Interested to Buy Any Domain ? << Click Here >> for more details...
Which of the following is an example of a passive attack,
initiated through the Internet?
A. Traffic analysis
B. Masquerading
C. Denial of service
D. E-mail spoofing
- 2 Answers
- 33308 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: A
Internet security threats/vulnerabilities are divided into
passive and active attacks. Examples of passive attacks are:
network analysis, eavesdropping and traffic analysis. Active
attacks include: brute-force attack, masquerading, packet
replay, message modification, unauthorized access through
the Internet or web-based services, denial of service,
dial-in penetration attacks, e-mail bombing and spamming,
and e-mail spoofing.
| Is This Answer Correct ? | 44 Yes | 7 No |
The BEST time to perform a control self-assessment involving line management, line staff and the audit department is at the time of: A. compliance testing. B. the preliminary survey. C. substantive testing. D. the preparation of the audit report.
An IS auditor is assigned to help design the data security aspects of an application under development. Which of the following provides the MOST reasonable assurance that corporate assets are protected when the application is certified for production? A. A review conducted by the internal auditor B. A review conducted by the assigned IS auditor C. Specifications by the user on the depth and content of the review D. An independent review conducted by another equally experienced IS auditor
Which of the following integrity tests examines the accuracy, completeness, consistency and authorization of data? A. Data B. Relational C. Domain D. Referential
During the review of an organization's disaster recovery and business continuity plan, the IS auditor found that a paper test was performed to verify the existence of all necessary procedures and actions within the recovery plan. This is a: A. preparedness test. B. module test. C. full test. D. walk-through test.
Detection risk refers to: A. concluding that material errors do not exist, when in fact they do. B. controls that fail to detect an error. C. controls that detect high-risk errors. D. detecting an error but failing to report it.
Which of the following programs would a sound information security policy MOST likely include to handle suspected intrusions? A. Response B. Correction C. Detection D. Monitoring
Which of the following forms of evidence for the auditor would be considered the MOST reliable? A. An oral statement from the auditee B. The results of a test performed by an IS auditor C. An internally generated computer accounting report D. A confirmation letter received from an outside source
Which of the following would be the LEAST helpful in restoring service from an incident currently underway? A. Developing a database repository of past incidents and actions to facilitate future corrective actions B. Declaring the incident, which not only helps to carry out corrective measures, but also improves the awareness level C. Developing a detailed operations plan that outlines specific actions to be taken to recover from an incident D. Establishing multidisciplinary teams consisting of executive management, security staff, information systems staff, legal counsel, public relations, etc., to carry out the response.
Utility programs that assemble software modules needed to execute a machine instruction application program version are: A. text editors. B. program library managers. C. linkage editors and loaders. D. debuggers and development aids.
Which of the following is a practice that should be incorporated into the plan for testing disaster recovery procedures? A. Invite client participation. B. Involve all technical staff. C. Rotate recovery managers. D. Install locally stored backup.
A large chain of shops with EFT at point-of-sale devices has a central communications processor for connecting to the banking network. Which of the following is the BEST disaster recovery plan for the communications processor? A. Offsite storage of daily backups B. Alternative standby processor onsite C. Installation of duplex communication links D. Alternative standby processor at another network node
During a post-implementation review of an enterprise resource management system, an IS auditor would MOST likely: A. review access control configuration. B. evaluate interface testing. C. review detailed design documentation. D. evaluate system testing.
Cisco Certifications 
