PrepAway - Latest Free Exam Questions & Answers

Which of the following findings should give the IS audi…

An IS auditor is evaluating a corporate network for a possible penetration by employees. Which of the following
findings should give the IS auditor the GREATEST concern?

PrepAway - Latest Free Exam Questions & Answers

A.
There are a number of external modems connected to the network.

B.
Users can install software on their desktops.

C.
Network monitoring is very limited.

D.
Many user IDs have identical passwords.

Explanation:
Exploitation of a known user ID and password requires minimal technical knowledge and exposes the network
resources to exploitation. The technical barrier is low and the impact can be very high; therefore, the fact that
many user IDs have identical passwords represents the greatest threat. External modems represent a security
risk, but exploitation still depends on the use of a valid user account. While the impact of users installing
software on their desktops can be high {for example, due to the installation of Trojans or key-logging
programs), the likelihood is not high due to the level of technical knowledge required to successfully penetrate
the network. Although network monitoring can be a useful detective control, it will only detectabuse of user
accounts in special circumstances and is, therefore, not a first line of defense.


Leave a Reply