312-50V11 · Question #979
John, a security analyst working for an organization, found a critical vulnerability on the organization's LAN that allows him to view financial and personal information about the rest of the employee
The correct answer is A. Acybercriminal. John is a cybercriminal because he intentionally accessed private employee data without authorization and plans to potentially exploit it, regardless of his security analyst role.
Question
Options
- AAcybercriminal
- BBlack hat
- CWhite hat
- DGray hat
How the community answered
(17 responses)- A88% (15)
- C6% (1)
- D6% (1)
Why each option
John is a cybercriminal because he intentionally accessed private employee data without authorization and plans to potentially exploit it, regardless of his security analyst role.
A cybercriminal is anyone who uses technology to commit illegal acts, including unauthorized access to private data. John deliberately accessed financial and personal information beyond his authorized scope and retained it for potential personal advantage, which constitutes unauthorized access - a criminal offense under computer fraud laws. His position as a security analyst does not grant immunity when his actions fall outside authorized security duties.
A black hat hacker typically refers to an external attacker who compromises systems for personal gain; John is an insider who abused data discovered during legitimate work, making the cybercriminal classification more precise than black hat.
A white hat hacker is an authorized ethical security professional who operates strictly within defined boundaries and discloses vulnerabilities responsibly, which John failed to do by retaining the data and considering personal exploitation.
A gray hat hacker discovers vulnerabilities without prior authorization but typically discloses them to the owner; John's intent to potentially use the information for personal advantage moves him beyond the gray hat category into criminal territory.
Concept tested: Cybercriminal vs ethical hacker role classification
Source: https://csrc.nist.gov/glossary/term/insider_threat
Topics
Community Discussion
No community discussion yet for this question.