Which of the following steps of an attack framework is the analyst witnessing?

An analyst finds that an IP address outside of the company network that is being used to run network and vulnerability scans across external-facing assets.

Which of the following steps of an attack framework is the analyst witnessing?
A . Exploitation
B . Reconnaissance
C . Command and control
D . Actions on objectives

View Answer

Answer: B

Explanation:

Reconnaissance is the first stage in the Cyber Kill Chain and involves researching potential targets before carrying out any penetration testing. The reconnaissance stage may include identifying potential targets, finding their vulnerabilities, discovering which third parties are connected to them (and what data they can access), and exploring existing entry points as well as finding new ones. Reconnaissance can take place both online and offline. In this case, an analyst finds that an IP address outside of the company network is being used to run network and vulnerability scans across external-facing assets. This indicates that the analyst is witnessing reconnaissance activity by an attacker.

Reference: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html