In auditing a web server, an IS auditor should be concerned about the risk of individuals gaining unauthorized
access to confidential information through:

A.
common gateway interface (CGI) scripts.

B.
enterprise Java beans (EJBs).

C.
applets.

D.
web services.

Explanation:
Common gateway interface (CGI) scripts are executable machine independent software programs on the
server that can be called and executed by a web server page. CGI performs specific tasks such as processing
inputs received from clients. The use of CGI scripts needs to be evaluated, because as they run in the server, a
bug in them may allow a user to gain unauthorized access to the server and from there gain access to the
organization’s network. Applets are programs downloaded from a web server and executed on web browsers
on client machines to run any web-based applications. Enterprise java beans (EJBs) and web services have to
be deployed by the web server administrator and are controlled by the application server. Their execution
requires knowledge of the parameters and expected return values.