Certified Information Systems Security Professional (CISSP) — Question 132

A senior security engineer has been tasked with ensuring the confidentiality and integrity of the organization’s most valuable personally identifiable information (PII). This data is stored on local file and database servers within the organization’s data center. The following security measures have been implemented to ensure that unauthorized access is detected and logged.

• Network segmentation and enhanced access logging of the database and file servers
• Implemented encryption of data at rest
• Implemented full packet capture of the network traffic in and out of the sensitive network segment
• Ensured all transaction log data and packet captures are backed up to corporate backup appliance within the corporate backup network segment

Which of the following is the MOST likely way to exfiltrate PII while avoiding detection?

Answer options

• A. Unauthorized access to the file server via Secure Shell (SSH)
• B. Unauthorized access to the database server via a compromised web application
• C. Unauthorized access to the database server via a compromised user account
• D. Unauthorized access to the backup server via a compromised service account

Correct answer: B

Explanation

The correct answer is B because a compromised web application can provide direct access to the database server, potentially allowing for data exfiltration while bypassing other security measures. Options A, C, and D either involve access to less critical systems or methods that are more likely to trigger alerts due to existing monitoring and logging mechanisms.