Sarah, a system administrator, was alerted of potential malicious activity on the network of her company. She discovered a malicious program spread through the instant messenger application used by her team. The attacker had obtained access to one of her teammate's messenger accounts and started sending files across the contact list. Which best describes the attack scenario and what measure could have prevented it?
The attack scenario involves a malicious program spreading through an instant messenger application due to unauthorized access to a user's account. This indicates the attack vector is the use of instant messages to propagate malicious files. To prevent such an attack, it is important to verify the sender's identity before opening any files received through instant messaging platforms. This verification process can involve confirming directly with the sender via a different communication method to ensure the file is legitimate, thereby reducing the risk of opening malicious files from compromised accounts.
It should not be B, as the attacker obtained access to one of the teammate's messenger accounts, so even if you verify the sender's identity, it is not a fake account, it does not help. A is the option for me.
How can regular software update prevent an attack that exploits user trust?? The answer can't be Option A.
how about C?, any program send with messenger must be trusted
Answer BBBBBBBB option B is correct because it focuses on a direct and relevant preventive measure for the given scenario, while option A does not address the specific problem presented in the attack scenario.
B. Instant Messenger Applications; verifying the sender's identity before opening any files CEH book, Module 7 - Different Ways for Malware to Enter a System.
Chat GPT: Verifying the sender's identity before opening any files is a crucial preventive measure in this context. This can involve double-checking with the sender through a different communication channel before opening unexpected files or links, even if they appear to come from someone you know. This measure helps to mitigate the risk of similar attacks by ensuring that the files or links are genuinely intended and safe to open.
A option for me
B. Instant Messenger Applications; verifying the sender's identity before opening any files
Question mentioned that account was compromised
Answer BBBBBBBB option B is correct because it focuses on a direct and relevant preventive measure for the given scenario, while option A does not address the specific problem presented in the attack scenario.
B is the only one that makes sense.
B is the only one that makes sense. This is the way
from 126 upward is it the real exam
Okay, I will be the one saying C..I know...it might be stupid/wrong but hear me out. So, after some discussions with a few cyber experts, we agreed that both B and C could be the correct options, it really depends on your angle. For option B, the arguments is that the verification could be something set, server side, such as a 2FA(you send a file, you must auth with 2FA) -> valid idea, a bit uncommon, but valid For option C - the idea of having files scanned before being sent by different solutions and then marked as TRUSTED is another way of approaching this since 2FA can be bypassed (looking at MS). So after even more deliberations, if I had this question, I would go with option B as it covers more ground (software fails, but an email protection service fails more often than 2FA)
B - Opening files from unknown source should be verified e.g. the attacker that compromise the account if that make sense
Module 7, page 948
Seems like a trick question given the sender was technically already a "Trusted" third party to the contacts on the other teammates list. However, if you read the answers closely, the only contextual reference to instant messenger is B. The trick in the question is in the section after "Instant Messenger applications" referring to Validation, I think they do this to deliberately throw you off.