Free Cisco 200-201 Actual Exam Questions - Question 12 Discussion
approach is to push back the cyber kill chain and mitigate ongoing incidents. At which phase of the
cyber kill chain should the security team mitigate this type of attack?
It’s C for me. Even if spam is active, knowing how attackers gather info helps predict and block future campaigns earlier, making reconnaissance a key phase to disrupt planning and reduce spam effectiveness.
It’s B. If the spam’s actively coming through, cutting it off during delivery stops it from reaching users and reduces the chance of further infection or spreading.
Option A; stopping attacker actions post-installation can directly disrupt spam operations.
D imo, if the spam’s already active, blocking at installation stops the payload from taking hold. Delivery’s great, but once it’s past that, you gotta focus deeper in the chain.
Good point about stopping spam early. I’d say C (reconnaissance) is less practical since the attack’s already launched, so focusing on B (delivery) makes more sense to block spam before it causes damage.
If they’re trying to stop the campaign early, reconnaissance (C) is too early, so I’d go with delivery (B).
It’s B because delivery is when the spam actually reaches the target, so stopping it there prevents further attack steps. If you block delivery, the malware can’t get installed or executed later.
Is this about stopping the spam before it reaches users or after it's already on their systems? That might change whether it’s B or D.