The BEST defense against network eavesdropping is:
A. encryption.
B. moving the defense perimeter outward.
C. reducing the amplitude of the communication signal.
D. masking the signal with noise.
Answer / guest
Answer: A
Encryption is the best choice in this situation and
generally protects information from eavesdroppers. Encrypted
strings, with a discernible pattern, can be captured by a
sniffer. This means that due care should be taken even with
encryption. Moving the defense perimeter outward would
entail additional cost as the security coverage would
enlarge. Reducing the amplitude of the communication signal
would result in attenuation of the signal and the recipient
would not receive the information properly. Masking with
noise would cause signal distortion and therefore distortion
in the information received that is not desirable.
| Is This Answer Correct ? | 11 Yes | 1 No |
Which of the following LAN physical layouts is subject to total loss if one device fails? A. Star B. Bus C. Ring D. Completely connected
The extent to which data will be collected during an IS audit should be determined, based on the: A. availability of critical and required information. B. auditor's familiarity with the circumstances. C. auditee's ability to find relevant evidence. D. purpose and scope of the audit being done.
An IS auditor evaluating data integrity in a transaction driven system environment should review atomicity, to determine whether: A. the database survives failures (hardware or software). B. each transaction is separated from other transactions. C. integrity conditions are maintained. D. a transaction is completed or not, or a database is updated or not.
When implementing an application software package, which of the following presents the GREATEST risk? A. Uncontrolled multiple software versions B. Source programs that are not synchronized with object code C. Incorrectly set parameters D. Programming errors
The risk that an IS auditor uses an inadequate test procedure and concludes that material errors do not exist when, in fact, they do, is an example of: A. inherent risk. B.control risk. C. detection risk. D. audit risk.
Receiving an EDI transaction and passing it through the communications interface stage usually requires: A. translating and unbundling transactions. B. routing verification procedures. C. passing data to the appropriate application system. D. creating a point of receipt audit log.
Antivirus software should be used as a: A. detective control. B. preventive control. C. corrective control. D. compensating control.
Which of the following functions, if combined, would be the GREATEST risk to an organization? A. Systems analyst and database administrator B. Quality assurance and computer operator C. Tape librarian and data entry clerk D. Application programmer and tape librarian
The BEST method of proving the accuracy of a system tax calculation is by: A. detailed visual review and analysis of the source code of the calculation programs. B. recreating program logic using generalized audit software to calculate monthly totals. C. preparing simulated transactions for processing and comparing the results to predetermined results. D. automatic flowcharting and analysis of the source code of the calculation programs.
An organization has an integrated development environment (IDE), where the program libraries reside on the server, but modification/development and testing are done from PC workstations. Which of the following would be a strength of an integrated development environment? A. Controls the proliferation of multiple versions of programs B. Expands the programming resources and aids available C. Increases program and processing integrity D. Prevents valid changes from being overwritten by other changes
What type of transmission requires modems? A. Encrypted B. Digital C. Analog D. Modulated
During a review of a large data center an IS auditor observed computer operators acting as backup tape librarians and security administrators. Which of these situations would be MOST critical to report? A. Computer operators acting as tape librarians B. Computer operators acting as security administrators C. Computer operators acting as a tape librarian and security administrator D. It is not necessary to report any of these situations.