Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
exam questions

Exam 312-50v11 All Questions

View all questions & answers for the 312-50v11 exam

Exam 312-50v11 topic 1 question 395 discussion

Actual exam question from ECCouncil's 312-50v11
Question #: 395
Topic #: 1
[All 312-50v11 Questions]

John, a security analyst working for an organization, found a critical vulnerability on the organization's LAN that allows him to view financial and personal information about the rest of the employees. Before reporting the vulnerability, he examines the information shown by the vulnerability for two days without disclosing any information to third parties or other internal employees. He does so out of curiosity about the other employees and may take advantage of this information later.
What would John be considered as?

  • A. Cybercriminal
  • B. White hat
  • C. Gray hat
  • D. Black hat
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Silascarter
Highly Voted 2 years, 11 months ago
If he works as a Security Analyst for the Company that means he had the authority to find the vulnerability. The he told the company 2 Days Later.. That makes him White Hat. However, he can use the financial records later for personal gains, That makes him Black Hat. White Hat + Black Hat = Gray Hat. So answer is Correct.
upvoted 13 times
...
tyw82
Most Recent 3 weeks, 1 day ago
Selected Answer: C
The way CEH defines these hackers seem to be whether the hacking is for offensive or defensive purposes: - Black hat - offensive - White hat - defensive - Grey hat - both In this case, he had both a defensive objective (protect the organization's vulnerability by reporting it) and offensive objective (may take advantage of the info later). So strictly by CEH definition, it should be C. (Honestly, I don't understand why this matters. The important thing to convey is what actions are ethical or not rather than how to classify them..) Per CEHv12 P40: Black Hats: Black hats are individuals who use their extraordinary computing skills for illegal or malicious purposes.. ▪ White Hats: White hats or penetration testers are individuals who use their hacking skills for defensive purposes... ▪ Gray Hats: Gray hats are the individuals who work both offensively and defensively at various times..
upvoted 1 times
...
PP_20
9 months, 1 week ago
Selected Answer: A
Cybercriminals are individuals or teams of people who use technology to commit malicious activities on digital systems or networks with the intention of stealing sensitive company information or personal data, and generating profit. Gray hats exist in an ambiguous ethical hacking area between white and black. These hackers infiltrate systems without their targets’ consent, but they don’t exploit vulnerabilities to cause harm. Instead, they inform the victims of the hack in order to help them improve their security. But gray hat hackers don’t always share this information for free. While gray hats inform companies that they’ve been hacked, they sometimes ask for a fee in exchange for the details. In these cases, the victims must pay if they want to know their system’s vulnerabilities. But if they refuse to pay, gray hat hackers will not attempt to retaliate and cause harm.
upvoted 1 times
...
YourFriendlyNeighborhoodSpider
11 months, 3 weeks ago
Selected Answer: C
ChatGPT: Answer: C. Gray hat Explanation: Cybercriminal (option A): A cybercriminal engages in malicious activities for personal gain or with the intent to cause harm. John's actions, while unethical, are not driven by personal gain or harm. White hat (option B): White hat hackers are ethical hackers who use their skills to help organizations by finding and fixing security vulnerabilities. John's actions do not align with the ethical behavior expected of a white hat. Gray hat (option C): Gray hat hackers fall somewhere between white hat and black hat hackers. They may violate ethical standards, but their actions are not explicitly malicious. John's curiosity-driven exploration of the vulnerability without immediate disclosure puts him in a gray hat category.
upvoted 1 times
...
sudowhoami
12 months ago
Selected Answer: A
Definitely not a Black or White hat. Those of you who claimed Gray hat is also incorrect because he is not discovering vulnerability, but rather accessing sensitive info. As a result, it appears he is a cybercriminal.
upvoted 1 times
...
Vincent_Lu
1 year, 1 month ago
Selected Answer: A
Cybercriminal
upvoted 1 times
Vincent_Lu
1 year, 1 month ago
Gray hats generally refer to those who discover and report vulnerabilities, rather than those who actively exploit vulnerabilities or gain unauthorized access to sensitive information. In this connection, John's behavior exceeds the definition of gray hat because he goes beyond decision-making to reveal, but instead examines sensitive information and may exploit it illegally.
upvoted 1 times
...
...
waleedkhalid
1 year, 3 months ago
Selected Answer: C
Gray hat is correct
upvoted 1 times
...
Genesis777
1 year, 3 months ago
The glaring details is with this statement - "He does so out of curiosity about the other employees and may take advantage of this information later." . Gray Hats is this: Gray hat hackers represent the middle ground between white hat hackers, who operate on behalf of those maintaining secure systems, and black hat hackers who act maliciously to exploit vulnerabilities in systems. One of the most common examples given of a gray hat hacker is someone who exploits a security vulnerability in order to spread public awareness that the vulnerability exists. Do you think if organization finds out that an employee exploits the system and has plans to exploit the information he discovers for his advantage would make him a "Gray Hat"? If an employee has a security clearance he's already in violation of security policy, two he didn't report it upon discovery, his plan to take advantage of the information later after 2 days. Employee is a Cybercriminal.
upvoted 1 times
...
Lapiro
1 year, 4 months ago
John, a security analyst working for an organization... …Before reporting the vulnerability,... Above 2 comment make him a gray hat or a white hat. cos it is his job to safe guide the company.
upvoted 1 times
...
Rocko1
1 year, 4 months ago
Selected Answer: A
I would go with Cybercriminal here, he does an action without disclosure.
upvoted 1 times
...
victorfs
1 year, 5 months ago
Selected Answer: C
The correct option is C. Gray hat
upvoted 1 times
...
mdmdmd
1 year, 9 months ago
Selected Answer: C
He has access.....and withholding it...that is a grey hacker for me...Option C
upvoted 1 times
...
jenovaaaa
1 year, 9 months ago
D. Black Hat "may take advantage of this information later"
upvoted 1 times
...
josevirtual
1 year, 10 months ago
Selected Answer: A
You have to report this INMEDIATELY. Besides, it says "He does so out of curiosity about the other employees and may take advantage of this information later". This is criminal activity, so I think the best answer is "cyber criminal", his behavior is not justified.
upvoted 2 times
Acidscars
1 year, 10 months ago
So now he's a criminal engaged in criminal activity on something he may or may not do later? Hey may take advantage of it, he may not. He may go black hat, he may go white hat; mix them to together, boom Grey hat.
upvoted 2 times
josevirtual
1 year, 9 months ago
He found a "critical vulnerability" on his own organization. Even if he finally don't take advantage of it, it may be helping to other hackers to exploit them. Besides, the only thought of "taking advantage of this information later" is clearly criminal from MHO.
upvoted 1 times
...
...
...
Daniel8660
2 years ago
Selected Answer: C
Hacker Classes - Gray Hats Gray hats are the individuals who work both offensively and defensively at various times. Gray hats might help hackers to find various vulnerabilities in a system or network and, at the same time, help vendors to improve products (software or hardware) by checking limitations and making them more secure. (P.46/30)
upvoted 1 times
...
Daniel8660
2 years, 1 month ago
Selected Answer: C
Gray Hats Individuals who work both offensively and defensively at various times. (P.46)
upvoted 1 times
...
Aisha86
2 years, 1 month ago
B White Hats: White hats or penetration testers are individuals who use their hacking skills for defensive purposes. These days, almost every organization has security analysts who are knowledgeable about hacking countermeasures, which can secure its network and information systems against malicious attacks. They have permission from the system owner.
upvoted 1 times
Aisha86
2 years, 1 month ago
the question said he may take advantage of this information later but he did't do it .
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...