Insider Threat — CompTIA CySA+ (CS0-003) Practice Questions
An insider threat arises when a current or former employee, contractor, or business partner misuses authorized access to harm an organization's systems, data, or operations. On the CySA+ exam, candidates must recognize behavioral indicators of malicious or negligent insiders, such as unusual after-hours access, large data transfers to removable media, or repeated policy violations. Analysts are expected to correlate user activity logs, DLP alerts, and HR records to detect and investigate these threats before significant damage occurs.
Free questions on insider threat
A SIEM system detects that a database administrator account has been used to run unusual queries outside normal business hours, accessing sensitive customer data. What should the analyst investigate FIRST?
Free question · medium · full answer + explanation
More insider threat questions in the full bank
- How to distinguish insider threats? Unlock answer & explanation →
- When responding to a potential insider threat, what is the FIRST critical step? Unlock answer & explanation →
- Your organization discovers insider threat activity. How should you proceed? Unlock answer & explanation →