Which of the following activities represents a reportable insider threat?

The activity of attempting to access sensitive information without a need-to-know is considered a reportable insider threat because it shows a potential intention to misuse sensitive data or information. Insider threats can come from individuals who have authorized access to an organization's information but may seek to exploit that access for unauthorized purposes. This type of behavior raises red flags and could signify an individual is either trying to obtain information they should not be accessing or is acting beyond their legitimate role and responsibilities within the organization. Promptly reporting such attempts is essential for mitigating risks to information security and protecting organizational integrity.

In contrast, accessing information with permission does not indicate any threat, as it aligns with proper protocols. Requesting more training is usually a positive action that reflects a desire for improvement, while participating in security drills demonstrates compliance and preparedness rather than any threat behavior.