The attacker first finds a legitimate account with limited privileges, then logs in as that user, and gradually escalates privileges to access protected resources.

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

The attacker first finds a legitimate account with limited privileges, then logs in as that user, and gradually escalates privileges to access protected resources.

Explanation:
The main idea here is authorization and how access controls can be abused after someone is already inside. The attacker starts with a legitimate account that has limited rights, logs in as that user, and then finds ways to obtain higher privileges to reach resources that should be protected. That pattern focuses on bypassing or abusing permission checks rather than guessing credentials or injecting malicious input. So this is an authorization attack, specifically a privilege escalation scenario, where the goal is to move from a lower-privilege account to higher privileges. Dictionary attack would involve guessing a password to break into an account in the first place, not escalating privileges once already logged in. SQL injection and Cross-Site Scripting are different kinds of input attacks: they target the application’s code or data handling to manipulate queries or run unobtrusive scripts, not the post-authentication authorization controls that gate access to protected resources.

The main idea here is authorization and how access controls can be abused after someone is already inside. The attacker starts with a legitimate account that has limited rights, logs in as that user, and then finds ways to obtain higher privileges to reach resources that should be protected. That pattern focuses on bypassing or abusing permission checks rather than guessing credentials or injecting malicious input. So this is an authorization attack, specifically a privilege escalation scenario, where the goal is to move from a lower-privilege account to higher privileges.

Dictionary attack would involve guessing a password to break into an account in the first place, not escalating privileges once already logged in. SQL injection and Cross-Site Scripting are different kinds of input attacks: they target the application’s code or data handling to manipulate queries or run unobtrusive scripts, not the post-authentication authorization controls that gate access to protected resources.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy