1. Categories >> Certifications >> CISA Certification
  2. Suggest New Category

Use of asymmetric encryption in an Internet e-commerce site,
where there is one private key for the hosting server and
the public key is widely distributed to the customers, is
MOST likely to provide comfort to the:

A. customer over the authenticity of the hosting organization.

B. hosting organization over the authenticity of the customer.

C. customer over the confidentiality of messages from the
hosting organization.

D. hosting organization over the confidentiality of messages
passed to the customer.

Question Posted / guest


Use of asymmetric encryption in an Internet e-commerce site, where there is one private key for the..

Answer / guest

Answer: A

Any false site will not be able to encrypt using the private
key of the real site, so the customer would not be able to
decrypt the message using the public key. Many customers
have access to the same public key so the host cannot use
this mechanism to ensure the authenticity of the customer.
The customer cannot be assured of the confidentiality of
messages from the host as many people have access to the
public key and can decrypt the messages from the host. The
host cannot be assured of the confidentiality of messages
sent out, as many people have access to the public key and
can decrypt them.

Is This Answer Correct ?    4 Yes 0 No

Post New Answer

More CISA Certification Interview Questions

When using public key encryption to secure data being transmitted across a network: A. both the key used to encrypt and decrypt the data are public. B. the key used to encrypt is private, but the key used to decrypt the data is public. C. the key used to encrypt is public, but the key used to decrypt the data is private. D. both the key used to encrypt and decrypt the data are private.

1 Answers  

The intent of application controls is to ensure that when inaccurate data is entered into the system, the data is: A. accepted and processed. B. accepted and not processed. C. not accepted and not processed. D. not accepted and processed.

1 Answers  

Which of the following is a continuity plan test that uses actual resources to simulate a system crash to cost-effectively obtain evidence about the plan's effectiveness? A. Paper test B. Post test C. Preparedness test D. Walk-through

2 Answers  

An IT steering committee would MOST likely perform which of the following functions? A. Placement of a purchase order with the approved IT vendor B. Installation of systems software and application software C. Provide liaison between IT department and user department D. Interview staff for the IT department

2 Answers  

An IS auditor performing a review of an application's controls would evaluate the: A. efficiency of the application in meeting the business processes. B. impact of any exposures discovered. C. business processes served by the application. D. the application's optimization.

1 Answers  




An IS auditor performing a review of the IS department discovers that formal project approval procedures do not exist. In the absence of these procedures the IS manager has been arbitrarily approving projects that can be completed in a short duration and referring other more complicated projects to higher levels of management for approval. The IS auditor should recommend as a FIRST course of action that: A. users participate in the review and approval process. B. formal approval procedures be adopted and documented. C. projects be referred to appropriate levels of management for approval. D. the IS manager's job description be changed to include approval authority.

2 Answers  

When auditing a mainframe operating system, what would the IS auditor do to establish which control features are in operation? A. Examine the parameters used when the system was generated B. Discuss system parameter options with the vendor C. Evaluate the systems documentation and installation guide D. Consult the systems programmers

1 Answers  

An IS auditor has just completed a review of an organization that has a mainframe and a client-server environment where all production data reside. Which of the following weaknesses would be considered the MOST serious? A. The security officer also serves as the database administrator (DBA.) B. Password controls are not administered over the client/server environment. C. There is no business continuity plan for the mainframe system?s non-critical applications. D. Most LANs do not back up file server fixed disks regularly.

1 Answers  

Which of the following is a telecommunication device that translates data from digital form to analog form and back to digital? A. Multiplexer B. Modem C. Protocol converter D. Concentrator

2 Answers  

The device that connects two networks at the highest level of the ISO-OSI framework ( i.e., application layer) is a A. Gateway B. Router C. Bridge D. Brouter

1 Answers  

Electronic signatures can prevent messages from being: A. suppressed. B. repudiated. C. disclosed. D. copied.

1 Answers  

The primary role of an IS auditor during the system design phase of an application development project is to: A. advise on specific and detailed control procedures. B. ensure the design accurately reflects the requirement. C. ensure all necessary controls are included in the initial design. D. advise the development manager on adherence to the schedule.

1 Answers  

For more CISA Certification Interview Questions Click Here
Categories
  • Cisco Certifications Interview Questions Cisco Certifications (2321)
  • Microsoft Certifications Interview Questions Microsoft Certifications (171)
  • Sun Certifications Interview Questions Sun Certifications (45)
  • CISA Certification Interview Questions CISA Certification (744)
  • Oracle Certifications Interview Questions Oracle Certifications (64)
  • ISTQB Certification Interview Questions ISTQB Certification (109)
  • Certifications AllOther Interview Questions Certifications AllOther (295)