Certified Ethical Hacker (CEHv9) Questions and answers
17. Initiating an attack against targeted businesses and organizations, threat actors compromise a carefully selected
website by inserting an exploit resulting in malware infection. The attackers run exploits on well-known and trusted sites likely to be visited by
their targeted victims. Aside from carefully choosing sites to compromise, these attacks are known to incorporate zero-day exploits that target
unpatched vulnerabilities. Thus, the targeted entities are left with little or no defense against these exploits.
What type of attack is outlined in the scenario?
A. Heartbleed Attack
B. Watering Hole Attack
C. Spear Phising Attack
D. Shellshock Attack
18. What term describes the amount of risk that remains after the vulnerabilities are classified and the
countermeasures have been deployed?