Exam 312-50v11 topic 1 question 154 discussion

B: Gaining Access It's specifically discussing methods of gaining the initial access and NOT maintaining access or ensuring persistence after the fact. Using malware to obtain credentials or phishing staff members for credentials are very, very clearly Gaining Access.

Answer is correct. if it's maintenance phase attacker has successfully compromised the system so why would the attacker use phishing again?

Hacking Phase: Gaining Access Gaining access refers to the point where the attacker obtains access to the operating system or applications on the target computer or network. (P.51/35)

CEHv11 pg 51 - Attackers gain access to the target system locally (offline), over a LAN, or on the Internet. Examples include password cracking, stack-based buffer overflows, denial of service, and session hijacking. Using a technique called spoofing to exploit the system by pretending to be a legitimate user or a different system, attackers can send a data packet containing a bug to the target system in order to exploit a vulnerability.

Magic word is "phishing to gain credentials"! it means that credentials are not obtained yet, and they still need to be stolen to maintain access!

B: Gaining Access is correct

B: Gaining Access

correct

Answer: Maintaining Access 3. Gaining Access: This phase is where an attacker breaks into the system/network using various tools or methods. After entering into a system, he has to increase his privilege to administrator level so he can install an application he needs or modify data or hide data. 4. Maintaining Access: Hacker may just hack the system to show it was vulnerable or he can be so mischievous that he wants to maintain or persist the connection in the background without the knowledge of the user. This can be done using Trojans, Rootkits or other malicious files. The aim is to maintain the access to the target until he finishes the tasks he planned to accomplish in that target.