30 Apr Practice Test Question – Malicious Content
Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.
In what type of attack does the attacker place malicious content on a website that is frequented by individuals in the target organization, in the hopes that one of those individuals will visit the site with a vulnerable system and become compromised?
A. Man-in-the-middle attack
B. Man-in-the-browser attack
C. Watering hole attack
D. DDoS attack
Correct Answer: C
Watering hole attacks take advantage of the fact that many people are predictable in their web surfing patterns. They place malicious content at a site likely to attract the target audience (the watering hole) and then wait for a compromise to occur.