Free Cisco 200-201 Actual Exam Questions - Question 2 Discussion
was targeting the company servers. According to the Cyber Kill Chain model, which step must be
assigned to this type of event?
B imo, delivery usually means sending the payload, which isn’t happening here. So it can’t be B. It’s definitely before exploitation, so reconnaissance (C) still feels right.
C vs A? The scan is definitely about gathering info, so it fits reconnaissance (C). Actions on objectives (A) usually means the attacker is already inside and doing their main goal, which this isn’t. Since it’s just scanning, not exploiting or delivering anything, C makes the most sense here.
Totally agree with the reconnaissance call. Port scans are classic info gathering moves, so it’s definitely C. Delivery and exploitation usually come after the attacker figures out what’s vulnerable, and “actions on objectives” is way later down the line when actual damage or data theft happens. This looks like the early footprinting phase for sure.
Makes sense to call it reconnaissance since the attacker’s just probing for info, no actual attack yet. So definitely C here.
It’s C. Port scanning is all about gathering information before the attacker tries anything else, so it fits the reconnaissance stage perfectly, not exploitation or delivery.
Yeah, I agree that port scans fall under info gathering, so it’s definitely not delivery or exploitation. The attacker is just mapping out the network to find potential entry points, which matches option C, reconnaissance. It’s too early to say actions on objectives since that’s after they actually do something harmful.
C imo, port scans are classic reconnaissance because they’re about gathering info on open ports and services before any real attack happens. It’s like the attacker’s way of mapping out the target. Delivery (B) would be when something is sent to the target, like malware or phishing. Since this is just scanning and no exploit or payload is mentioned, it doesn’t fit those phases. Actions on objectives (A) and exploitation (D) come later after the attacker has enough info, so they don’t really match here.
C imo, port scans fit reconnaissance phase.