Which intrusion model describes seven phases: Reconnaissance, Weaponization, Delivery, Exploitation, Installation, C2, and Actions on Objectives?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Prepare for the Security Operations Exam with targeted practice questions. Enhance your understanding with detailed explanations and tips to successfully pass your exam!

Multiple Choice

Which intrusion model describes seven phases: Reconnaissance, Weaponization, Delivery, Exploitation, Installation, C2, and Actions on Objectives?

Explanation:
The seven-phase intrusion sequence described here comes from the Lockheed Martin Kill Chain model. It walks through the attacker’s progression from initial target research to achieving their goals: Reconnaissance (gathering information about the target), Weaponization (pairing a payload with an exploit), Delivery (sending the weaponized package to the target), Exploitation (triggering the exploit to run code), Installation (placing malware to establish a foothold), Command and Control (C2) (establishing a covert channel back to the attacker), and Actions on Objectives (carrying out the attacker’s goals, such as data theft or disruption). This framework is useful because it highlights where defenses can interrupt the attacker at each stage, enabling early detection and containment. MITRE ATT&CK, while extensive, is a database of attacker techniques mapped to tactics and procedures rather than a linear seven-step progression. NIST Incident Response Life Cycle focuses on how to respond after an incident, not the pre-incident intrusion sequence. A generic “seven-phase intrusion model” isn’t a standard named framework the way the Kill Chain is.

The seven-phase intrusion sequence described here comes from the Lockheed Martin Kill Chain model. It walks through the attacker’s progression from initial target research to achieving their goals: Reconnaissance (gathering information about the target), Weaponization (pairing a payload with an exploit), Delivery (sending the weaponized package to the target), Exploitation (triggering the exploit to run code), Installation (placing malware to establish a foothold), Command and Control (C2) (establishing a covert channel back to the attacker), and Actions on Objectives (carrying out the attacker’s goals, such as data theft or disruption). This framework is useful because it highlights where defenses can interrupt the attacker at each stage, enabling early detection and containment.

MITRE ATT&CK, while extensive, is a database of attacker techniques mapped to tactics and procedures rather than a linear seven-step progression. NIST Incident Response Life Cycle focuses on how to respond after an incident, not the pre-incident intrusion sequence. A generic “seven-phase intrusion model” isn’t a standard named framework the way the Kill Chain is.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy