
Explanation:
The Equifax breach was caused by a failure to patch a known vulnerability in the Apache Struts framework, which was publicly disclosed and had an available patch. Equifax’s security team did not apply the patch in a timely manner, leaving sensitive consumer data exposed to hackers.
B is incorrect. There is no evidence that Equifax’s security team deliberately ignored security patches. However, the failure to patch critical vulnerabilities reflects weak internal controls and oversight in vulnerability management.
C is incorrect. Equifax did have an incident response plan, but its poor execution and lack of preparedness worsened the breach’s impact. The main cause of the breach was unpatched software, not the absence of an incident response strategy.
D is incorrect. The breach did not involve a zero-day attack (a vulnerability exploited before a patch is available). The Apache Struts vulnerability was known, and a patch had been released, but Equifax failed to apply it.
Things to Remember:
Ultimate access to all questions.
Q.6532 Which of the following best explains how poor vulnerability management contributed to the Equifax breach?
A
Equifax failed to identify and patch a known vulnerability in a timely manner, leaving its systems exposed to cyberattacks.
B
Equifax’s security team deliberately ignored critical security patches to reduce operational disruptions.
C
Equifax lacked an incident response plan, which prevented it from addressing the breach efficiently.
D
Equifax experienced a zero-day attack, meaning no patch was available to mitigate the risk.
No comments yet.