An IS auditor should be MOST concerned with what aspect of an authorized honeypot?
A.
The data collected on attack methods
B.
The information offered to outsiders on thehoneypot
C.
The risk that thehoneypot could be used to launch further attacks on the organization’s
infrastructure
D.
The risk that thehoneypot would be subject to a distributed denial-of-service attack
Explanation:
Choice C represents the organizational risk that the honeypot could be used as a point of access to
launch further attacks on the enterprise’s systems. Choices A and B are purposes for deploying a
honeypot , not a concern. Choice D, the risk that thehoneypot would be subject to a distributed
denial-of-service ( DDoS ) attack, is not relevant, as the honeypot is not a critical device for providing
service.