🔥 3-day streak
CompTIA CySA+ (CS0-003)70 / 147
Question 70 of 147

A SOC analyst reviews external-facing web server logs and notices repeated requests from a single external IP over several days that enumerate directory paths, query robots.txt, probe /admin and /login endpoints, and pull HTTP response headers revealing server versions. No exploitation attempts or malicious payloads have been observed yet. Within the Cyber Kill Chain, which stage does this activity most accurately represent?

Reviewed for accuracy · Report an issueNext question