PALO ALTO NETWORKS: PCNSA Study Guide 26:
Delivery: This stage marks the transition from the attacker working outside of an organization’s network to working within an organization’s network. Malware delivered during this stage is designed to exploit existing software vulnerabilities. To deliver its initial malware, the attacker might choose to embed malicious code within seemingly innocuous PDF or Word files, or within an email message. For highly targeted attacks, an attacker might craft a deliverable related to the specific interests of an individual that might entice the individual into accessing a malicious website or opening an infected email message
This is very confusing! it defies all the security related training I've attended and books I've read. an attacker sending a random infected attachment via email seems to me, it is the first stage (exploration or reconnaissance).
Exploration and reconnaissance would not involve sending any infected attachments. Those first stages are used only to gather intel to determine individuals to target, possible vulnerabilities in the network, etc. This can involve looking at organizational structures/job positions, network port/vulnerability scans, etc.
Those stages do not include any actual exploitation or attempted exploitation. its only to gather information to determine the best possible method for attack and successful installation or an exploitation. That is done in the delivery phase.
So A is the correct answer.
When reading Security+ and other sources, the matter is clearer.
"Deliver" is creating the package, not sending the package.
"Exploit" is the initial attack. Thus, the answer: D Exploit
Exactly, D is correct:
Exploitation: In this stage, attackers deploy an exploit against a vulnerable application or system, typically using an exploit kit or weaponized document. This allows the attack to gain an initial entry point into the organization.
the answer is D. Exploitation
The Delivery stage the Attackers will then determine which methods to use in order to deliver malicious payloads. such as exploit kits, spear phishing attacks with malicious links, or attachments and malvertizing.
in Exploitation stage Attackers deploy an exploit against a vulnerable application or system, typically using an exploit kit or weaponized document. This is determined by the delivery method the chose in delivery stage.
check this link:- https://www.paloaltonetworks.com/cyberpedia/how-to-break-the-cyber-attack-lifecycle#:~:text=Exploitation%3A%20In%20this%20stage%2C%20attackers,entry%20point%20into%20the%20organization.
Answer A. But should read Weaponization and Delivery. Exploitation is once the infected pdf, doc, etc is opened and the the attack is deployed on the network.
https://www.paloaltonetworks.com/cyberpedia/how-to-break-the-cyber-attack-lifecycle
It must be Delivery: the attacker in the question is just attaching a document to an email, therefore the email has not been yet sent at all: from what we know at this point, there might not be any exploitation phase (e.g. if the attacker does not hit "send")
To deliver its initial malware, the attacker might choose to embed malicious code within seemingly innocuous PDF or Word files, or within an email message.
Delivery, IF the question were worded: At which stage of the Cyber-Attack Lifecycle would the attacker send an email with an infected PDF file attached? Attaching an infected PDF file to an email happens @ Weaponization. PCNSA Study guide "All Weaponization activity occurs on machines away from the target." Sending the email would be at the Delivery phase.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Grandslam
Highly Voted 2 years, 10 months agoOteslar
1 year, 11 months agohalifax
1 year, 7 months agoErmbmx2
1 year, 7 months agoLordScorpius
Highly Voted 2 years, 8 months agoeric11
2 years, 7 months agoGerza27
2 years, 6 months agoMY303V8
Most Recent 7 months, 3 weeks agoSnookerloopy
9 months, 3 weeks agoJackie26
1 year, 2 months agoleeban
1 year, 4 months agomlj23
1 year, 6 months agoall_nicknames_are_taken
1 year, 8 months agoFahmiZnd
1 year, 9 months agodaytonadave2011
1 year, 11 months agocoboo
2 years, 5 months agoon2it
2 years, 5 months agojavim
2 years, 5 months agokewokil120
2 years, 6 months agoFlixis
2 years, 6 months agoLuongchacha1
2 years, 8 months agoerror_909
2 years, 8 months agoAG15808
2 years, 10 months ago