PrepAway - Latest Free Exam Questions & Answers

An IS auditor is performing a network security review of a telecom company that provides Internet connection s

An IS auditor is performing a network security review of a telecom company that provides Internet connection services to shopping malls for their wireless customers. The company uses Wireless Transport Layer Security (WTLS) and Secure Sockets Layer (SSL) technology for protecting their customers payment information. The IS auditor should be MOST concerned if a hacker:

A. compromises the Wireless Application Protocol (WAP) gateway.

B. installs a sniffing program in front of the server.

C. steals a customers PDA.

D. listens to the wireless transmission.

Explanation:

In a WAP gateway, the encrypted messages from customers must be decrypted to transmit over the Internet and vice versa. Therefore, if the gateway is compromised, all of the messages would be exposed. SSL protects the messages from sniffing on the Internet, limiting disclosure of the customers information. WTLS provides authentication, privacy and integrity and prevents messages from eavesdropping.


Leave a Reply