CompTIA Security+ (SY0-501) — Question 941

A company is investigating a data compromise where data exfiltration occurred. Prior to the investigation, the supervisor terminates an employee as a result of the suspected data loss. During the investigation, the supervisor is absent for the interview, and little evidence can be provided form the role-based authentication system in use by the company.
The situation can be identified for future mitigation as which of the following?

Answer options

• A. Job rotation
• B. Log failure
• C. Lack of training
• D. Insider threat

Correct answer: B

Explanation

The correct answer is B, Log failure, as the absence of sufficient logs from the role-based authentication system hinders the investigation and future prevention efforts. Options A and C do not directly address the failure in logging and monitoring, while D, Insider threat, implies malicious intent from within, but does not capture the specific issue of logging inadequacy.