An IS auditor should be MOST concerned with what aspect of an authorized honeypot?
A. The data collected on attack methods
B. The information offered to outsiders on the honeypot
C. The risk that the honeypot could be used to launch further attacks on the organizations infrastructure
D. The risk that the honeypot would be subject to a distributed denial-of-service attack
Explanation:
Choice C represents the organizational risk that the honeypot could be used as a point of access to launch further attacks on the enterprises systems. Choices A and B are purposes for deploying a honeypot, not a concern. Choice D, the risk that the honeypot would be subject to a distributed denial-of-service (DDoS) attack, is not relevant, as the honeypot is not a critical device for providing service.