CompTIA SecurityX (CAS-005) — Question 307

A nation-state actor is exposed for attacking large corporations by establishing persistence in smaller companies that are likely to be acquired by these large corporations. The actor then provisions user accounts in the companies for use post-acquisition. Before an upcoming acquisition, a security officer conducts threat modeling with this attack vector. Which of the following practices is the best way to investigate this threat?

Answer options

• A. Restricting internet traffic originating from countries in which the nation-state actor is known to operate
• B. Comparing all existing credentials to personnel and services
• C. Auditing vendors to mitigate supply chain risk during the acquisition
• D. Placing a hold on all information about corporate interest in acquisitions

Correct answer: B

Explanation

The correct answer is B because reviewing existing credentials helps identify any unauthorized accounts that the nation-state actor may have created in the smaller firms. Options A and D focus on preventative measures rather than direct investigation, while option C, although important for overall risk management, does not specifically address the immediate threat of compromised credentials.