An Internet-based attack using password sniffing can:
A. enable one party to act as if they are another party.
B. cause modification to the contents of certain transactions.
C. be used to gain access to systems containing proprietary
information.
D. result in major problems with billing systems and
transaction processing agreements.
Answer / guest
Answer: C
Password sniffing attacks can be used to gain access to
systems on which proprietary information is stored. Spoofing
attacks can be used to enable one party to act as if they
are another party. Data modification attacks can be used to
modify the contents of certain transactions. Repudiation of
transactions can cause major problems with billing systems
and transaction processing agreements.
Is This Answer Correct ? | 8 Yes | 1 No |
The FIRST step in data classification is to: A. establish ownership. B. perform a criticality analysis. C. define access rules. D. create a data dictionary.
An IS auditor should be concerned when a telecommunication analyst: A. monitors systems performance and tracks problems resulting from program changes. B. reviews network load requirements in terms of current and future transaction volumes. C. assesses the impact of the network load on terminal response times and network data transfer rates. D. recommends network balancing procedures and improvements.
Disaster recovery planning for a company's computer system usually focuses on: A. operations turnover procedures. B. strategic long-range planning. C. the probability that a disaster will occur. D. alternative procedures to process transactions.
Separation of duties between computer opeartors and other data processing personnel is intended to: A. Prevent unauthorized modifications to program or data. B. Reduce overall cost of operations C. Allow operators to concentrate on their assigned duties D. Restrict operator access to data
A LAN administrator normally would be restricted from: A. having end-user responsibilities. B. reporting to the end-user manager. C. having programming responsibilities. D. being responsible for LAN security administration.
Which of the following represents the MOST pervasive control over application development? A. IS auditors B. Standard development methodologies C. Extensive acceptance testing D. Quality assurance groups
When a systems development life cycle (SDLC) methodology is inadequate, the MOST serious immediate risk is that the new system will: A. be completed late. B. exceed the cost estimates. C. not meet business and user needs. D. be incompatible with existing systems.
The management of an organization has decided to establish a security awareness program. Which of the following would MOST likely be a part of the program? A. Utilization of an intrusion detection system to report incidents. B. Mandating the use of passwords to access all software. C. Installing an efficient user log system to track the actions of each user D. Provide training on a regular basis to all current and new employees.
A database administrator is responsible for: A. defining data ownership. B. establishing operational standards for the data dictionary. C. creating the logical and physical database. D. establishing ground rules for ensuring data integrity and security.
An IS auditor discovers evidence of fraud perpetrated with a manager's user id. The manager had written the password, allocated by the system administrator, inside his/her desk drawer. The IS auditor should conclude that the: A. manager's assistant perpetrated the fraud. B. perpetrator cannot be established beyond doubt. C. fraud must have been perpetrated by the manager. D. system administrator perpetrated the fraud.
A strength of an implemented quality system based on ISO 9001 is that it: A. guarantees quality solutions to business problems. B. results in improved software life cycle activities. C. provides clear answers to questions concerning cost-effectiveness. D. does not depend on the maturity of the implemented quality system.
To prevent an organization's computer systems from becoming part of a distributed denial-of-service attack, IP packets containing addresses that are listed as unroutable can be isolated by: A. establishing outbound traffic filtering. B. enabling broadcast blocking. C. limiting allowable services. D. network performance monitoring.