CISA Certified Information Systems Auditor – Question2882

During the review of a web-based software development project, an IS auditor realizes that coding standards are not enforced and code reviews are rarely carried out. This will MOST likely increase the likelihood of a successful:

A.
buffer overflow.
B. brute force attack.
C. distributed denial-of-service attack.
D. war dialing attack.

Correct Answer: A

Explanation:

Explanation:
Poorly written code, especially in web-based applications, is often exploited by hackers using buffer overflow techniques. A brute force attack is used to crack passwords. A distributed denial- of-service attack floods its target with numerous packets, to prevent it from responding to legitimate requests. War dialing uses modem-scanning tools to hack PBXs.