Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

What type of attack is conducted by an insider who implants devices to overhear conversations?

Eavesdropping
Privilege Escalation
Social Engineering
Phishing

The correct answer is: Eavesdropping

Eavesdropping is the correct choice because it specifically refers to the interception of conversations or communications without the participants' knowledge or consent. In the context of an insider threat, an individual with access to sensitive areas may implant listening devices, which allows them to overhear private conversations, gather confidential information, and potentially exploit it for malicious purposes. Eavesdropping can occur through physical means, such as microphones, and it is directly focused on the act of secretly obtaining information, which aligns perfectly with the scenario described. Privilege escalation, social engineering, and phishing involve different tactics and methods. Privilege escalation deals with gaining unauthorized levels of access or permissions within a system. Social engineering encompasses a broader range of deceptive techniques aimed at manipulating individuals into divulging confidential information. Phishing specifically refers to fraudulent attempts to obtain sensitive information by pretending to be a trustworthy entity through electronic communication, usually targeting victims via email or online platforms. These concepts differ significantly from the act of overhearing conversations through hidden devices.