CompTIA CySA+ (CS0-003) — Question 129
A security analyst observed the following activity from a privileged account:
• Accessing emails and sensitive information
• Audit logs being modified
• Abnormal log-in times
Which of the following best describes the observed activity?
Answer options
- A. Irregular peer-to-peer communication
- B. Unauthorized privileges
- C. Rogue devices on the network
- D. Insider attack
Correct answer: D
Explanation
The correct answer is D, as the behavior observed is indicative of an insider attack, where an authorized individual misuses their access to sensitive information. Options A, B, and C do not accurately capture the nature of the threat, which specifically involves a trusted user exploiting their privileges.