CompTIA CySA+ (CS0-003) — Question 447

A malicious actor has gained access to an internal network by means of social engineering. The actor does not want to lose access in order to continue the attack. Which of the following best describes the current stage of the Cyber Kill Chain that the threat actor is currently operating in?

Answer options

• A. Weaponization
• B. Reconnaissance
• C. Delivery
• D. Exploitation

Correct answer: D

Explanation

The correct answer is D, Exploitation, as the actor has already gained access and is utilizing it to further their objectives. The other stages—Weaponization, Reconnaissance, and Delivery—occur before access is gained and do not reflect the ongoing activity of maintaining access.