There are a number of activities that an attacker conducts before the attack really kicks off. If you think about what would happen in a physical military campaign, people don't just turn up at a castle and hope they can attack it; there are a number of preparatory steps.
In this section, we will discuss the distinguishing features of an intrusion in the reconnaissance and weaponization phases and how to defend against an attack at this point. This is specifically referenced in topics 5.1a and b in the 210-255 topic list.
Implementing Cisco Cybersecurity Operations (210-255) Topic List:
5.1 Classify intrusion events into these categories as defined by the Cyber Kill Chain model
5.1.a Reconnaissance
5.1.b Weaponization
5.1 Classify intrusion events into these categories as defined by the Cyber Kill Chain model
5.1.a Reconnaissance
5.1.b Weaponization
As it is in the topic list, and in the Cyber Kill Chain model, we will look at each stage separately.