Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

What attack vector allows an attacker to exploit third-party vendor vulnerabilities?

Supply Chain
Phishing
Social Engineering
Insider Attack

The correct answer is: Supply Chain

The correct choice highlights the concept of supply chain attacks, which exploit vulnerabilities in third-party vendors that organizations depend upon for goods or services. Supply chain attacks occur when an attacker targets an organization by compromising a vendor or service provider that has access to the organization's systems or data. This method is particularly dangerous as these third-party vendors may have varying levels of security practices in place, which can be less stringent than the primary organization’s own security measures. By infiltrating the supply chain, attackers can access sensitive information, introduce malware, or create backdoors without directly attacking the primary target, making these attacks harder to detect and mitigate. In contrast, the other options focus on different approaches to attacks. Phishing specifically targets individuals through deceiving emails or messages to gather sensitive information. Social engineering circles around manipulating individuals psychologically to breach security protocols, while insider attacks involve threats from within the organization itself, such as employees or contractors. These methods do not emphasize the exploitation of vulnerabilities associated with third-party vendors, thus distinguishing supply chain attacks as the appropriate answer.