Certified Information Systems Auditor (CISA) Question:

An organization provides information to its supply-chain partners and customers through an extranet infrastructure. Which of the following should be the GREATEST concern to an IS auditor reviewing the firewall security architecture?

Answer:

1. A secure sockets layer (SSL) has been implemented for user authentication and remote administration of the firewall.
2. On the basis of changing requirements, firewall policies are updated.
3. Inbound traffic is blocked unless the traffic type and connections have been specifically permitted.
4. The firewall is placed on top of the commercial operating system with all installation options.

Answer: D

Previous Question	Next Question
An IS auditor is performing a network security review of a telecom company that provides Internet connection services to shopping malls for their wireless customers. The company uses wireless transport layer security (WTLS) and secure socket layers (SSL) technology for protecting their customers payment information. The IS auditor should be MOST concerned, if a hacker:	Which of the following cryptography options would increase overhead/cost?