nerdexam
EC-Council

312-50V13 · Question #274

You are a penetration tester working to test the user awareness of the employees of the client xyz. You harvested two employees' emails from some public sources and are creating a client- side backdoo

The correct answer is C. Weaponization. Cyber Kill Chain Stage Explanation Weaponization (C) is correct because you are actively crafting a malicious payload - in this case, a client-side backdoor embedded in an email - to be delivered to the targets. Weaponization is the stage where attackers package malware or exploi

Submitted by priya_blr· Mar 6, 2026Social Engineering

Question

You are a penetration tester working to test the user awareness of the employees of the client xyz. You harvested two employees' emails from some public sources and are creating a client- side backdoor to send it to the employees via email. Which stage of the cyber kill chain are you at?

Options

  • AReconnaissance
  • BCommand and control
  • CWeaponization
  • DExploitation

How the community answered

(41 responses)
  • A
    2% (1)
  • B
    10% (4)
  • C
    83% (34)
  • D
    5% (2)

Explanation

Cyber Kill Chain Stage Explanation

Weaponization (C) is correct because you are actively crafting a malicious payload - in this case, a client-side backdoor embedded in an email - to be delivered to the targets. Weaponization is the stage where attackers package malware or exploits into a deliverable weapon before it reaches the victim.

Why the distractors are wrong:

  • (A) Reconnaissance already occurred - that's when you harvested the employees' email addresses from public sources; that stage is now complete.
  • (B) Command and Control (C2) happens after the victim is compromised and the attacker establishes a communication channel with the infected system - much later in the chain.
  • (D) Exploitation occurs when the payload is triggered on the victim's machine, causing the vulnerability to execute - which hasn't happened yet.

Memory Tip: Think of the kill chain in order - Reconnaissance → Weaponization → Delivery → Exploitation → C2. Ask yourself: "Am I gathering info, building the weapon, sending it, or using it?" In this scenario, you're building the weapon, which = Weaponization.

Topics

#Cyber Kill Chain#Weaponization#Backdoor creation#Penetration testing

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice