300-215 · Question #117
300-215 Question #117: Real Exam Question with Answer & Explanation
The correct answer is C: malicious insider. A "malicious insider" is someone within the organization who has authorized access but intentionally misuses that access to extract or exfiltrate data. In this case: The HR user has legitimate access but deviates from their normal behavior pattern (accessing legal data daily inst
Question
Over the last year, an organization's HR department has accessed data from its legal department on the last day of each month to create a monthly activity report. An engineer is analyzing suspicious activity alerted by a threat intelligence platform that an authorized user in the HR department has accessed legal data daily for the last week. The engineer pulled the network data from the legal department's shared folders and discovered above average-size data dumps. Which threat actor is implied from these artifacts?
Options
- Aprivilege escalation
- Binternal user errors
- Cmalicious insider
- Dexternal exfiltration
Explanation
A "malicious insider" is someone within the organization who has authorized access but intentionally misuses that access to extract or exfiltrate data. In this case: The HR user has legitimate access but deviates from their normal behavior pattern (accessing legal data daily instead of monthly). The presence of large data dumps and the alert from a threat intelligence platform suggest intentional misuse rather than accidental behavior. According to the Cisco CyberOps Associate guide, insider threats are identified by behavioral anomalies, especially involving sensitive data access patterns inconsistent with role-based access and historical usage profiles.
Topics
Community Discussion
No community discussion yet for this question.