CompTIA Security+ (SY0-601) — Question 451

A company recently experienced a major breach. An investigation concludes that customer credit card data was stolen and exfiltrated through a dedicated business partner connection to a vendor, who is not held to the same security control standards. Which of the following is the most likely source of the breach?

Answer options

• A. Side channel
• B. Supply chain
• C. Cryptographic downgrade
• D. Malware

Correct answer: B

Explanation

The breach is most likely due to a supply chain issue, as it involves a vendor who does not meet the same security standards, allowing for the exfiltration of data. Other options, such as side channels or cryptographic downgrades, do not directly relate to the scenario of a vendor connection. Malware could be a factor in breaches, but it is not the primary source in this case.