Get the Preplance app for a seamless learning experience. Practice offline, get daily streaks, and stay ahead with real-time interview updates.
Get it on
Google Play
4.9/5 Rating on Store
Risk & Compliance · Question Set
CaseStudies interview questions for placements and exams.
Questions
14
Included in this set
Subject
Risk & Compliance
Explore more sets
Difficulty
Mixed
Level of this set
Go through each question and its explanation. Use this set as a focused practice pack for Risk & Compliance .
Before integration, the acquiring company should conduct thorough security assessments of the target’s systems, patch levels, and access controls. All inherited data should be reviewed for compliance risks. This prevents compromised systems or weak configurations from entering the new environment unnoticed.
For complete preparation, combine this set with full subject-wise practice for Risk & Compliance . You can also explore other subjects and sets from the links below.
Organizations must vet vendors for security maturity, ensure transparency in development processes, and require timely breach reporting. Contracts should include right-to-audit clauses. Continuous security assessments and shared monitoring can prevent third-party weaknesses from becoming internal risks.
High-profile breaches shifted security from a technical function to a board-level priority. Companies now invest in training, automated monitoring, and resilience planning. The culture has evolved toward proactive defense, transparency, and shared accountability across business units.
In the SolarWinds attack, adversaries compromised the vendor’s software supply chain by embedding malicious code into legitimate updates. When customers installed these updates, attackers gained access to their networks. It revealed how supply-chain attacks bypass traditional perimeter defenses and emphasized the need for code integrity verification and vendor vetting.
A misconfigured Web Application Firewall allowed an attacker to exploit a server-side request forgery vulnerability and access AWS instance metadata. This exposed customer data stored in S3 buckets. The incident showed how misconfiguration in cloud security tools can cause large-scale data exposure.
Yahoo delayed public disclosure of massive data breaches, which later affected its business valuation and triggered fines. The case underscored the importance of timely breach reporting under data protection laws and maintaining transparency with regulators and customers.
The Marriott breach involved an acquired company’s system that was already compromised. The incident demonstrated how poor security due diligence during mergers can import vulnerabilities. It reinforced the need for security assessments and integration audits when acquiring new entities or platforms.
In the LinkedIn breach, attackers obtained a database of hashed passwords and cracked many of them due to weak hashing algorithms. The event stressed the importance of using modern password hashing and salting techniques to protect user credentials.
British Airways and Marriott faced large fines because regulators found their security measures insufficient under GDPR’s data protection requirements. The rulings demonstrated how compliance obligations go beyond documentation — companies must show practical, effective safeguards for user data.
The Equifax case highlighted the need for robust patch management, asset visibility, and strong data encryption. It showed how neglecting a single known vulnerability can lead to massive reputational and financial loss. Continuous monitoring and accountability for vulnerability closure became critical takeaways.
SolarWinds changed how organizations view supply-chain trust. Companies now emphasize software bill of materials, code signing, vendor audits, and continuous monitoring. It encouraged regulators to push for secure-by-design development and transparency across software ecosystems.
Prompt disclosure allows regulators, users, and partners to take protective actions quickly. It shows accountability and transparency in handling sensitive information. Delays in reporting can worsen harm, increase fines, and damage trust far more than the incident itself.
The Equifax breach occurred because the organization failed to patch a critical vulnerability in Apache Struts even after a fix was available. Attackers exploited the flaw to access personal data of over 140 million people. It highlighted the importance of timely patching, asset inventory, and vulnerability management discipline.
Uber’s 2016 breach showed the dangers of mishandling disclosures. Instead of reporting the breach to authorities, the company paid the attackers under a false bug bounty. It resulted in legal penalties and emphasized the ethical and legal duty of transparent incident reporting.