Interested to Buy Any Domain ? << Click Here >> for more details...
A consulting firm has created a File Transfer Protocol (FTP) site for the purpose of receiving financial data and has communicated the site's address, user ID and password to the financial services company in separate email messages. The company is to transmit its data to the FTP site after manually encrypting the data. The IS auditor's GREATEST concern with this process is that:
A. the users may not remember to manually encrypt the data before transmission.
B. the site credentials were sent to the financial services company via email.
C. personnel at the consulting firm may obtain access to sensitive data.
D. the use of a shared user ID to the FTP site does not allow for user accountability.
- 1 Answers
- 4393 Views
- I also Faced
- E-Mail Answers
Answer Posted / chatter
the correct answer is A
A. If the data is not encrypted, an unauthorized external party may download sensitive company data.
B. Even though the possibility exists that the logon information was captured from the emails, data should be encrypted, so the theft of the data would not allow the attacker to read it.
C. Some of the employees at the consulting firm will have access to the sensitive data and the consulting firm must have procedures in place to protect the data.
D. Tracing accountability is of minimal concern compared to the compromise of sensitive data.
Question #: 802 CISA Job Practice Task Statement: 5.3
| Is This Answer Correct ? | 4 Yes | 0 No |
Post New Answer View All Answers
