CompTIA Security+ (SY0-701) — Question 529

While a school district is performing state testing, a security analyst notices all internet services are unavailable. The analyst discovers that ARP poisoning is occurring on the network and then terminates access for the host. Which of the following is most likely responsible for this malicious activity?

Answer options

• A. Unskilled attacker
• B. Shadow IT
• C. Insider threat
• D. Nation-state

Correct answer: C

Explanation

The correct answer is C, as insider threats can include individuals within the organization who have access and knowledge to perform harmful activities like ARP poisoning. Options A and D are less likely because an unskilled attacker would typically not have the capability to execute ARP poisoning effectively, and nation-states usually engage in more sophisticated attacks. Option B, while related to unauthorized IT usage, does not specifically imply malicious intent like an insider threat does.