An attack initiated by an entity that is authorized to access system resources but uses them in a way not
approved by those who granted the authorization is known as a(n):

A.
active attack.

B.
outside attack.

C.
inside attack.

D.
passive attack.

Explanation:
An attack by an authorized user is known as an inside attack.
An insider attack is a malicious attack perpetrated on a network or computer system by a person with
authorized system access.
Insiders that perform attacks have a distinct advantage over external attackers because they have authorized
system access and also may be familiar with network architecture and system policies/procedures. In addition,
there may be less security against insider attacks because many organizations focus on protection from
external attacks.
An insider attack is also known as an insider threat.
Incorrect Answers:
A: In an active attack, the attacker attempts to make changes to data on the target or data as it is transmitted to
the target. An attack by an authorized user could be an active type of attack but it is not known as an active
attack.
B: An attack by an authorized user is not known as an outside attack.D: In a passive attack, the attacker attempts to learn information but does not affect resources. An attack by an
authorized user could be passive in nature but it is not known as a passive attack.

https://www.techopedia.com/definition/26217/insider-attack