CompTIA CySA+ (CS0-001) — Question 42

During a routine review of firewall logs, an analyst identified that an IP address from the organization's server subnet had been connecting during nighttime hours to a foreign IP address, and had been sending between 150 and 500 megabytes of data each time. This had been going on for approximately one week, and the affected server was taken offline for forensic review. Which of the following is MOST likely to drive up the incident's impact assessment?

Answer options

• A. PII of company employees and customers was exfiltrated.
• B. Raw financial information about the company was accessed.
• C. Forensic review of the server required fall-back on a less efficient service.
• D. IP addresses and other network-related configurations were exfiltrated.
• E. The local root password for the affected server was compromised.

Correct answer: A

Explanation

The exfiltration of Personally Identifiable Information (PII) of employees and customers represents a significant risk to the organization, potentially leading to identity theft and legal ramifications. While accessing financial information is serious, the direct impact on individuals from PII makes it a higher priority. The other options do not carry the same level of immediate risk to individuals' privacy and security.