CERTIFIED-IN-CYBERSECURITY · Question #513
CERTIFIED-IN-CYBERSECURITY Question #513: Real Exam Question with Answer & Explanation
The correct answer is A: Insider threat. An insider threat is a security risk that originates from within an organization, often from an employee or former employee (see ISC2 Study Guide, Chapter 4, Module 2). In this case, the bank employee who accessed customer accounts and transferred funds to a personal account is a
Question
Audit trail logs showed that a bank employee accessed customer accounts and transferred funds to a personal bank account. Which of the following describes this action?
Options
- AInsider threat
- BThird party risk
- CSocial engineering
- DData breach
Explanation
An insider threat is a security risk that originates from within an organization, often from an employee or former employee (see ISC2 Study Guide, Chapter 4, Module 2). In this case, the bank employee who accessed customer accounts and transferred funds to a personal account is an example of an insider threat. This employee misused his authorized access to conduct fraudulent transactions. The other options are false for the following reasons. Social engineering refers to manipulation techniques used to trick people into revealing confidential information. In this case, there was no manipulation. Third-party risk refers to the potential threat posed by an outside entity with access to an organization's data. In this scenario, the threat came from inside the organization. Finally, a data breach refers to an incident in which unauthorized individuals access confidential data. In this case, the employee had authorized access but misused it.
Topics
Community Discussion
No community discussion yet for this question.