CompTIA CASP+ (CAS-003) — Question 340

A company makes consumer health devices and needs to maintain strict confidentiality of unreleased product designs. Recently, unauthorized photos of products still in development have been for sale on the dark web. The Chief Information Security Officer (CISO) suspects an insider threat, but the team that uses the secret outdoor testing area has been vetted many times, and nothing suspicious has been found. Which of the following is the MOST likely cause of the unauthorized photos?

Answer options

• A. The location of the testing facility was discovered by analyzing fitness device information the test engineers posted on a website.
• B. One of the test engineers is working for a competitor and covertly installed a RAT on the marketing department's servers.
• C. The company failed to implement least privilege on network devices, and a hacktivist published stolen public relations photos.
• D. Pre-release marketing materials for a single device were accidentally left in a public location.

Correct answer: D

Explanation

The correct answer is D because leaving pre-release marketing materials in a public place can easily lead to unauthorized photos being taken and distributed. The other options suggest more complex scenarios involving insider threats or hacking, which are less likely given the context of the breach and the nature of the leaked information.