A
、
include the finding in the final report, because the IS auditor is
responsible for an accurate report of all findings.
B
、
not include the finding in the final report, because the audit
report should include only unresolved findings.
C
、
not include the finding in the final report, because corrective
action can be verified by the IS auditor during the audit.
D
、
include the finding in the closing meeting for discussion purposes
only.
ANSWER:A
NOTE:Including the finding in the final report is a generally accepted
audit practice. If an action is taken after the audit started and before
it ended, the audit report should identify the finding and describe the
corrective action taken. An audit report should reflect the situation, as
it existed at the start of the audit. All corrective actions taken by the
auditee should be reported in writing.
204
、
A perpetrator looking to gain access to and gather information about
encrypted data being transmitted over the network would use:
A
、
eavesdropping.
B
、
spoofing.
C
、
traffic analysis.
D
、
masquerading.
ANSWER:C
NOTE:In traffic analysis, which is a passive attack, an intruder
determines the nature of the traffic flow between defined hosts and
through an analysis of session length, frequency and message length, and
the intruder is able to guess the type of communication taking place. This
typically is used when messages are encrypted and eavesdropping would not
yield any meaningful results. In eavesdropping, which also is a passive
attack, the intruder gathers the information flowing through the network
with the intent of acquiring and releasing message contents for personal
analysis or for third parties. Spoofing and masquerading are active
attacks. In spoofing, a user receives an e-mail that appears to have
originated from one source when it actually was sent from another source.
In masquerading, the intruder presents an identity other than the original
identity.
205
、
What should be the GREATEST concern to an IS auditor when employees
use portable media (MP3 players, flash drives)?