312-50V13 Question #221: Real Exam Question with Answer & Explanation

Question

Nicolas just found a vulnerability on a public-facing system that is considered a zero-day vulnerability. He sent an email to the owner of the public system describing the problem and how the owner can protect themselves from that vulnerability. He also sent an email to Microsoft informing them of the problem that their systems are exposed to. What type of hacker is Nicolas?

Options

• ARed hat
• BWhite hat
• CBlack hat
• DGray hat

Explanation

Nicolas is a Gray Hat Hacker (Option D)

Nicolas exhibits classic gray hat behavior because he discovered a vulnerability without authorization, but then acted with good intentions by notifying both the system owner and Microsoft - falling into an ethical middle ground. Gray hats operate in the space between malicious and fully ethical hacking; they may access or probe systems without permission, but do not exploit vulnerabilities for personal gain.

Why the other options are wrong:

• White hat (B): White hats are authorized security professionals hired to find vulnerabilities - Nicolas had no such permission
• Black hat (C): Black hats exploit vulnerabilities for malicious purposes or personal gain - Nicolas disclosed responsibly instead
• Red hat (A): Red hats are known for aggressively counterattacking black hat hackers, which is unrelated to this scenario

🧠 Memory Tip:

Think of gray hat = gray area. The hacker's methods are questionable (unauthorized discovery), but their intentions are good (responsible disclosure). If someone finds a vulnerability uninvited but reports it ethically rather than exploiting it - that's the gray hat "middle ground" between black (malicious) and white (authorized).

No community discussion yet for this question.