🔥 3-day streak
CompTIA CySA+ (CS0-003)60 / 147
Question 60 of 147

During an investigation, a CySA+ analyst reviews EDR telemetry from a compromised finance workstation. The logs show that a legitimate archiving utility bundled several spreadsheets into a password-protected RAR file, after which a scheduled process uploaded the archive to a personal cloud storage account over HTTPS. The analyst is documenting the incident using the MITRE ATT&CK framework. Which ATT&CK tactic best describes the final activity of uploading the archive to the external cloud service?

Reviewed for accuracy · Report an issueNext question