CISA Certified Information Systems Auditor – Question1602

Which of the following would be the GREATEST cause for concern when data are sent over the Internet using HTTPS protocol?

A.
Presence of spyware in one of the ends
B. The use of a traffic sniffing tool
C. The implementation of an RSA-compliant solution
D. A symmetric cryptography is used for transmitting data

Correct Answer: A

Explanation:

Explanation:
Encryption using secure sockets layer/transport layer security (SSL/TLS) tunnels makes it difficult to intercept data in transit, but when spyware is running on an end user’s computer, data are collected before encryption takes place. The other choices are related to encrypting the traffic, but the presence of spyware in one of the ends captures the data before encryption takes place.