Chapter 3 - Understanding Incident Analysis

Question 1

List the seven phases in the Cyber Kill Chain in order.

Answer 1

Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command-and-Control, Actions on Objectives

Question 2

Which phase do threat actors gather and review available information (gained passively or actively) on a potential target organization.

Answer 2

Reconnaissance

Question 3

In which phase is the development of a program with pre-determined objectives based on the reconnaissance phase. IE Building or preparing an exploit

Answer 3

Weaponization

Question 4

What phase does the transmission of the payload (exploit) to the target take place? IE Email, phishing, USB

Answer 4

Delivery

Question 5

In what phase describes what occurs once the malicious code is executed? Typical weaknesses are applications, OS vulnerabilities, and users

Answer 5

Exploitation

Question 6

Which phase describes actions taken by the threat actor to establish a back door into the system? Also known as the persistence phase.

Answer 6

Installation

Question 7

In what phase does the exploited host beacon out to an Internet controller to establish a communications channel?

Answer 7

Command-and-control

Question 8

In what phase has the threat actor reached the final step of the original objective? This may include intellectual property theft, corporate data theft, DoS traffic, etc.

Answer 8

Actions on objectives

Question 9

Name the four nodes in the Diamond Model framework.

Answer 9

Adversary, Capability, Victim, Infrastructure