Certified Ethical Hacker (CEH v12) — Question 33

Security administrator John Smith has noticed abnormal amounts of traffic coming from local computers at night. Upon reviewing, he finds that user data have been exfiltrated by an attacker. AV tools are unable to find any malicious software, and the IDS/IPS has not reported on any non-whitelisted programs.
What type of malware did the attacker use to bypass the company’s application whitelisting?

Answer options

• A. File-less malware
• B. Zero-day malware
• C. Phishing malware
• D. Logic bomb malware

Correct answer: A

Explanation

The correct answer is A, as file-less malware operates in memory and does not create files that can be detected by traditional AV tools or application whitelisting. Options B, C, and D do not specifically relate to techniques used to bypass whitelisting; zero-day malware refers to undisclosed vulnerabilities, phishing malware focuses on social engineering, and logic bombs are triggered by specific conditions rather than stealthy operations.