nerdexam
ExamsCAS-003Questions#626
CompTIA

CAS-003 · Question #626

CAS-003 Question #626: Real Exam Question with Answer & Explanation

The correct answer is D: Pre-release marketing materials for a single device were accidentally left in a public location. Unauthorized photos appearing on the dark web despite repeated insider threat investigations point to an accidental leak outside the vetted testing team rather than deliberate sabotage.

Question

A company makes consumer health devices and needs to maintain strict confidentiality of unreleased product designs. Recently unauthorized photos of products still in development have been for sale on the dark web. The Chief Information Security Officer (CISO) suspects an insider threat, but the team that uses the secret outdoor testing area has been vetted many times and nothing suspicious has been found. Which of the following is the MOST likely cause of the unauthorized photos?

Options

  • AThe location of the testing facility was discovered by analyzing fitness device information the test
  • BOne of the test engineers is working for a competitor and covertly installed a RAT on the
  • CThe company failed to implement least privilege on network devices, and a hacktivist published
  • DPre-release marketing materials for a single device were accidentally left in a public location

Explanation

Unauthorized photos appearing on the dark web despite repeated insider threat investigations point to an accidental leak outside the vetted testing team rather than deliberate sabotage.

Common mistakes.

  • A. While analyzing fitness device metadata can reveal the location of a secret testing site through OSINT, this exposes the facility location rather than directly producing sellable product photos for the dark web.
  • B. A remote access trojan installed by a mole would likely be detected through the repeated security vetting and device audits described for the testing team.
  • C. A least privilege misconfiguration exploited by hacktivists typically targets network data exfiltration and would not readily produce physical product photos from an outdoor testing area.

Concept tested. Insider threat versus accidental data disclosure

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-003 Practice