Exam CS0-003 topic 1 question 226 discussion

The observed activity from a privileged account, which includes accessing emails and sensitive information, modifying audit logs, and abnormal login times, best fits the description of: D. Insider attack. An insider attack occurs when a person with authorized access to an organization's systems and data misuses that access for malicious purposes. In this scenario, the activity observed suggests that a privileged insider, who has access to sensitive information and has the ability to modify audit logs, is engaging in unauthorized and potentially malicious actions. The abnormal login times further indicate suspicious behavior associated with the privileged account.

The best answer is D. Insider attack, and here's why: Accessing emails and sensitive information: This indicates someone with internal access is deliberately targeting sensitive data. Audit logs being modified: This is a strong indicator of malicious intent, as it's an attempt to cover tracks. Abnormal log-in times: This suggests activity outside of normal working hours, which is another red flag.

D. Insider attack An insider attack involves a trusted individual within the organization, such as an employee or someone with privileged access, who misuses their access to harm the organization. The activities mentioned—accessing sensitive information, modifying audit logs, and abnormal log-in times—are indicative of someone with legitimate access behaving maliciously, which is characteristic of an insider attack.