Implementing Cisco Cybersecurity Operations (SECOPS, legacy) — Question 12

A user on your network receives an email in their mailbox that contains a malicious attachment. There is no indication that the file was run. Which category as defined in the Diamond Model of Intrusion does this activity fall under?

Answer options

• A. reconnaissance
• B. weaponization
• C. delivery
• D. installation

Correct answer: C

Explanation

The correct answer is C, as the email containing the malicious attachment represents the delivery phase where the threat is sent to the target. Options A and B describe earlier stages of the attack lifecycle, while D pertains to the execution of the malware, which has not occurred in this scenario.