A company's bank has reported that multiple corporate credit cards have been stolen over the past several weeks. The bank has provided the names of the affected cardholders to the company's forensics team to assist in the cyber-incident investigation. An incident responder learns the following information: The timeline of stolen card numbers corresponds closely with affected users making Internet-based purchases from diverse websites via enterprise desktop PCs. All purchase connections were encrypted, and the company uses an SSL inspection proxy for the inspection of encrypted traffic of the hardwired network. Purchases made with corporate cards over the corporate guest WiFi network, where no SSL inspection occurs, were unaffected. Which of the following is the MOST likely root cause?
A) HTTPS sessions are being downgraded to insecure cipher suites
B) The SSL inspection proxy is feeding events to a compromised SIEM
C) The payment providers are insecurely processing credit card charges
D) The adversary has not yet established a presence on the guest WiFi network
Correct Answer:
Verified
Q87: A user reports constant lag and performance
Q88: A startup company is using multiple SaaS
Q89: Users at an organization have been installing
Q90: On which of the following is the
Q91: An organization has implemented a policy requiring
Q93: A security analyst is reviewing information regarding
Q94: A security engineer needs to implement an
Q95: The Chief Financial Officer (CFO) of an
Q96: A company wants to deploy PKI on
Q97: A root cause analysis reveals that a
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents