PrepAway - Latest Free Exam Questions & Answers

Which of the following Best describes this type of attack?

A company has identified a watering hole attack. Which of the following Best describes this type of attack?

PrepAway - Latest Free Exam Questions & Answers

Emails are being spoofed to look like they are internal emails

A cloud storage site is attempting to harvest user IDS and passwords

An online news site is hosting ads in iframes from another site

A local restaurant chains online menu is hosting malicious code

3 Comments on “Which of the following Best describes this type of attack?

  1. JohnnyMac says:

    I believe the answer is D: A watering hole attack generally inserts some type of malicious code/exploit to compromise another site.

    C: is only hosting ads in another site’s iframes which is more like spamming.


  2. Mike says:

    watering hole attack: An attacker profiles which websites a user accesses and later
    infects those sites to redirect the user to other websites.

    This targeted attack is when an attacker profiles the
    websites that the intended victim accesses. The attacker then scans those websites
    for possible vulnerabilities. If the attacker locates a website that can be
    compromised, the website is then injected with a JavaScript or other similar
    code injection that is designed to redirect the user when the user returns to
    that site (also known as a pivot attack). The user is then redirected to a site
    with some sort of exploit code…and the rest is, well, history. The purpose is to
    infect computers in the organization’s network, thereby allowing the attacker
    to gain a foothold in the network for espionage or other reasons. Watering
    hole attacks are often designed to profile users of specific organizations, and
    as such, an organization should develop policies to prevent these attacks. This
    can be done by updating anti-malware applications regularly, and by other

    Looks like D is the answer



Leave a Reply