Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Iapp Discussions

Exam CIPT topic 1 question 136 discussion

Actual exam question from IAPP's CIPT
Question #: 136
Topic #: 1
[All CIPT Questions]

nd

Between November 30 -
and December 2
, 2013, cybercriminals successfully infected the credit card payment systems and bypassed security controls of a
United States-based retailer with malware that exfiltrated 40 million credit card numbers. Six months prior, the retailer had malware detection software installed to prevent against such an attack.
Which of the following would best explain why the retailer's consumer data was still exfiltrated?

  • A. The detection software alerted the retailer's security operations center per protocol, but the information security personnel failed to act upon the alerts.
  • B. The U.S Department of Justice informed the retailer of the security breach on Dec. 12th, but the retailer took three days to confirm the breach and eradicate the malware.
  • C. The IT systems and security measures utilized by the retailer's third-party vendors were in compliance with industry standards, but their credentials were stolen by black hat hackers who then entered the retailer's system.
  • D. The retailer's network that transferred personal data and customer payments was separate from the rest of the corporate network, but the malware code was disguised with the name of software that is supposed to protect this information.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by 837vq3 at Oct. 31, 2021, 7:42 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
ofirga
2 months ago
Selected Answer: A
A is the answer!
upvoted 2 times
...
ChaChaMcGraw
1 year, 11 months ago
How sure are we on these answers?
upvoted 1 times
...
Ahpl
2 years, 1 month ago
A is the answer because data is "still" leaked.
upvoted 1 times
...
187san
2 years, 3 months ago
A is the answer
upvoted 1 times
...
flyingrain777
2 years, 4 months ago
Agree A is a better answer.
upvoted 1 times
...
k4d4v4r
2 years, 5 months ago
B was definately not written in the question. A is better.
upvoted 1 times
...
pipzz
2 years, 5 months ago
A is the correct answer. This case study relates to the well known Target Data Breach. It is reported in many sources that their security operations did not respond to alerts that had picked up the suspicious activity. See https://arxiv.org/pdf/1701.04940.pdf Although B is true about what happened in the case, that Department of Justice notification was after the exfiltration and does not explain best why the retailer's consumer data was still exfiltrated.
upvoted 2 times
k4d4v4r
2 years, 5 months ago
Did you take the exam? How did it go?
upvoted 1 times
...
...
837vq3
2 years, 5 months ago
This one is confusing. All of the options are feasible in an incident situation.
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel