Certified Information Systems Auditor (CISA) — Question 910

If enabled within firewall rules, which of the following services would present the GREATEST risk?

Answer options

• A. File transfer protocol (FTP)
• B. Simple object access protocol (SOAP)
• C. Hypertext transfer protocol (HTTP)
• D. Simple mail transfer protocol (SMTP)

Correct answer: A

Explanation

File Transfer Protocol (FTP) presents the greatest risk because it transmits data in plain text, making it vulnerable to interception and exploitation. In contrast, protocols like SOAP, HTTP, and SMTP can be secured with additional measures, reducing their risk profile compared to FTP.