CompTIA CySA+ (CS0-003) — Question 116

Using open-source intelligence gathered from technical forums, a threat actor compiles and tests a malicious downloader to ensure it will not be detected by the victim organization's endpoint security protections. Which of the following stages of the Cyber Kill Chain best aligns with the threat actor's actions?

Answer options

• A. Delivery
• B. Reconnaissance
• C. Exploitation
• D. Weaponization

Correct answer: D

Explanation

The correct answer is D, Weaponization, as it involves the creation of a malicious payload for delivery. The other options do not fit: A, Delivery, refers to sending the malicious payload; B, Reconnaissance, is about gathering information; and C, Exploitation, involves using a vulnerability after the payload has been delivered.