Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which type of attack did George exploit by injecting malware into software with an undiscovered flaw?

  1. Insider Threat

  2. Zero-Day Attack

  3. Social Engineering Attack

  4. Malware Attack

The correct answer is: Zero-Day Attack

The situation described involves George exploiting a software vulnerability that is not known to the vendor or developer at the time of the attack. This is characteristic of a zero-day attack. A zero-day attack targets a specific flaw in software that has not yet been patched or disclosed, giving the attacker a window of opportunity to exploit the vulnerability before any defenses are established. When an attacker injects malware into software through an undiscovered flaw, they take advantage of the element of surprise, as the software is not yet protected against that particular exploit. This type of attack is particularly dangerous because organizations may remain vulnerable until they become aware of the issue and are able to deploy a fix. In contrast, while other options might involve different types of security incidents, they do not fit the scenario described. Insider threats typically involve individuals within an organization misusing their access, social engineering attacks rely on tricking individuals into divulging confidential information, and malware attacks refer more broadly to any use of malicious software rather than the specific exploitation of software vulnerabilities.

More Questions Like This