CompTIA CASP+ (CAS-004) — Question 509

A security engineer is performing a threat modeling procedure against a machine learning system that correlates analytic information for decision support. Which of the following threat statements most likely applies to this type of system?

Answer options

• A. An attacker is able to overload the system with incorrect information.
• B. An attacker conducts a password-spraying attack against the system's authentication method.
• C. An attacker exploits a server-side request forgery attack.
• D. An attacker accesses information that should not be disclosed due to an authorization error.

Correct answer: A

Explanation

The correct answer is A because machine learning systems can be particularly vulnerable to data poisoning, where attackers feed the system incorrect information to manipulate its outputs. Options B, C, and D represent different types of attacks that do not directly impact the integrity of the data used for machine learning, making them less applicable in this context.