Match term to definition
1-73 of 73
Select a definition to match it with its term
A perpetrator looking to gain access to and gather information about encrypted data being
transmitted over a network would MOST likely use:
Give this one a go later!
traffic analysis.
,Which of the following criteria are MOST needed to ensure that log information is admissible
in court? Ensure that data have been:
Give this one a go later!
verified to ensure log integrity.
An IS auditor has found that employees are emailing sensitive company information to public
web-based email domains. Which of the following is the BEST remediation option for the IS
auditor to recommend?
Give this one a go later!
Data loss prevention
An IS auditor reviewing the implementation of an intrusion detection system (IDS) should be
MOST concerned if:
Give this one a go later!
the IDS is used to detect encrypted traffic.
An IS auditor discovers that uniform resource locators (URLs) for online control self-
assessment questionnaires are sent using URL shortening services. The use of URL shortening
services would MOST likely increase the risk of which of the following attacks?
, Give this one a go later!
Phishing
Web application developers sometimes use hidden fields on web pages to save information
about a client session. This technique is used, in some cases, to store session variables that
enable persistence across web pages, such as maintaining the contents of a shopping cart on
a retail web site application. The MOST likely web-based attack due to this practice is:
Give this one a go later!
parameter tampering.
A company determined that its web site was compromised, and a rootkit was installed on the
server hosting the application. Which of the following choices would have MOST likely
prevented the incident?
Give this one a go later!
A host-based intrusion prevention system
Which of the following methods BEST mitigates the risk of disclosing confidential information
through the use of social networking sites?
Give this one a go later!
Providing security awareness training
1-73 of 73
Select a definition to match it with its term
A perpetrator looking to gain access to and gather information about encrypted data being
transmitted over a network would MOST likely use:
Give this one a go later!
traffic analysis.
,Which of the following criteria are MOST needed to ensure that log information is admissible
in court? Ensure that data have been:
Give this one a go later!
verified to ensure log integrity.
An IS auditor has found that employees are emailing sensitive company information to public
web-based email domains. Which of the following is the BEST remediation option for the IS
auditor to recommend?
Give this one a go later!
Data loss prevention
An IS auditor reviewing the implementation of an intrusion detection system (IDS) should be
MOST concerned if:
Give this one a go later!
the IDS is used to detect encrypted traffic.
An IS auditor discovers that uniform resource locators (URLs) for online control self-
assessment questionnaires are sent using URL shortening services. The use of URL shortening
services would MOST likely increase the risk of which of the following attacks?
, Give this one a go later!
Phishing
Web application developers sometimes use hidden fields on web pages to save information
about a client session. This technique is used, in some cases, to store session variables that
enable persistence across web pages, such as maintaining the contents of a shopping cart on
a retail web site application. The MOST likely web-based attack due to this practice is:
Give this one a go later!
parameter tampering.
A company determined that its web site was compromised, and a rootkit was installed on the
server hosting the application. Which of the following choices would have MOST likely
prevented the incident?
Give this one a go later!
A host-based intrusion prevention system
Which of the following methods BEST mitigates the risk of disclosing confidential information
through the use of social networking sites?
Give this one a go later!
Providing security awareness training
