CompTIA CySA+ (CS0-001) — Question 91

A security analyst at a large financial institution is evaluating the security posture of a smaller financial company. The analyst is performing the evaluation as part of a due diligence process prior to a potential acquisition. With which of the following threats should the security analyst be MOST concerned? (Choose two.)

Answer options

• A. Breach of confidentiality and market risks can occur if the potential acquisition is leaked to the press.
• B. The parent company is only going through this process to identify and steal the intellectual property of the smaller company.
• C. Employees at the company being acquired will be hostile to the security analyst and may not provide honest answers.
• D. Employees at the company being acquired will be hostile to the security analyst and may not provide honest answers.
• E. The industry regulator may decide that the acquisition will result in unfair competitive advantage if the acquisition were to take place.
• F. The company being acquired may already be compromised and this could pose a risk to the parent company's assets.

Correct answer: E, F

Explanation

The correct answers, E and F, highlight critical risks associated with regulatory scrutiny and potential compromises that could affect the acquirer's assets. Options A, B, C, and D, while relevant concerns, do not pose as significant threats to the security posture during the acquisition evaluation process.