🔥 3-day streak
CompTIA CySA+ (CS0-003)58 / 147
Question 58 of 147

A CySA+ analyst reviews EDR telemetry from a compromised workstation. The host is periodically making outbound HTTPS connections to a legitimate cloud storage provider's API, and the analyst confirms the malware retrieves task instructions and posts stolen data through this service. When documenting the incident, which MITRE ATT&CK tactic BEST describes this observed behavior?

Reviewed for accuracy · Report an issueNext question