Capital One Data Breach 2019
30 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What was the main entry point used by hackers in the data breach mentioned?

  • Unpatched vulnerability in Microsoft IIS
  • Unpatched vulnerability in Apache Struts (correct)
  • Unpatched vulnerability in Apache Tomcat
  • Unpatched vulnerability in Nginx
  • How long did the hackers go undetected after gaining access to the corporate network?

  • 45 days
  • 60 days
  • 76 days (correct)
  • 30 days
  • What type of information did the hackers exfiltrate from the corporate network?

  • Customer financial records
  • Employee credentials (correct)
  • Employee emails
  • Corporate marketing materials
  • How much did Equifax pay in settlement as a result of the data breach?

    <p>$575 million</p> Signup and view all the answers

    What was Brian Krebs' response to Equifax's handling of the breach?

    <p>&quot;A dumpster fire&quot;</p> Signup and view all the answers

    What theory emerged due to the fact that none of the exfiltrated data were sold on the darknet?

    <p>A nation state was behind the breach</p> Signup and view all the answers

    What was the initial attack vector for the data exfiltration in the Capital One data breach?

    <p>Misconfigured Web Application Firewall</p> Signup and view all the answers

    Which of the following types of data was NOT compromised in the Capital One data breach?

    <p>Biometric data</p> Signup and view all the answers

    What is the key factor decision-makers use to determine whether to fix a risk?

    <p>The comparison between Y and X</p> Signup and view all the answers

    Who did the US charge with the data breach of stealing victims' data?

    <p>Chinese military officers</p> Signup and view all the answers

    Why might it not be financially worthwhile to eliminate a low-impact risk?

    <p>The cost of eliminating it exceeds the potential impact</p> Signup and view all the answers

    What did the Chinese government do in response to the accusations regarding the data breach?

    <p>Denied the accusations</p> Signup and view all the answers

    Why is resolving issues with a high impact considered worth the costs?

    <p>They can lead to significant losses</p> Signup and view all the answers

    What is the role of the AWS metadata service in the AWS environment?

    <p>Provides credentials to resources</p> Signup and view all the answers

    What is the purpose of risk management in a business?

    <p>To provide decision-makers with fact-based risk assessments</p> Signup and view all the answers

    Which layer of firewall is a Web Application Firewall (WAF) according to the text?

    <p>Layer 7</p> Signup and view all the answers

    Why does a higher risk require more urgent attention and resources compared to a lower risk?

    <p>Higher risks have more severe consequences</p> Signup and view all the answers

    Which corporations were mentioned as victims of data exfiltration attacks in the text?

    <p>Facebook and Capital One</p> Signup and view all the answers

    What was the reason behind Capital One's $80 million fine?

    <p>Failure to identify and manage risks associated with cloud storage</p> Signup and view all the answers

    In the Facebook data breach discussed, what technique was used to harvest user data?

    <p>Scraping</p> Signup and view all the answers

    What type of information was extracted by malicious actors in the Facebook data breach?

    <p>User names and phone numbers</p> Signup and view all the answers

    What specific function on Facebook was abused in the 2019 data breach?

    <p>The search function</p> Signup and view all the answers

    Which scandal prompted Facebook to disable the feature that was abused in the 2019 data breach?

    <p>Cambridge Analytica scandal</p> Signup and view all the answers

    What was the method used by malicious actors to check if a Facebook profile matched a phone number?

    <p><code>Scraping</code> technique</p> Signup and view all the answers

    What defines a cyber risk?

    <p>The combination of the likelihood of a threat occurring and its impact on an organization.</p> Signup and view all the answers

    What differentiates a cyber event from a non-cyber event?

    <p>Whether it occurs in cyberspace or not.</p> Signup and view all the answers

    How are cyber risks related to cyber threats?

    <p>Cyber risks originate from cyber threats and their likelihood of occurrence.</p> Signup and view all the answers

    Which factor is crucial in risk management according to the text?

    <p>Addressing both cyber risks and cyber threats.</p> Signup and view all the answers

    What is emphasized as the source of a risk in the text?

    <p>Potential harm to the organization.</p> Signup and view all the answers

    In relation to cyber risks, what is the significance of addressing cyber threats?

    <p>It assists in evaluating the likelihood of cyber risks affecting an organization.</p> Signup and view all the answers

    More Like This

    Capital Lease Accounting Overview
    40 questions
    Capital Cities of Canada Flashcards
    26 questions
    Capital Cost Allowance Flashcards
    7 questions
    Use Quizgecko on...
    Browser
    Browser