Which of the following is a technique that could be used to
capture network user passwords?
A. Encryption
B. Sniffing
C. Spoofing
D. A signed document cannot be altered.
- 1 Answers
- 5305 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: B
Sniffing is an attack that can be used to capture sensitive
pieces of information (password), passing through the
network. Encryption is a method of scrambling information to
prevent unauthorized individuals from understanding the
transmission. Spoofing is forging an address and inserting
it into a packet to disguise the origin of the
communication. Data destruction is erasing information or
removing it from its original location.
| Is This Answer Correct ? | 4 Yes | 0 No |
When two or more systems are integrated, input/output controls must be reviewed by the IS auditor in the: A. systems receiving the output of other systems. B. systems sending output to other systems. C. systems sending and receiving data. D. interfaces between the two systems.
An IS auditor attempting to determine whether access to program documentation is restricted to authorized persons would MOST likely: A. evaluate the record retention plans for off-premises storage. B. interview programmers about the procedures currently being followed. C. compare utilization records to operations schedules. D. review data file access records to test the librarian function.
An organization has an integrated development environment (IDE), where the program libraries reside on the server, but modification/development and testing are done from PC workstations. Which of the following would be a strength of an integrated development environment? A. Controls the proliferation of multiple versions of programs B. Expands the programming resources and aids available C. Increases program and processing integrity D. Prevents valid changes from being overwritten by other changes
In a small organization, an employee performs computer operations and, when the situation demands, program modifications. Which of the following should the IS auditor recommend? A. Automated logging of changes to development libraries B. Additional staff to provide separation of duties C. Procedures that verify that only approved program changes are implemented D. Access controls to prevent the operator from making program modifications
The interface that allows access to lower or higher level network services is called: A. firmware. B. middleware. C. X.25 interface. D. utilities.
The PKI element that manages the certificate life cycle, including certificate directory maintenance and certificate revocation list (CRL) maintenance and publication is the: A. certificate authority. B. digital certificate. C. certification practice statement. D. registration authority.
Which of the following is the MOST effective technique for providing security during data transmission? A. Communication log B. Systems software log C. Encryption D. Standard protocol
When auditing security for a data center, an IS auditor should look for the presence of a voltage regulator to ensure that the: A. hardware is protected against power surges. B. integrity is maintained if the main power is interrupted. C. immediate power will be available if the main power is lost. D. hardware is protected against long-term power fluctuations.
Which of the following applet intrusion issues poses the GREATEST risk of disruption to an organization? A. A program that deposits a virus on a client machine B. Applets recording keystrokes and, therefore, passwords C. Downloaded code that reads files on a client's hard drive D. Applets opening connections from the client machine
When reviewing an organization's logical access security, which of the following would be of the MOST concern to an IS auditor? A. Passwords are not shared. B. Password files are encrypted. C. Redundant logon IDs are deleted. D. The allocation of logon IDs is controlled.
A request for a change to a report format in a module (subsystem) was made. After making the required changes, the programmer should carry out: A. unit testing. B. unit and module testing. C. unit, module and regression testing. D. module testing.
A control log basic to a real-time application system is a(n): A. audit log. B. console log. C. terminal log. D. transaction log.
Cisco Certifications 
