CompTIA CySA+ Practice Test

Which activities are performed by an adversary during the delivery phase of the Lockheed Martin Kill Chain? (Select three)

• A. Direct action against public-facing servers
• B. Selecting a decoy document for the victim
• C. Deliberate social media interactions
• D. Triggering exploits for non-public facing servers

The correct answer is: Direct action against public-facing servers

During the delivery phase of the Lockheed Martin Kill Chain, an adversary focuses on transferring the weaponized payload to the target. This phase is crucial because it sets the stage for the subsequent exploitation of vulnerabilities. The activities typically involve establishing a method for the adversary to deliver their exploit or backdoor to the victim’s environment. Selecting a decoy document for the victim is an accurate representation of an activity that an adversary may perform. By crafting a document that appears legitimate and relevant to the target, the adversary can entice the victim to open it, thus successfully delivering the malicious payload. Deliberate social media interactions also align with the delivery phase, as adversaries may engage with targets through social platforms to create a trusting or relevant environment that encourages the victim to interact with malicious content, leading to potential exploits. While direct action against public-facing servers could potentially be part of an attack strategy, it does not specifically capture the essence of the delivery phase as defined within the Kill Chain framework. Instead, the focus should be on more indirect, deceptive tactics that facilitate the transfer of malicious materials to the target. Similarly, triggering exploits for non-public facing servers is more aligned with the exploitation phase rather than the delivery phase, as this involves taking advantage of