During an audit of a telecommunications system, an IS auditor finds that the risk of intercepting data
transmitted to and from remote sites is very high. The MOST effective control for reducing this
exposure is:

An internet-based attack using password sniffing can:

Which of the following controls would be the MOST comprehensive in a remote access network with
multiple and diverse subsystems?

During an audit of an enterprise that is dedicated to e-commerce, the IS manager states that digital
signatures are used when receiving communications from customers. To substantiate this, an IS
auditor must prove that which of the following is used?

When planning an audit of a network setup, an IS auditor should give highest priority to obtaining
which of the following network documentation?

Which of the following encrypt/decrypt steps provides the GREATEST assurance of achieving
confidentiality, message integrity and nonrepudiation by either sender or recipient?

An organization is considering connecting a critical PC-based system to the Internet. Which of the
following would provide the BEST protection against hacking?

Use of asymmetric encryption in an internet e-commerce site, where there is one private key for the
hosting server and the public key is widely distributed to the customers, is MOST likely to provide
comfort to the:

Which of the following is the MOST secure and economical method for connecting a private network
over the Internet in a small- to medium-sized organization?

The potential for unauthorized system access by way of terminals or workstations within an
organization’s facility is increased when: