During an internal pentest, you setup a fake website and that offers some documentation and useful resources. You create a link and send it via email to a few key people. When they visit, code is run on their own machines that compromise their systems.
What form of attack is not taking place?
A) Cross Site Scripting
B) SQL Injection
C) Browser drive-by
D) Social Engineering

Question

Quizplus · Accepted Answer

The key words in this attack are "runs code on their own machines". The pentester created a website with deliberate Vulnerabilites then placed the attack in the URL. There could also be the downloading of images or media that exploits the browser. By now, the tester likely knows the version of browsers being used in the environment. SQL Injection works against the web application.

During an Internal Pentest, You Setup a Fake Website and That