Section: Protection of Information Assets
Explanation:
Due to the additional cost of disaster recovery planning (DRP) measures, the cost of normal operations for
any organization will always increase after a DRP implementation, i.e., the cost of normal operations during
a nondisaster period will be more than the cost of operations during a nondisaster period when no disaster
recovery plan was in place.

Section: Protection of Information Assets
Explanation:
Honeypots are computer systems that are expressly set up to attract and trap individuals who attempt to
penetrate other individuals' computer systems. The concept of a honeypot is to learn from intruder's
actions. A properly designed and configured honeypot provides data on methods used to attack systems.
The data are then used to improve measures that could curb future attacks. A firewall is basically a
preventive measure. Trapdoors create a vulnerability that provides an opportunity for the insertion of
unauthorized code into a system. Traffic analysis is a type of passive attack.

Section: Protection of Information Assets
Explanation:
Detection risks are directly affected by the auditor's selection of audit procedures and techniques. Inherent risks are not usually affected by an IS auditor. Control risks are controlled by the actions of the company's management. Business risks are not affected by an IS auditor.

Explanation/Reference:
Explanation:
As part of the IEEE 802.11 standard ratified in September 1999, WEP uses the stream cipher RC4 for confidentiality and the CRC-32 checksum for integrity.

RAID level 1 provides disk mirroring. Data written to one disk are also written to another disk. Users in the network access data in the first disk; if disk one fails, the second disk takes over. This redundancy ensures the availability of datA . RAID level 1 does not improve performance, has no relevance to authentication and does nothing to provide for data confidentiality.