46、During the review of a web-based software development project, an IS auditor realizes that coding standards are not enforced and code reviews are rarely carried out. This will MOST likely increase the likelihood of a successful:
A、buffer overflow.
B、brute force attack.
C、distributed denial-of-service attack.
D、war dialing attack.
ANSWER: A
NOTE: Poorly written code, especially in web-based applications, is often exploited by hackers using buffer overflow techniques. A brute force attack is used to crack passwords. A distributed denial-of-service attack floods its target with numerous packets, to prevent it from responding to legitimate requests. War dialing uses modem-scanning tools to hack PBXs.
46.在审查一个基于web的软件开放项目的过程中，信息系统审计师意识到编程代码标准不是强制性的，并且代码的审查也很少执行。 这将会最可能增加下列哪个选项发生的可能性：
A.缓冲区溢出
B.强力攻击
C.分布式拒绝服务攻击
D.战争(扫描)拨号攻击