Ethical Hacking Essentials Practice Test

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Ethical Hacking Essentials Test. Study with flashcards and multiple-choice questions, each exam includes hints and explanations. Get ready to ace your certification exam!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

What malware technique allows an attacker to install malware by merely visiting a compromised webpage?

  1. Drive by downloads

  2. Phishing attacks

  3. SQL injection

  4. Cross-site scripting

The correct answer is: Drive by downloads

Drive-by downloads refer to a malicious technique where malware is automatically downloaded to a user's device upon visiting an infected or compromised webpage, without the user being aware of the action. This technique often exploits vulnerabilities in web browsers or their plugins, making it a significant threat. When a user unknowingly visits such a webpage, it can evaluate the user's system for potential vulnerabilities and subsequently execute code that downloads and installs malware instantly. Users typically do not need to click on anything; the compromise occurs simply by loading the webpage, which is what makes this tactic particularly insidious. In contrast, phishing attacks generally require the victim to interact with a deceptive email or message, persuading them to reveal sensitive information or download harmful files. SQL injection involves injecting malicious SQL queries into an application, exploiting a vulnerability in a database, which is distinct from direct downloads upon webpage access. Cross-site scripting (XSS) allows attackers to inject malicious scripts into web applications viewed by users but does not inherently involve immediate downloads upon visiting a webpage. Thus, the characteristics of drive-by downloads are specifically tailored for the scenario in which malware is downloaded simply by visiting a compromised site, making it the correct choice.

More Questions Like This