Interested to Buy Any Domain ? << Click Here >> for more details...
Which of the following is a technique that could be used to
capture network user passwords?
A. Encryption
B. Sniffing
C. Spoofing
D. A signed document cannot be altered.
- 1 Answers
- 5250 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: B
Sniffing is an attack that can be used to capture sensitive
pieces of information (password), passing through the
network. Encryption is a method of scrambling information to
prevent unauthorized individuals from understanding the
transmission. Spoofing is forging an address and inserting
it into a packet to disguise the origin of the
communication. Data destruction is erasing information or
removing it from its original location.
| Is This Answer Correct ? | 4 Yes | 0 No |
The management of an organization has decided to establish a security awareness program. Which of the following would MOST likely be a part of the program? A. Utilization of an intrusion detection system to report incidents. B. Mandating the use of passwords to access all software. C. Installing an efficient user log system to track the actions of each user D. Provide training on a regular basis to all current and new employees.
If a database is restored using before-image dumps, where should the process be restarted following an interruption? A. Before the last transaction B. After the last transaction C. The first transaction after the latest checkpoint D. The last transaction before the latest checkpoint
An organization is introducing a single sign-on (SSO) system. Under the SSO system, users will be required to enter only one user ID and password for access to all application systems. Under the SSO system, unauthorized access: A. is less likely. B. is more likely. C. will have a greater impact. D. will have a smaller impact.
Which of the following provisions in a contract for external information systems services would an IS auditor consider to be LEAST significant? A. Ownership of program and files B. Statement of due care and confidentiality C. Continued service of outsourcer in the event of a disaster D. Detailed description of computer hardware used by the vendor
Confidential data residing on a PC is BEST protected by: A. a password. B. file encryption. C. removable diskettes. D. a key operated power source.
In regard to moving an application program from the test environment to the production environment, the BEST control would be provided by having the: A. application programmer copy the source program and compiled object module to the production libraries. B. as paul says, C. production control group compile the object module to the production libraries using the source program in the test environment. D. production control group copy the source program to the production libraries and then compile the program.
Which of the following goals would you expect to find in an organization's strategic plan? A. Test a new accounting package. B. Perform an evaluation of information technology needs. C. Implement a new project planning system within the next 12 months. D. Become the supplier of choice within a given time period for the product offered.
A utility is available to update critical tables in case of data inconsistency. This utility can be executed at the OS prompt or as one of menu options in an application. The BEST control to mitigate the risk of unauthorized manipulation of data is to: A. delete the utility software and install it as and when required. B. provide access to utility on a need-to-use basis. C. provide access to utility to user management D. define access so that the utility can be only executed in menu option.
An IS auditor performing a review of an application's controls would evaluate the: A. efficiency of the application in meeting the business processes. B. impact of any exposures discovered. C. business processes served by the application. D. the application's optimization.
An organization wants to enforce data integrity principles and achieve faster performance/execution in a database application. Which of the following design principles should be applied? A. User (customized) triggers B. Data validation at the front end C. Data validation at the back end D. Referential integrity
Which of the following integrity tests examines the accuracy, completeness, consistency and authorization of data? A. Data B. Relational C. Domain D. Referential
An IS auditor conducting a review of disaster recovery planning at a financial processing organization has discovered the following: * The existing disaster recovery plan was compiled two years ago by a systems analyst in the organization's IT department using transaction flow projections from the operations department. * The plan was presented to the deputy CEO for approval and formal issue, but it is still awaiting his attention. * The plan has never been updated, tested or circulated to key management and staff, though interviews show that each would know what action to take for their area in the event of a disruptive incident. The IS auditor's report should recommend that: A. the deputy CEO be censured for his failure to approve the plan. B. a board of senior managers be set up to review the existing plan. C. the existing plan be approved and circulated to all key management and staff. D. a manager coordinate the creation of a new or revised plan within a defined time limit.
Cisco Certifications 
