CompTIA Security+ (SY0-701) — Question 90

A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team. Which of the following best describes the threat actor in the CISO’s report?

Answer options

• A. Insider threat
• B. Hacktivist
• C. Nation-state
• D. Organized crime

Correct answer: D

Explanation

The correct answer is D, as organized crime groups are typically involved in ransomware-as-a-service operations, exploiting victims for financial gain. Options A, B, and C refer to different types of threat actors: insiders are employees or contractors, hacktivists have political motivations, and nation-states engage in cyber activities for geopolitical reasons, which do not align with the nature of ransomware-as-a-service.