An IS auditor should be MOST concerned with what aspect of an authorized honeypot?

A. The data collected on attack methods

B. The information offered to outsiders on the honeypot

C. The risk that the honeypot could be used to launch further attacks on the organizations infrastructure

D. The risk that the honeypot would be subject to a distributed denial-of-service attack

Explanation:

Choice C represents the organizational risk that the honeypot could be used as a point of access to launch further attacks on the enterprises systems. Choices A and B are purposes for deploying a honeypot, not a concern. Choice D, the risk that the honeypot would be subject to a distributed denial-of-service (DDoS) attack, is not relevant, as the honeypot is not a critical device for providing service.