
Explanation:
Equifax’s internal controls failed to detect and block unauthorized access to sensitive data for over two months. The company’s intrusion detection system (IDS) was misconfigured, and expired encryption certificates further weakened security monitoring. As a result, critical alerts went unnoticed, allowing attackers to exfiltrate data without immediate detection.
A is incorrect. Equifax had a cybersecurity framework in place, but it was not effectively implemented. The breach resulted from weak security monitoring, not a complete absence of cybersecurity policies.
C is incorrect. There is no evidence that Equifax employees intentionally disabled security alerts. Instead, poor security oversight and expired encryption certificates contributed to the failure in detecting the breach.
D is incorrect. Equifax, as a large financial institution, had the financial capacity to invest in cybersecurity. The breach was not caused by a lack of funds but by poor risk management and weak internal controls.
Things to Remember:
Ultimate access to all questions.
No comments yet.
Q.6533 Which of the following best describes how ineffective internal controls at Equifax contributed to the breach?
A
Equifax lacked a cybersecurity framework, making it impossible to detect threats.
B
Equifax’s monitoring system failed to detect and prevent unauthorized access to sensitive data.
C
Equifax employees intentionally disabled security alerts, allowing hackers to remain undetected.
D
Equifax lacked sufficient financial resources to invest in cybersecurity controls.