Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) — Question 163

A user received a targeted spear-phishing email and identified it as suspicious before opening the content. To which category of the Cyber Kill Chain model does to this type of event belong?

Answer options

• A. exploitation
• B. weaponization
• C. reconnaissance
• D. delivery

Correct answer: D

Explanation

This event falls under the 'delivery' stage of the Cyber Kill Chain since the user received the spear-phishing email, which is the method through which the malicious content is delivered to the target. The other options, such as 'exploitation' and 'weaponization', occur at later stages where the attack is executed or prepared, while 'reconnaissance' involves gathering information about the target prior to any contact.