Question 7 - CompTIA (CYSA+) Analyst+ CS0-003 Real Exam Questions [Jan 2026 Update]

Q: 7

Using open-source intelligence gathered from technical forums, a threat actor compiles and tests a malicious downloader to ensure it will not be detected by the victim organization's endpoint security protections. Which of the following stages of the Cyber Kill Chain best aligns with the threat actor's actions?

Options

Correct Answer:

Explanation

The threat actor's actions of compiling, testing, and modifying a malicious downloader to evade specific security controls fall directly into the Weaponization stage of the Cyber Kill Chain. This stage is defined by the creation or modification of a malicious payload (the "weapon") that is tailored to the target environment. The actor is using intelligence gathered during reconnaissance to build an effective tool for the subsequent stages of the attack. The primary activity described is the creation of the malicious artifact, not its delivery or execution.

Why Incorrect

A. Delivery: This stage involves transmitting the weapon to the target (e.g., via a phishing email or a malicious website), which has not yet occurred in the scenario.

B. Reconnaissance: This stage focuses on gathering information about the target. While the actor used intelligence, the core action described is building the tool, not gathering the data.

C. Exploitation: This stage involves triggering the malicious code on the victim's system to gain access. The actor is still in the preparation phase on their own systems.

References

1. Hutchins

E. M.

Cloppert

M. J.

& Amin

R. M. (2011). Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains. Lockheed Martin Corporation. In Section 3

"Stage 2: Weaponization

" the authors state

"Weaponization...couples a remote access trojan with an exploit into a deliverable payload." This directly aligns with creating a malicious downloader.

2. NIST. (2016). NIST Special Publication 800-150: Guide to Cyber Threat Information Sharing. National Institute of Standards and Technology. Section 2.3.1 describes the Cyber Kill Chain

where Weaponization is the stage for creating the malicious payload before the Delivery stage.

3. SANS Institute. (2015). The Sliding Scale of Cyber Security. SANS Technology Institute. Page 5 describes the kill chain stages

defining Weaponization as the point where an attacker "chooses a weapon...and packages it for delivery." The act of compiling and testing fits this definition.

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE