CISA Certified Information Systems Auditor – Question1564

An IS auditor notes that IDS log entries related to port scanning are not being analyzed. This lack of analysis will MOST likely increase the risk of success of which of the following attacks?

A.
Denial-of-service
B. Replay
C. Social engineering
D. Buffer overflow

Correct Answer: A

Explanation:

Explanation:
Prior to launching a denial-of-service attack, hackers often use automatic port scanning software to acquire information about the subject of their attack. A replay attack is simply sending the same packet again. Social engineering exploits end-user vulnerabilities, and buffer overflow attacks exploit poorly written code.