Which attack path describes a sequence where an attacker first gains legitimate low-privilege account and escalates privileges?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which attack path describes a sequence where an attacker first gains legitimate low-privilege account and escalates privileges?

Explanation:
Attacks that start with a legitimately obtained, low-privilege account and then push beyond the allowed permissions hinge on weaknesses in how access control is enforced. This path is described as an authorization attack because the attacker relies on the system’s authorization decisions to perform actions or access resources that should be denied. They begin with a valid identity at a basic level and exploit flaws in access controls—such as misconfigured permissions, faulty RBAC/ACLs, or missing checks—to escalate their access. This differs from a replay attack, which uses captured data to impersonate someone else, and from phishing, which tricks a user into revealing credentials. While privilege escalation describes the end result of gaining higher rights, this scenario specifically emphasizes abusing authorization logic after obtaining a legitimate account, making authorization attack the best fit.

Attacks that start with a legitimately obtained, low-privilege account and then push beyond the allowed permissions hinge on weaknesses in how access control is enforced. This path is described as an authorization attack because the attacker relies on the system’s authorization decisions to perform actions or access resources that should be denied. They begin with a valid identity at a basic level and exploit flaws in access controls—such as misconfigured permissions, faulty RBAC/ACLs, or missing checks—to escalate their access. This differs from a replay attack, which uses captured data to impersonate someone else, and from phishing, which tricks a user into revealing credentials. While privilege escalation describes the end result of gaining higher rights, this scenario specifically emphasizes abusing authorization logic after obtaining a legitimate account, making authorization attack the best fit.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy