Exam 312-50v12 All QuestionsBrowse all questions from this exam
Question 191

Sarah, a system administrator, was alerted of potential malicious activity on the network of her company. She discovered a malicious program spread through the instant messenger application used by her team. The attacker had obtained access to one of her teammate's messenger accounts and started sending files across the contact list. Which best describes the attack scenario and what measure could have prevented it?

    Correct Answer: B

    The attack scenario involves a malicious program spreading through an instant messenger application due to unauthorized access to a user's account. This indicates the attack vector is the use of instant messages to propagate malicious files. To prevent such an attack, it is important to verify the sender's identity before opening any files received through instant messaging platforms. This verification process can involve confirming directly with the sender via a different communication method to ensure the file is legitimate, thereby reducing the risk of opening malicious files from compromised accounts.

Discussion
ryotanOption: A

It should not be B, as the attacker obtained access to one of the teammate's messenger accounts, so even if you verify the sender's identity, it is not a fake account, it does not help. A is the option for me.

athicalacker

How can regular software update prevent an attack that exploits user trust?? The answer can't be Option A.

Mabrow

how about C?, any program send with messenger must be trusted

Lalo

Answer BBBBBBBB option B is correct because it focuses on a direct and relevant preventive measure for the given scenario, while option A does not address the specific problem presented in the attack scenario.

anarchyeagleOption: B

Chat GPT: Verifying the sender's identity before opening any files is a crucial preventive measure in this context. This can involve double-checking with the sender through a different communication channel before opening unexpected files or links, even if they appear to come from someone you know. This measure helps to mitigate the risk of similar attacks by ensuring that the files or links are genuinely intended and safe to open.

przemyslaw1Option: B

B. Instant Messenger Applications; verifying the sender's identity before opening any files CEH book, Module 7 - Different Ways for Malware to Enter a System.

GK2205Option: B

Seems like a trick question given the sender was technically already a "Trusted" third party to the contacts on the other teammates list. However, if you read the answers closely, the only contextual reference to instant messenger is B. The trick in the question is in the section after "Instant Messenger applications" referring to Validation, I think they do this to deliberately throw you off.

LoveBug4Option: B

Module 7, page 948

Bas375Option: B

B - Opening files from unknown source should be verified e.g. the attacker that compromise the account if that make sense

LordXanderOption: B

Okay, I will be the one saying C..I know...it might be stupid/wrong but hear me out. So, after some discussions with a few cyber experts, we agreed that both B and C could be the correct options, it really depends on your angle. For option B, the arguments is that the verification could be something set, server side, such as a 2FA(you send a file, you must auth with 2FA) -> valid idea, a bit uncommon, but valid For option C - the idea of having files scanned before being sent by different solutions and then marked as TRUSTED is another way of approaching this since 2FA can be bypassed (looking at MS). So after even more deliberations, if I had this question, I would go with option B as it covers more ground (software fails, but an email protection service fails more often than 2FA)

DruSupermanOption: B

B is the only one that makes sense.

qtygbapjpesdayazko

B is the only one that makes sense. This is the way

duke_of_kamulu

from 126 upward is it the real exam

calx5Option: A

Question mentioned that account was compromised

Lalo

Answer BBBBBBBB option B is correct because it focuses on a direct and relevant preventive measure for the given scenario, while option A does not address the specific problem presented in the attack scenario.

insaniuntOption: B

B. Instant Messenger Applications; verifying the sender's identity before opening any files

pechugaOption: A

A option for me