nerdexam
EC-Council

312-50V11 · Question #979

John, a security analyst working for an organization, found a critical vulnerability on the organization's LAN that allows him to view financial and personal information about the rest of the employee

The correct answer is A. Acybercriminal. John is a cybercriminal because he intentionally accessed private employee data without authorization and plans to potentially exploit it, regardless of his security analyst role.

Information Security and Ethical Hacking Fundamentals

Question

John, a security analyst working for an organization, found a critical vulnerability on the organization's LAN that allows him to view financial and personal information about the rest of the employees. Before reporting the vulnerability, he examines the information shown by the vulnerability for two days without disclosing any information to third parties or other internal employees. He does so out of curiosity about the other employees and may take advantage of this information later. What would John be considered as?

Options

  • AAcybercriminal
  • BBlack hat
  • CWhite hat
  • DGray hat

How the community answered

(17 responses)
  • A
    88% (15)
  • C
    6% (1)
  • D
    6% (1)

Why each option

John is a cybercriminal because he intentionally accessed private employee data without authorization and plans to potentially exploit it, regardless of his security analyst role.

AAcybercriminalCorrect

A cybercriminal is anyone who uses technology to commit illegal acts, including unauthorized access to private data. John deliberately accessed financial and personal information beyond his authorized scope and retained it for potential personal advantage, which constitutes unauthorized access - a criminal offense under computer fraud laws. His position as a security analyst does not grant immunity when his actions fall outside authorized security duties.

BBlack hat

A black hat hacker typically refers to an external attacker who compromises systems for personal gain; John is an insider who abused data discovered during legitimate work, making the cybercriminal classification more precise than black hat.

CWhite hat

A white hat hacker is an authorized ethical security professional who operates strictly within defined boundaries and discloses vulnerabilities responsibly, which John failed to do by retaining the data and considering personal exploitation.

DGray hat

A gray hat hacker discovers vulnerabilities without prior authorization but typically discloses them to the owner; John's intent to potentially use the information for personal advantage moves him beyond the gray hat category into criminal territory.

Concept tested: Cybercriminal vs ethical hacker role classification

Source: https://csrc.nist.gov/glossary/term/insider_threat

Topics

#cybercriminal#hacker ethics#unauthorized access#insider threat

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice