Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which method is used by attackers to imitate reputable institutions in order to steal sensitive data?

  1. Brute Force Attacks

  2. Spear-Phishing Sites

  3. Email Spoofing

  4. SQL Injection

The correct answer is: Spear-Phishing Sites

The method of using spear-phishing sites involves creating web pages that closely resemble those of reputable institutions, making it easier for attackers to deceive individuals into providing sensitive information such as usernames, passwords, or financial details. These sites often mimic the design, logo, and layout of trusted organizations, enhancing their credibility in the eyes of potential victims. Spear phishing is a targeted attempt to steal sensitive information from a specific individual or organization, usually for malicious reasons. By using tactics that involve social engineering, attackers can leverage personal information about their targets to make their schemes more convincing. This targeted approach differentiates it from broader phishing attacks, which may not be tailored to specific individuals or organizations. The other methods listed, such as brute force attacks, email spoofing, and SQL injection, involve different techniques that do not specifically focus on the imitation of reputable institutions through fraudulent websites. Brute force attacks rely on systematic guessing of login credentials, email spoofing aims to falsify the sender's address to trick recipients, and SQL injection exploits vulnerabilities in a database through malicious SQL code, but they do not specifically involve creating fake sites to deceive users.

More Questions Like This