Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $4.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Practice this question and more.


Which of the following indicators helps an incident responder in detecting malicious emails received by the employees of an organization?

  1. Differences in the email ID of the sender and display names

  2. Presence of attachments in the email

  3. Emails marked as spam by the recipient

  4. High volume of emails sent from one address

The correct answer is: Differences in the email ID of the sender and display names

The correct choice highlights a crucial aspect of identifying potentially malicious emails. When an incident responder analyzes incoming emails, discrepancies between the email address (the actual sender's address) and the displayed name can be a significant red flag. Attackers often use legitimate or familiar names while changing the email address to look similar to the trusted source, which can mislead users. Recognizing this difference can aid responders in preventing phishing attempts and other types of email-based attacks. The other options, while they may hold some relevance in email security, do not provide as definitive an indicator for malicious intent. The presence of attachments can sometimes indicate malicious content, but not all attachments are harmful, and legitimate emails may also contain attachments. Emails marked as spam can stem from various non-malicious sources, and simply having a high volume of emails sent from one address does not inherently mean malicious activity is occurring, as legitimate businesses often send numerous emails from a single account.