Exam 312-50v12 topic 1 question 191 discussion

I think B and so does Chat GPT for the reasons listed already. Reasons why not the others: A. Insecure Patch Management: This relates to software vulnerabilities due to outdated patches. While important, there's no indication the issue stemmed from unpatched software. C. Rogue/Decoy Applications: This refers to fake or deceptive apps. The scenario doesn't mention downloading a fake application; it involves a legitimate messenger app being used maliciously. D. Portable Hardware Media/Removable Devices: This is unrelated to the scenario, which clearly involved network-based file sharing, not physical media like USB drives.

B is the correct answer. This Question is 2 questions... What is this attack an example of, and how to mitigate. it is an instant messaging application attack is the only answer provided that fits from question, even if answer A would fix the initial entry, this isnt what the question wants

The scenario involves an attacker gaining unauthorized access to a teammate’s account and using it to distribute malicious files to the contact list.t. Verifying the identity may not help if the sender is indeed a trusted teammate.

Seems like a trick question given the sender was technically already a "Trusted" third party to the contacts on the other teammates list. However, if you read the answers closely, the only contextual reference to instant messenger is B. The trick in the question is in the section after "Instant Messenger applications" referring to Validation, I think they do this to deliberately throw you off.

Module 7, page 948

B - Opening files from unknown source should be verified e.g. the attacker that compromise the account if that make sense

Okay, I will be the one saying C..I know...it might be stupid/wrong but hear me out. So, after some discussions with a few cyber experts, we agreed that both B and C could be the correct options, it really depends on your angle. For option B, the arguments is that the verification could be something set, server side, such as a 2FA(you send a file, you must auth with 2FA) -> valid idea, a bit uncommon, but valid For option C - the idea of having files scanned before being sent by different solutions and then marked as TRUSTED is another way of approaching this since 2FA can be bypassed (looking at MS). So after even more deliberations, if I had this question, I would go with option B as it covers more ground (software fails, but an email protection service fails more often than 2FA)

B is the only one that makes sense.

Chat GPT: Verifying the sender's identity before opening any files is a crucial preventive measure in this context. This can involve double-checking with the sender through a different communication channel before opening unexpected files or links, even if they appear to come from someone you know. This measure helps to mitigate the risk of similar attacks by ensuring that the files or links are genuinely intended and safe to open.

Question mentioned that account was compromised

B. Instant Messenger Applications; verifying the sender's identity before opening any files CEH book, Module 7 - Different Ways for Malware to Enter a System.

It should not be B, as the attacker obtained access to one of the teammate's messenger accounts, so even if you verify the sender's identity, it is not a fake account, it does not help. A is the option for me.

B. Instant Messenger Applications; verifying the sender's identity before opening any files

A option for me