312-50V11 · Question #975
Which among the following is the best example of the third step (delivery) in the cyber kill chain?
The correct answer is C. An intruder's malware is triggered when a target opens a malicious email attachment.. The Delivery phase (step 3) of the cyber kill chain is when the weaponized payload is successfully activated at the target, such as when the victim opens a malicious attachment and the malware executes.
Question
Options
- AAn intruder sends a malicious attachment via email to a target.
- BAn intruder creates malware to be used as a malicious attachment to an email.
- CAn intruder's malware is triggered when a target opens a malicious email attachment.
- DAn intruder's malware is installed on a target's machine.
How the community answered
(37 responses)- A3% (1)
- B14% (5)
- C76% (28)
- D8% (3)
Why each option
The Delivery phase (step 3) of the cyber kill chain is when the weaponized payload is successfully activated at the target, such as when the victim opens a malicious attachment and the malware executes.
Sending a malicious attachment via email represents the transport mechanism but not confirmed delivery - it corresponds to the attacker initiating transmission, which precedes the actual delivery confirmation that occurs when the target activates the payload.
Creating malware to use as a malicious email attachment represents the Weaponization phase (step 2), where the attacker couples an exploit with a payload to form a deliverable weapon.
In the Lockheed Martin Cyber Kill Chain, Delivery represents the moment the attacker's weapon is conveyed into the target environment and triggered, confirming successful transfer of the payload to the victim's operational context. When the target opens the malicious email attachment and the malware fires, the weapon has been effectively delivered and activated within the victim's system. This triggered execution event is the defining marker that separates confirmed delivery from mere transmission.
Malware being installed on the target's machine corresponds to the Installation phase (step 5) of the kill chain, which occurs after the payload has already been delivered and exploited successfully.
Concept tested: Cyber kill chain delivery phase identification
Source: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
Topics
Community Discussion
No community discussion yet for this question.