30 Questions
What was the main entry point used by hackers in the data breach mentioned?
Unpatched vulnerability in Apache Struts
How long did the hackers go undetected after gaining access to the corporate network?
76 days
What type of information did the hackers exfiltrate from the corporate network?
Employee credentials
How much did Equifax pay in settlement as a result of the data breach?
$575 million
What was Brian Krebs' response to Equifax's handling of the breach?
"A dumpster fire"
What theory emerged due to the fact that none of the exfiltrated data were sold on the darknet?
A nation state was behind the breach
What was the initial attack vector for the data exfiltration in the Capital One data breach?
Misconfigured Web Application Firewall
Which of the following types of data was NOT compromised in the Capital One data breach?
Biometric data
What is the key factor decision-makers use to determine whether to fix a risk?
The comparison between Y and X
Who did the US charge with the data breach of stealing victims' data?
Chinese military officers
Why might it not be financially worthwhile to eliminate a low-impact risk?
The cost of eliminating it exceeds the potential impact
What did the Chinese government do in response to the accusations regarding the data breach?
Denied the accusations
Why is resolving issues with a high impact considered worth the costs?
They can lead to significant losses
What is the role of the AWS metadata service in the AWS environment?
Provides credentials to resources
What is the purpose of risk management in a business?
To provide decision-makers with fact-based risk assessments
Which layer of firewall is a Web Application Firewall (WAF) according to the text?
Layer 7
Why does a higher risk require more urgent attention and resources compared to a lower risk?
Higher risks have more severe consequences
Which corporations were mentioned as victims of data exfiltration attacks in the text?
Facebook and Capital One
What was the reason behind Capital One's $80 million fine?
Failure to identify and manage risks associated with cloud storage
In the Facebook data breach discussed, what technique was used to harvest user data?
Scraping
What type of information was extracted by malicious actors in the Facebook data breach?
User names and phone numbers
What specific function on Facebook was abused in the 2019 data breach?
The search function
Which scandal prompted Facebook to disable the feature that was abused in the 2019 data breach?
Cambridge Analytica scandal
What was the method used by malicious actors to check if a Facebook profile matched a phone number?
Scraping technique
What defines a cyber risk?
The combination of the likelihood of a threat occurring and its impact on an organization.
What differentiates a cyber event from a non-cyber event?
Whether it occurs in cyberspace or not.
How are cyber risks related to cyber threats?
Cyber risks originate from cyber threats and their likelihood of occurrence.
Which factor is crucial in risk management according to the text?
Addressing both cyber risks and cyber threats.
What is emphasized as the source of a risk in the text?
Potential harm to the organization.
In relation to cyber risks, what is the significance of addressing cyber threats?
It assists in evaluating the likelihood of cyber risks affecting an organization.
Test your knowledge on the Capital One data breach incident in 2019 involving the exposure of victims' data to an unauthorized third party. Learn about the accusations, denials, and consequences of the breach.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
