Ethical Hacking Essentials Practice Test

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for your Ethical Hacking Essentials Test. Study with flashcards and multiple choice questions with detailed hints and explanations. Enhance your cybersecurity skills and get ready for your exam!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

What malware technique allows an attacker to install malware by merely visiting a compromised webpage?

  1. Drive by downloads

  2. Phishing attacks

  3. SQL injection

  4. Cross-site scripting

The correct answer is: Drive by downloads

Drive-by downloads refer to a malicious technique where malware is automatically downloaded to a user's device upon visiting an infected or compromised webpage, without the user being aware of the action. This technique often exploits vulnerabilities in web browsers or their plugins, making it a significant threat. When a user unknowingly visits such a webpage, it can evaluate the user's system for potential vulnerabilities and subsequently execute code that downloads and installs malware instantly. Users typically do not need to click on anything; the compromise occurs simply by loading the webpage, which is what makes this tactic particularly insidious. In contrast, phishing attacks generally require the victim to interact with a deceptive email or message, persuading them to reveal sensitive information or download harmful files. SQL injection involves injecting malicious SQL queries into an application, exploiting a vulnerability in a database, which is distinct from direct downloads upon webpage access. Cross-site scripting (XSS) allows attackers to inject malicious scripts into web applications viewed by users but does not inherently involve immediate downloads upon visiting a webpage. Thus, the characteristics of drive-by downloads are specifically tailored for the scenario in which malware is downloaded simply by visiting a compromised site, making it the correct choice.

More Questions Like This