Explanation & Hint:
In the context of the Exploitation phase in the Cyber Kill Chain model, the two true statements are:
- “Threat actors commonly exploit or target one of three critical weaknesses in the defensive posture: an application, an operating system vulnerability, or the users.” – This statement is true. The Exploitation phase often involves the exploitation of vulnerabilities in software (like applications or operating systems) or exploiting human weaknesses (like tricking users through social engineering). This phase is about leveraging weaknesses to gain unauthorized access or control.
- “When the exploit is conducted, the attacker ‘breaks’ the vulnerability to gain control of the machine.” – This is also true. The act of exploitation involves manipulating a vulnerability, whether it’s in software or a system’s configuration, to execute attacker-controlled code. This can lead to the attacker gaining control over the affected system or machine.
The other statements are not accurate:
- “Selection of the exploit is not important in the exploitation phase.” – This is false. The selection of the appropriate exploit is crucial in the Exploitation phase. The effectiveness of the attack heavily depends on choosing an exploit that is suitable for the targeted vulnerability.
- “The exploitation phase describes what occurs once the malicious code is executed before the weapon delivery.” – This statement is somewhat misleading. The Exploitation phase actually involves the execution of the malicious code. It’s the phase where the vulnerability is actively exploited, and it typically occurs after the weapon (or exploit) has been delivered to the target.
|