nd
Between November 30 -
and December 2
, 2013, cybercriminals successfully infected the credit card payment systems and bypassed security controls of a
United States-based retailer with malware that exfiltrated 40 million credit card numbers. Six months prior, the retailer had malware detection software installed to prevent against such an attack.
Which of the following would best explain why the retailer's consumer data was still exfiltrated?
The best explanation for why the retailer's consumer data was still exfiltrated is that the detection software alerted the retailer's security operations center per protocol, but the information security personnel failed to act upon the alerts. This indicates a failure in the response to identified threats, allowing the malware to successfully exfiltrate data despite being detected. This explanation fits the scenario as the systems had malware detection software installed, suggesting a failure in human intervention rather than a technical oversight.
A is the correct answer. This case study relates to the well known Target Data Breach. It is reported in many sources that their security operations did not respond to alerts that had picked up the suspicious activity. See https://arxiv.org/pdf/1701.04940.pdf Although B is true about what happened in the case, that Department of Justice notification was after the exfiltration and does not explain best why the retailer's consumer data was still exfiltrated.
Did you take the exam? How did it go?
A is the answer!
This one is confusing. All of the options are feasible in an incident situation.
B was definately not written in the question. A is better.
Agree A is a better answer.
A is the answer
A is the answer because data is "still" leaked.
How sure are we on these answers?