nerdexam
EC-Council

312-50V10 · Question #904

Nicolas just found a vulnerability on a public-facing system that is considered a zero-day vulnerability. He sent an email to the owner of the public system describing the problem and how the owner ca

The correct answer is B. white hat. A white hat hacker practices responsible disclosure by privately notifying affected system owners and vendors about discovered vulnerabilities without exploiting them.

Information Security and Ethical Hacking Fundamentals

Question

Nicolas just found a vulnerability on a public-facing system that is considered a zero-day vulnerability. He sent an email to the owner of the public system describing the problem and how the owner can protect themselves from that vulnerability. He also sent an email to Microsoft informing them of the problem that their systems are exposed to. What type of hacker is Nicolas?

Options

  • ARed hat
  • Bwhite hat
  • CBlack hat
  • DGray hat

How the community answered

(23 responses)
  • B
    91% (21)
  • C
    4% (1)
  • D
    4% (1)

Why each option

A white hat hacker practices responsible disclosure by privately notifying affected system owners and vendors about discovered vulnerabilities without exploiting them.

ARed hat

Red hat hackers are vigilante actors known for aggressively counter-attacking black hat hackers using offensive means, not for performing coordinated vendor disclosure.

Bwhite hatCorrect

White hat hackers operate ethically within legal and moral boundaries, identifying vulnerabilities and disclosing them responsibly to the affected parties - as Nicolas did by notifying both the system owner and Microsoft. This coordinated disclosure approach is the defining behavior of white hat hacking, where the goal is to help organizations remediate weaknesses rather than exploit them for personal gain or disruption.

CBlack hat

Black hat hackers exploit discovered vulnerabilities for malicious purposes, personal gain, or disruption without notifying affected parties.

DGray hat

Gray hat hackers typically exploit vulnerabilities without prior authorization before disclosing them - Nicolas disclosed without any exploitation, which is white hat behavior, not gray hat.

Concept tested: White hat hacker responsible disclosure principles

Source: https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/

Topics

#hacker types#white hat#responsible disclosure#zero-day reporting

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice