Certified Ethical Hacker (CEH v11) — Question 329

Josh has finished scanning a network and has discovered multiple vulnerable services. He knows that several of these usually have protections against external sources but are frequently susceptible to internal users. He decides to draft an email, spoof the sender as the internal IT team, and attach a malicious file disguised as a financial spreadsheet. Before Josh sends the email, he decides to investigate other methods of getting the file onto the system.
For this particular attempt, what was the last stage of the cyber kill chain that Josh performed?

Answer options

• A. Weaponization
• B. Delivery
• C. Reconnaissance
• D. Exploitation

Correct answer: A

Explanation

The correct answer is A. Weaponization is the stage where an attacker creates a malicious payload, which in this case is the malicious file disguised as a financial spreadsheet. The other options represent different stages of the cyber kill chain: B is about delivering the payload, C involves gathering information about the target, and D refers to exploiting the vulnerability once access is gained.