Which attack category uses drive-by compromise to target web browsers?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which attack category uses drive-by compromise to target web browsers?

Explanation:
Drive-by compromise of web browsers happens when an attacker exploits a vulnerability in the browser or its plugins to deliver malware as soon as a user visits a malicious or compromised webpage. This focus on the browser and the web channel is why web-browser-based exploitation is the best description. Common methods include exploit kits and malvertising that trigger code execution without requiring the user to take a specific action beyond loading the page, leading to silent downloads or payloads. Office-Applications-Based Exploitation would involve malicious documents or macros targeting Office apps, typically delivered via email or downloads rather than through visiting a webpage. Third-Party Applications-Based Exploitation targets other installed software outside the browser, which can be exploited via different vectors but isn’t inherently browser-centered. WinRM is a management/service protocol, not a browser-exploitation category, so it doesn’t describe drive-by compromises to web browsers.

Drive-by compromise of web browsers happens when an attacker exploits a vulnerability in the browser or its plugins to deliver malware as soon as a user visits a malicious or compromised webpage. This focus on the browser and the web channel is why web-browser-based exploitation is the best description. Common methods include exploit kits and malvertising that trigger code execution without requiring the user to take a specific action beyond loading the page, leading to silent downloads or payloads.

Office-Applications-Based Exploitation would involve malicious documents or macros targeting Office apps, typically delivered via email or downloads rather than through visiting a webpage. Third-Party Applications-Based Exploitation targets other installed software outside the browser, which can be exploited via different vectors but isn’t inherently browser-centered. WinRM is a management/service protocol, not a browser-exploitation category, so it doesn’t describe drive-by compromises to web browsers.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy