Which of the following is a technique that could be used to
capture network user passwords?
A. Encryption
B. Sniffing
C. Spoofing
D. A signed document cannot be altered.
- 1 Answers
- 4437 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: B
Sniffing is an attack that can be used to capture sensitive
pieces of information (password), passing through the
network. Encryption is a method of scrambling information to
prevent unauthorized individuals from understanding the
transmission. Spoofing is forging an address and inserting
it into a packet to disguise the origin of the
communication. Data destruction is erasing information or
removing it from its original location.
| Is This Answer Correct ? | 4 Yes | 0 No |
Which of the following is a function of an IS steering committee? A. Monitoring vendor controlled change control and testing B. Ensuring a separation of duties within the information's processing environment C. Approving and monitoring major projects, the status of IS plans and budgets D. Responsible for liaison between the IS department and the end users
The PRIMARY reason for using digital signatures is to ensure data: A. confidentiality. B. integrity. C. availability. D. timeliness.
Which of the following is a measure of the size of an information system based on the number and complexity of a system?s inputs, outputs and files? A. Function point (FP) B. Program evaluation review technique (PERT) C. Rapid application design (RAD) D. Critical path method (CPM)
An IS auditor performing a telecommunication access control review should be concerned PRIMARILY with the: A. maintenance of access logs of usage of various system resources. B. authorization and authentication of the user prior to granting access to system resources. C. adequate protection of stored data on servers by encryption or other means. D. accountability system and the ability to identify any terminal accessing system resources.
Which of the following would be the LEAST helpful in restoring service from an incident currently underway? A. Developing a database repository of past incidents and actions to facilitate future corrective actions B. Declaring the incident, which not only helps to carry out corrective measures, but also improves the awareness level C. Developing a detailed operations plan that outlines specific actions to be taken to recover from an incident D. Establishing multidisciplinary teams consisting of executive management, security staff, information systems staff, legal counsel, public relations, etc., to carry out the response.
An IS auditor performing a review of the IS department discovers that formal project approval procedures do not exist. In the absence of these procedures the IS manager has been arbitrarily approving projects that can be completed in a short duration and referring other more complicated projects to higher levels of management for approval. The IS auditor should recommend as a FIRST course of action that: A. users participate in the review and approval process. B. formal approval procedures be adopted and documented. C. projects be referred to appropriate levels of management for approval. D. the IS manager's job description be changed to include approval authority.
Which of the following controls will detect MOST effectively the presence of bursts of errors in network transmissions? A. Parity check B. Echo check C. Block sum check D. Cyclic redundancy check
An IS auditor discovers evidence of fraud perpetrated with a manager's user id. The manager had written the password, allocated by the system administrator, inside his/her desk drawer. The IS auditor should conclude that the: A. manager's assistant perpetrated the fraud. B. perpetrator cannot be established beyond doubt. C. fraud must have been perpetrated by the manager. D. system administrator perpetrated the fraud.
Which of the following forms of evidence for the auditor would be considered the MOST reliable? A. An oral statement from the auditee B. The results of a test performed by an IS auditor C. An internally generated computer accounting report D. A confirmation letter received from an outside source
Which of the following would an IS auditor consider the MOST relevant to short-term planning for the IS department? A. Allocating resources B. Keeping current with technology advances C. Conducting control self-assessment D. Evaluating hardware needs
In reviewing the IS short-range (tactical) plan, the IS auditor should determine whether: A. there is an integration of IS and business staffs within projects. B. there is a clear definition of the IS mission and vision. C. there is a strategic information technology planning methodology in place. D. the plan correlates business objectives to IS goals and objectives.
The reliability of an application system's audit trail may be questionable if: A. user IDs are recorded in the audit trail. B. the security administrator has read-only rights to the audit file. C. date time stamps record when an action occurs. D. users can amend audit trail records when correcting system errors.
Cisco Certifications 
