312-50V13 · Question #456
Jack, a disgruntled ex-employee of Incalsol Ltd., decided to inject fileless malware into Incalsol's systems. To deliver the malware, he used the current employees' email IDs to send fraudulent emails
The correct answer is B. Phishing. Explanation Option B (Phishing) is correct because Jack used fraudulent emails with malicious links sent to current employees - this is the hallmark of a phishing attack, which involves deceiving victims into clicking harmful links by disguising them as legitimate communications.
Question
Options
- AIn-memory exploits
- BPhishing
- CLegitimate applications
- DScript-based injection
How the community answered
(40 responses)- A3% (1)
- B88% (35)
- C8% (3)
- D3% (1)
Explanation
Explanation
Option B (Phishing) is correct because Jack used fraudulent emails with malicious links sent to current employees - this is the hallmark of a phishing attack, which involves deceiving victims into clicking harmful links by disguising them as legitimate communications.
Why the distractors are wrong:
- A (In-memory exploits): This describes how the fileless malware executes once delivered (running in RAM without touching disk), not the delivery technique Jack used - it's a characteristic of fileless malware, not the attack vector.
- C (Legitimate applications): This fileless technique involves hijacking trusted programs (like PowerShell or WMI) to execute malware, which is not what Jack did to deliver the payload.
- D (Script-based injection): This refers to injecting malicious scripts into running processes or browsers, which may describe what happens after the link is clicked, but not the initial delivery mechanism.
Memory Tip: Focus on the delivery method - whenever you see "fraudulent emails + malicious links + deceived employees," that's always Phishing. Think: "Phishing = fishing for victims with a fake bait (email)." Don't confuse the delivery technique with what the malware does after delivery.
Topics
Community Discussion
No community discussion yet for this question.