CompTIA Security+ (SY0-601) — Question 43

A company discovered that terabytes of data have been exfiltrated over the past year after an employee clicked on an email link. The threat continued to evolve and remain undetected until a security analyst noticed an abnormal amount of external connections when the employee was not working. Which of the following is the MOST likely threat actor?

Answer options

• A. Shadow IT
• B. Script kiddies
• C. APT
• D. Insider threat

Correct answer: C

Explanation

The correct answer is APT (Advanced Persistent Threat) because such threats typically involve sophisticated attackers who continuously exploit vulnerabilities over time while remaining undetected. Shadow IT and Script kiddies are less likely to exhibit the level of stealth and persistence seen in this scenario, and an Insider threat refers to malicious actions taken by employees themselves, which does not align with the description of an external threat.