Certified Internal Auditor (CIA) Part 3: Business Knowledge for Internal Auditing — Question 176

Which of the following statements is most accurate concerning the management and audit of a web server?

Answer options

• A. The file transfer protocol (FTP) should always be enabled.
• B. The simple mail transfer protocol (SMTP) should be operating under the most privileged accounts.
• C. The number of ports and protocols allowed to access the web server should be maximized.
• D. Secure protocols for confidential pages should be used instead of clear-text protocols such as HTTP or FTP.

Correct answer: D

Explanation

Option D is correct because secure protocols ensure that sensitive information is encrypted during transmission, protecting it from eavesdropping. Options A, B, and C are incorrect as they advocate for practices that could expose the web server to vulnerabilities, such as enabling unnecessary services or using privileged accounts for non-essential tasks.