Explanation & Hint:
In the context of the Installation or Persistence phase of the Cyber Kill Chain model, the two true statements among those provided are:
- “Sustained access generally provides the threat actor a way to access the system whenever desired without alerting the system users or network defenders.” – This statement is true. The primary goal of the Installation or Persistence phase is to ensure that the threat actor maintains access to the target network or system over time. This is typically achieved through the creation of backdoors or other mechanisms that allow for continued access without detection.
- “The installation phase (or persistence phase) describes actions taken by the threat actor to establish a back door onto the targeted system.” – This statement is also true. During this phase, the attacker installs various tools or creates hidden methods for maintaining access to the compromised system. These tools can include rootkits, trojans, or other types of malware that provide persistent access to the system even after reboots.
The other statements are not accurate:
- “This phase does not survive the system re-boots and the attack needs to be initiated again.” – This is false. One of the key objectives of the Installation or Persistence phase is to survive system reboots. Attackers often establish mechanisms that automatically reinstate their access after a reboot.
- “Although the threat actor creates successful operations against the targeted host, individual or network, the attack cannot extend over a prolonged length of time.” – This statement is incorrect. The whole purpose of the Installation or Persistence phase is to enable the attack to extend over a prolonged period, often for the purpose of continuous data exfiltration, surveillance, or further exploitation.
|