GIAC Certified Incident Handler (GCIH) — Question 132

A popular forum for ICS professionals to discuss techniques includes code that loads scripts and ads from multiple external sites. How would an adversary leverage this forum to compromise ICS industry targets?

Answer options

• A. Watering-hole
• B. SQL injection
• C. Denial of Service
• D. typo-squatting

Correct answer: A

Explanation

The correct answer is A, Watering-hole, as this technique involves compromising a website frequented by a specific group (in this case, ICS professionals) to deliver malware. The other options, such as SQL injection, Denial of Service, and typo-squatting, do not specifically pertain to exploiting a forum for targeted attacks in the same manner.