TimSaysICan Training - CySA+ PBQ

CySA+ PBQ: Kill Chain Mapping

Map attacker activity to common kill chain phases.

Back to Training Portal

Scenario

A ransomware investigation contains artifacts from initial targeting through final impact. Match each observed activity to the most appropriate phase.

Your task: Review the evidence and select the best analyst response for each field.
EvidenceDetails
Attack themeTargeted phishing leads to ransomware
Remote controlMalware contacts an Internet host
ImpactFiles are encrypted and a ransom demand appears

Analyst Decisions

Instructor Answer