Certified Ethical Hacker (CEH v12) — Question 29

Nicolas just found a vulnerability on a public-facing system that is considered a zero-day vulnerability. He sent an email to the owner of the public system describing the problem and how the owner can protect themselves from that vulnerability. He also sent an email to Microsoft informing them of the problem that their systems are exposed to.
What type of hacker is Nicolas?

Answer options

• A. Black hat
• B. White hat
• C. Gray hat
• D. Red hat

Correct answer: C

Explanation

Nicolas is classified as a Gray hat hacker because he identified a vulnerability and reported it to both the system owner and Microsoft, acting ethically without malicious intent. In contrast, Black hat hackers exploit vulnerabilities for personal gain, while White hat hackers typically work under a legal contract to improve security. Red hat hackers are more aggressive in their methods against Black hats, often taking the law into their own hands.