DRAG DROP Given the graphic, match each stage of the cyber-attack lifecycle to its description. https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/Palo_Alto_Networks_Cybersecurity-Practitioner/page_43_img_1.jpg https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/Palo_Alto_Networks_Cybersecurity-Practitioner/page_43_img_2.jpg

Question 19 - Palo Alto Networks Cybersecurity Practitioner Exam Questions [June 2026 Update]

Q: 19

DRAG DROP Given the graphic, match each stage of the cyber-attack lifecycle to its description.

Drag & Drop

Enable JavaScript to use the Drag & Drop feature.

reconnaissance
weaponization
delivery
exploitation
installation
command and control

Correct Answer:

Answer Area attacker will plan the cyber-attack: A. reconnaissance attacker will determine which method to use to compromise an endpoint: B. weaponization attacker will distribute their weaponized payload to an endpoint: C. delivery attacker will trigger a weaponized payload: D. exploitation escalate privileges on a compromised endpoint: E. installation establish secure communication channel to servers across the internet to reshape attack objectives: F. command and control

Explanation

The question follows the Cyber Kill Chain model.

Reconnaissance: The attacker identifies targets and plans the operation (matches "plan the cyber-attack").
Weaponization: The attacker selects the exploit and malware (backdoor) to create a payload, effectively determining the method of compromise.
Delivery: The weaponized bundle is transmitted to the target (e.g., via email or web).
Exploitation: The malware code is executed or "triggered" on the target system to exploit a vulnerability.
Installation: To maintain access (persistence), the attacker typically installs a backdoor. In the context of this specific exam mapping, this stage corresponds with escalating privileges to ensure the installation is successful and permanent.
Command and Control (C2): The compromised host establishes an outbound channel to the attacker's server for instructions.

References

Lockheed Martin. (n.d.). The Cyber Kill Chain. Retrieved from Lockheed Martin Cyber Kill Chain. (Defines the 7 steps: Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command and Control, Actions on Objectives).

Palo Alto Networks. (2021). Cybersecurity Survival Guide, "Section 1.2.1: The Cyber-Attack Lifecycle". (Describes the modern application of the lifecycle, mapping Reconnaissance to planning and Weaponization to creating the payload).

Malone, T., et al. (2016). "Modeling the Cyber Kill Chain." Proceedings of the 11th International Conference on Cyber Warfare and Security (ICCWS). (Academic analysis of the stages, confirming Exploitation involves triggering code and Installation involves establishing persistence).

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE