CISA Certified Information Systems Auditor – Question2185

Private Branch Exchange(PBX) environment involves many security risks, one of which is the people both internal and external to an organization. Which of the following risks are NOT associated with Private Branch Exchange?
1. Theft of service
2. Disclosure of information
3. Data Modifications
4. Denial of service
5. Traffic Analysis

A.
3 and 4
B. 4 and 5
C. 1-4
D. They are ALL risks associated with PBX

Correct Answer: D

Explanation:

Explanation:
The NOT is a keyword used in the question. You need to find out the risks which are NOT associated with PBX. All the risk listed within the options are associated with PBX.
The threat of the PBX telephone system is many, depending on the goals of these attackers, and include:
Theft of service – Toll fraud, probably the most common of motives for attacker.
Disclosure of Information – Data disclosed without authorization, either by deliberate actionably accident. Examples includes eavesdropping on conversation and unauthorized access to routing and address data.
Data Modification – Data altered in some meaningful way by recording, deleting or modifying it. For example, an intruder may change billing information or modify system table to gain additional services.
Unauthorized access – Actions that permit an unauthorized user to gain access to system resources or privileges.
Denial of service – Actions that prevent the system from functioning in accordance with its intended purpose. A piece of equipment or entity may be rendered inoperable or forced to operate in a degraded state; operations that depend on timeliness may be delayed.
Traffic Analysis – A form of passive attack in which an intruder observes information about calls and make inferences, e.g. from the source and destination number or frequency and length of messages. For example, an intruder observes a high volume of calls between a company’s legal department and patent office, and conclude that a patent is being filed.
The following were incorrect answers:
All the risks presented in options are associated with PBX. So other options are not valid.
Reference:
CISA review manual 2014 Page number356