Interested to Buy Any Domain ? << Click Here >> for more details...
The process of using interpersonal communication skills to
get unauthorized access to company assets is called:
A. wire tapping.
B. trap doors.
C. war dialing.
D. social engineering.
- 1 Answers
- 5869 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: D
Social engineering is a term that describes a nontechnical
kind of intrusion that relies heavily on human interaction
and often involves tricking other people into breaking
normal security procedures. Wire tapping is a technique used
for getting the signals transmitted over cables without
disturbing the flow between the source and destination. Trap
doors are a deliberately left break in the software source
code by programmers to enable the insertion of additional
debugging code. The trap door may be used later for some
unwanted purposes. War dialing involves trying out all the
published phone numbers of the company to find one that is
connected to a modem and subsequently using that as an entry
point into the corporate databases.
| Is This Answer Correct ? | 4 Yes | 0 No |
Which of the following processes describes risk assessment? Risk assessment is: A. subjective. B. objective. C. mathematical. D. statistical.
Which of the following procedures would MOST effectively detect the loading of illegal software packages onto a network? A. The use of diskless workstations B. Periodic checking of hard drives C. The use of current antivirus software D. Policies that result in instant dismissal if violated
An IS steering committee should: A. include a mix of members from different departments and staff levels. B. ensure that IS security policies and procedures have been executed properly. C. have formal terms of reference and maintain minutes of its meetings. D. be briefed about new trends and products at each meeting by a vendor.
An enterprisewide network security architecture of public key infrastructure (PKI) would be comprised of: A. A public key cryptosystem, private key cryptosystem and digital certificate B. A public key cryptosystem, symmetric encryption and certificate authorities C. A symmetric encryption, digital certificate and kerberos authentication D. A public key cryptosystem, digital certificate and certificate authorities
Electronic signatures can prevent messages from being: A. suppressed. B. repudiated. C. disclosed. D. copied.
Requiring passwords to be changed on a regular basis, assigning a new one-time password when a user forgets his/hers, and requiring users not to write down their passwords are all examples of: A. audit objectives. B. audit procedures. C. controls objectives. D. control procedures.
An IS auditor's primary concern when application developers wish to use a copy of yesterday's production transaction file for volume tests is that: A. users may prefer to use contrived data for testing. B. unauthorized access to sensitive data may result. C. error handling and credibility checks may not be fully proven. D. full functionality of the new process is not necessarily tested.
Which of the following would be MOST appropriate to ensure the confidentiality of transactions initiated via the Internet? A. Digital signature B. Data encryption standard (DES) C. Virtual private network (VPN) D. Public key encryption
During a review of the controls over the process of defining IT service levels, an IS auditor would MOST likely interview the: A. systems programmer. B. legal staff. C. business unit manager. D. application programmer.
An IS auditor evaluating data integrity in a transaction driven system environment should review atomicity, to determine whether: A. the database survives failures (hardware or software). B. each transaction is separated from other transactions. C. integrity conditions are maintained. D. a transaction is completed or not, or a database is updated or not.
An IS auditor conducting a review of disaster recovery planning at a financial processing organization has discovered the following: * The existing disaster recovery plan was compiled two years ago by a systems analyst in the organization's IT department using transaction flow projections from the operations department. * The plan was presented to the deputy CEO for approval and formal issue, but it is still awaiting his attention. * The plan has never been updated, tested or circulated to key management and staff, though interviews show that each would know what action to take for their area in the event of a disruptive incident. The basis of an organization's disaster recovery plan is to reestablish live processing at an alternative site where a similar, but not identical hardware configuration is already established. The IS auditor should: A. take no action as the lack of a current plan is the only significant finding. B. recommend that the hardware configuration at each site should be identical. C. perform a review to verify that the second configuration can support live processing. D. report that the financial expenditure on the alternative site is wasted without an effective plan.
Which of the following is the BEST form of transaction validation? A. Use of key field verification techniques in data entry B. Use of programs to check the transaction against criteria set by management C. Authorization of the transaction by supervisory personnel in an adjacent department D. Authorization of the transaction by a department supervisor prior to the batch process
Cisco Certifications 
