CompTIA Security+ (SY0-601) — Question 857

A routine audit of medical billing claims revealed that several claims were submitted without the subscriber's knowledge. A review of the audit logs for the medical billing company's system indicated a company employee downloaded customer records and adjusted the direct deposit information to a personal bank account.
Which of the following does this action describe?

Answer options

• A. Insider threat
• B. Social engineering
• C. Third-party risk
• D. Data breach

Correct answer: A

Explanation

The correct answer is A, Insider threat, as it involves an employee misusing their access to company systems for personal gain. Options B, Social engineering, and C, Third-party risk, do not apply since this was an internal action by an employee, not manipulation or risks associated with external parties. D, Data breach, while related, is too broad and does not specifically address the insider aspect of the situation.