https://nmap.org/book/man-output.html
-oX <filespec> - Requests that XML output be directed to the given filename.

This is a classic phishing scam - a form of social engineering used to trick victims into giving up sensitive information.
Statement D is incorrect because:
* Antivirus, anti-spyware, and firewalls are primarily designed to stop malware and network intrusions.
* They cannot reliably detect social engineering attacks like phishing emails, especially if the email content appears legitimate.
* Detection of phishing is more reliant on user awareness and email filtering policies.
From CEH v13 Courseware:
* Module 7: Social Engineering
* Module 5: Email Security
CEH v13 Study Guide states:
"Phishing attacks are psychological rather than purely technical. Antivirus tools cannot detect or prevent all phishing attempts because these are based on user manipulation rather than system compromise." Reference:CEH v13 Study Guide - Module 7: Phishing and Social Engineering TacticsFTC.gov - Phishing Scams Prevention Guide

Remote File Inclusion occurs when an application allows external resources to be loaded from user-controlled input. CEH teaches that an attacker can supply a remote URL pointing to a malicious script (for example, a PHP shell). When the vulnerable application includes this external file, the attacker's code executes on the server. This can lead to full system compromise, remote command execution, or lateral movement.

In CEH v13 Module 06: Malware Threats, the Cyber Kill Chain is broken down into its seven stages:
Reconnaissance
Weaponization
Delivery
Exploitation
Installation
Command & Control
Actions on Objectives
Step 3 - Delivery:
Refers to the transmission of the malicious payload to the victim.
Can occur through email, web downloads, USB drives, etc.
Correct Example:
A). "An intruder sends a malicious attachment via email to a target" - This is delivery.
Other Options:
B). Weaponization
C). Exploitation
D). Installation
Reference:
Module 06 - Malware and Cyber Kill Chain Model
CEH Labs: Simulating Cyber Kill Chain Stages

CEH v13 explains that SQL injection typically occurs when user inputs are concatenated into SQL queries without proper validation or parameterization. The login form is one of the most common injection targets, and testers use specific test payloads designed to manipulate the authentication query. A classic test string such as ' OR '1'='1 exploits conditional logic to force the SQL statement to evaluate as true, effectively bypassing authentication if the application is vulnerable. CEH notes that this technique is a standard initial test because it is low-risk, easily detectable if vulnerable, and directly confirms improper sanitization.
JavaScript injection (Option A) tests for XSS, not SQLi. Directory traversal (Option C) targets file path vulnerabilities rather than SQL queries. Brute-force attacks (Option D) rely on guessing credentials and do not test input sanitization. Therefore, using a logical SQL injection payload is the most appropriate and CEH- aligned method.