Which of the following choices BEST helps information owners to properly classify data?
a. Understanding of technical controls that protect data
b. Training on organizational policies and standards
c. Use of an automated data leak prevention tool
d. Understanding which people need to access the data
,Give this one a go later!
b. Training on organizational policies and standards
While implementing data classification, it is most essential that organizational
policies and standards, including the data classification schema, are understood
by the owner or custodian of the data so they can be properly classified.
During a review of intrusion detection logs, an IS auditor notices traffic coming from the
Internet, which appears to originate from the internal IP address of the company payroll
server. Which of the following malicious activities would MOST likely cause this type of
result?
a. A denial-of-service attack
b. Spoofing
c. Port scanning
d. A man-in-the-middle attack
Give this one a go later!
b. Spoofing
This is a form of impersonation where one computer tries to take on the identity of
another computer. When an attack originates from the external network but uses
an internal network address, the attacker is most likely trying to bypass firewalls
and other network security controls by impersonating (or spoofing) the payroll
server's internal network address. By impersonating the payroll server, the attacker
may be able to access sensitive internal resources.
An organization is planning to deploy an outsourced cloud-based application that is used to
track job applicant data for the human resources department. Which of the following should
,be the GREATEST concern to an IS auditor?
a. The service level agreement (SLA) ensures strict limits for uptime and performance.
b. The cloud provider will not agree to an unlimited right-to-audit as part of the SLA.
c. The SLA is not explicit regarding the disaster recovery plan capabilities of the cloud
provider.
d. The cloud provider's data centers are in multiple cities and countries.
Give this one a go later!
d. The cloud provider's data centers are in multiple cities and countries.
Having data in multiple countries is the greatest concern because human
resources (HR) applicant data could contain personally identifiable information.
There may be legal compliance issues if these data are stored in a country with
different laws regarding data privacy. While the organization would be bound by
the privacy laws where it is based, it may not have legal recourse if a data breach
happens in a jurisdiction where the same laws do not apply.
Which of the following types of firewalls provide the GREATEST degree and granularity of
control?
a. Screening router
b. Packet filter
c. Application gateway
d. Circuit gateway
Give this one a go later!
, c. application gateway
This is similar to a circuit gateway, but it has specific proxies for each service. To
handle web services, it has a Hypertext Transmission Protocol (HTTP) proxy that
acts as an intermediary between externals and internals but is specifically for
HTTP. This means that it not only checks the packet Internet Protocol (IP)
addresses (Open Systems Interconnection [OSI] Layer 3) and the ports it is
directed to (in this case port 80, or layer 4), it also checks every HTTP command
(OSI Layers 5 and 7). Therefore, it works in a more detailed (granularity) way than
the other choices.
IS management recently replaced its existing wired local area network with a wireless
infrastructure to accommodate the increased use of mobile devices within the organization.
This will increase the risk of which of the following attacks?
a. Port scanning
b. Back door
c. Man-in-the-middle
d. War driving
Give this one a go later!
d. war driving
wifi think war driving
This attack uses a wireless Ethernet card, set in promiscuous mode, and a powerful
antenna to penetrate wireless systems from outside.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller codersimon. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $18.00. You're not tied to anything after your purchase.