Cyber Kill Chain in order.

A

Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command-and-Control, Actions on Objectives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which phase do threat actors gather and review available information (gained passively or actively) on a potential target organization.

A

Reconnaissance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

In which phase is the development of a program with pre-determined objectives based on the reconnaissance phase. IE Building or preparing an exploit

A

Weaponization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What phase does the transmission of the payload (exploit) to the target take place? IE Email, phishing, USB

A

Delivery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

In what phase describes what occurs once the malicious code is executed? Typical weaknesses are applications, OS vulnerabilities, and users

A

Exploitation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which phase describes actions taken by the threat actor to establish a back door into the system? Also known as the persistence phase.

A

Installation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

In what phase does the exploited host beacon out to an Internet controller to establish a communications channel?

A

Command-and-control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

In what phase has the threat actor reached the final step of the original objective? This may include intellectual property theft, corporate data theft, DoS traffic, etc.

A

Actions on objectives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Name the four nodes in the Diamond Model framework.

A

Adversary, Capability, Victim, Infrastructure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly