Attackers use compromised legitimate websites to infect visitors; the malware then performs malicious activities. What is this attack called?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Attackers use compromised legitimate websites to infect visitors; the malware then performs malicious activities. What is this attack called?

Explanation:
Attackers exploit trusted, legitimate websites that a target group visits, turning those sites into infection points. This is the essence of a watering hole approach: a site the victims already trust is compromised, and when they visit, malware is delivered and may run without the user doing anything. The option that best matches this scenario is the one describing compromised legitimate websites, because it directly captures the method of using trusted sites as the delivery vector for malware. This differs from spear-phishing, which uses fraudulent emails or pages to lure users to a site, and from the other items which refer to unrelated concepts. In watering hole attacks, drive-by downloads or exploits on the compromised page silently initiate the malicious activity.

Attackers exploit trusted, legitimate websites that a target group visits, turning those sites into infection points. This is the essence of a watering hole approach: a site the victims already trust is compromised, and when they visit, malware is delivered and may run without the user doing anything. The option that best matches this scenario is the one describing compromised legitimate websites, because it directly captures the method of using trusted sites as the delivery vector for malware. This differs from spear-phishing, which uses fraudulent emails or pages to lure users to a site, and from the other items which refer to unrelated concepts. In watering hole attacks, drive-by downloads or exploits on the compromised page silently initiate the malicious activity.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy