PrepAway - Latest Free Exam Questions & Answers

Which of the following should not be included in his presentation?

Brad is a security manager at Thingamabobs Inc. He is preparing a presentation for his company’s executives on the risks of using instant messaging (IM) and his reasons for wanting to prohibit its use on the company network. Which of the following should not be included in his presentation?

PrepAway - Latest Free Exam Questions & Answers

A.
Sensitive data and files can be transferred from system to system over IM.

B.
Users can receive information�including malware�from an attacker posing as a legitimate sender.

C.
IM use can be stopped by simply blocking specific ports on the network firewalls.

D.
A security policy is needed specifying IM usage restrictions.

Explanation:
C: Instant messaging (IM) allows people to communicate with one another through a type of real-time and personal chat room. It alerts individuals when someone who is on
their “buddy list” has accessed the intranet/ Internet so that they can send text messages back and forth in real time. The technology also allows for files to be transferred from
system to system. The technology is made up of clients and servers. The user installs an IM client (AOL, ICQ, Yahoo Messenger, and so on) and is assigned a unique identifier.
This user gives out this unique identifier to people whom she wants to communicate with via IM. Blocking specific ports on the firewalls is not usually effective because the IM
traffic may be using common ports that need to be open (HTTP port 80 and FTP port 21). Many of the IM clients autoconfigure themselves to work on another port if their default
port is unavailable and blocked by the firewall.
A is incorrect because in addition to text messages, instant messaging allows for files to be transferred from system to system. These files could contain sensitive information,
putting the company at business and legal risk. And, of course, sharing files over IM can eat up network bandwidth and impact network performance as a result.
B is incorrect because the statement is true. Because of the lack of strong authentication, accounts can be spoofed so that the receiver accepts information from a malicious
user instead of the legitimate sender. There have also been numerous buffer overflow and malformed packet attacks that have been successful with different IM clients. These
attacks are usually carried out with the goal of obtaining unauthorized access to the victim’s system.
D is incorrect because Brad should include in his presentation the need for a security policy specifying IM usage restrictions. This is just one of several best practices for
protecting an environment from IM-related security breaches. Other best practices include implementing an integrated antivirus/ firewall product on all computers, configuring
firewalls to block IM traffic, upgrading IM software to more secure versions, and implementing corporate IM servers so that internal employees communicate within the
organization’s network only.

One Comment on “Which of the following should not be included in his presentation?

  1. joe says:

    Instant messaging (IM) allows people to communicate with one another through a type of real-time and personal chat room. It alerts individuals when someone who is on
    their “buddy list” has accessed the intranet/ Internet so that they can send text messages back and forth in real time. The technology also allows for files to be transferred from system to system.
    即時消息(IM)可以讓人們通過一個類型的實時性和個人的聊天室相互通信。它提醒個人,當有人誰是
    他們的“好友列表”已經訪問互聯網/網絡,以便他們可以發送短信實時來回。該技術還允許文件被從轉移




    0



    0

Leave a Reply