Free Isaca CCOA Actual Exam Questions - Question 15 Discussion
breached. However, after an investigation, the organization cannot detect any indicators of
compromise. The breach was MOST likely due to which type of attack?
D vs A? Man-in-the-middle won’t alter internal logs, supply chain might leave subtle signs.
D Man-in-the-middle can be invisible since it intercepts data without altering systems.
Maybe B since zero-day exploits can be totally invisible to standard detection tools.
I’m thinking about option D here. Man-in-the-middle attacks can be tricky because they intercept data as it moves between the user and the organization without directly touching the company’s systems, so no internal logs might show anything suspicious. If the org didn’t see any internal compromise signs, maybe the attackers just grabbed data in transit. Does that make sense for why no indicators popped up inside the company?
B/C? Zero-day attacks (B) often slip under the radar because they exploit unknown vulnerabilities, so the org might not find any indicators. On the other hand, injection attacks (C) usually leave some trace in logs or apps, so less likely if nothing was found. If no direct signs were detected at all, zero-day seems plausible since it exploits unknown flaws and can remain hidden during standard checks.
It’s D. Man-in-the-middle attacks can be really sneaky since they intercept data without leaving obvious traces on the organization’s systems. If the breach came from someone eavesdropping or altering data in transit, the usual indicators inside the company’s network might not show up during investigations. That makes it a strong candidate here, especially when no other signs are found.
B tbh, zero-day attacks can go unnoticed since there's no known signature or patch for them yet, making it hard to detect any compromise during investigations.
It’s A. Supply chain attack.