| Explanation & Hint:
Among the statements provided about the Reconnaissance phase in the Cyber Kill Chain model, the two true statements are:
- “External to the network, threat actors review available information and resources about your organization and public-facing network assets.” – This statement is true. During the Reconnaissance phase, attackers gather information about the target organization from external sources. This includes researching public-facing network assets, company websites, and other publicly available data that can provide insights into potential vulnerabilities or valuable targets.
- “Company websites, news articles, and social media can be used to develop a list of potential targets of network infiltration vectors.” – This statement is also true. Attackers often use publicly accessible information from company websites, news articles, and social media platforms to identify potential infiltration vectors and gather intelligence about the target organization, its employees, and its operations.
The other statements are not accurate:
- “Potential targets are selected when they are considered to be relatively protected and guarded.” – This statement is misleading. In reality, attackers often target organizations perceived as less protected or vulnerable, rather than those that are well-guarded. The goal is to find the path of least resistance.
- “During the reconnaissance phase, threat actors will randomly select the target network.” – This statement is false. The selection of targets during the reconnaissance phase is typically not random but rather based on specific criteria or objectives. Attackers choose targets based on factors like the potential for financial gain, data value, perceived vulnerabilities, or strategic importance.
|