Explanation/Reference:
Explanation:
Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. Software is considered malware based on the intent of the creator rather than any particular features. It includes computer viruses, worms, trojan horses, spyware, adware, and other malicious and unwanted software.

Function point analysis (FPA) provides an estimate of the size of an information system based on the number and complexity of a system's inputs, outputs, and files.

Explanation/Reference:
The word NOT the keyword used in the question. You need to find out the technique which preacher do not use to exploit PBX.
SYN Flood -Sends a flood of TCP/SYN packets with forged sender address, causing half-open connections and saturates available connection capacity on the target machine.
For CISA Exam you should know below mentioned techniques used by preacher for illegal purpose of PBX.
Eavesdropping on conversation, without the other parties being aware of it Eavesdropping on conference call
Illegal forwarding calls from specific equipment to remote numbers
Forwarding a user's to an unused or disabled number, thereby making it unreachable by external calls.
The following were incorrect answers:
The other options presented correctly describes the techniques used preacher for illegal purpose of PBX.
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 357

Section: Protection of Information Assets
Explanation:
Rebooting the system may result in a change in the system state and the loss of files and important evidence stored in memory. The other choices are appropriate actions for preserving evidence.

The compromise of the password is the highest risk. The best control is a preventive control through validation at the time the password is created or changed. Changing the company's security policy and educating users about the risks of weak passwords only provides information to users, but does little to enforce this control. Requiring a periodic review of matching user ID and passwords for detection and ensuring correction is a detective control.