Which of the following provides the GREATEST assurance of
message authenticity?
A. The pre-hash code is derived mathematically from the
message being sent.
B. The pre-hash code is encrypted using the sender's private
key.
C. Encryption of the pre-hash code and the message using the
secret key.
D. Sender attains the recipient's public key and verifies
the authenticity of its digital certificate with a
certificate authority.
- 1 Answers
- 7159 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: B
Encrypting the pre-hash code using the sender's private key
provides assurance of the authenticity of the message.
Mathematically deriving the pre-hash code provides integrity
to the message. Encrypting the pre-hash code and the message
using the secret key provides confidentiality.
| Is This Answer Correct ? | 10 Yes | 1 No |
Which of the following independent duties is traditionally performed by the data control group? A. Access to data B. Authorization tables C. Custody of assets D. Reconciliation
Classification of information systems is essential in business continuity planning. Which of the following system types can not be replaced by manual methods? A. Critical system B. Vital system C. Sensitive system D. Non-critical system
Which of the following is an example of a passive attack, initiated through the Internet? A. Traffic analysis B. Masquerading C. Denial of service D. E-mail spoofing
An IS auditor reviewing operating system access discovers that the system is not secured properly. In this situation, the IS auditor is LEAST likely to be concerned that the user might: A. create new users. B. delete database and log files. C. access the system utility tools. D. access the system writeable directories.
In a small organization, an employee performs computer operations and, when the situation demands, program modifications. Which of the following should the IS auditor recommend? A. Automated logging of changes to development libraries B. Additional staff to provide separation of duties C. Procedures that verify that only approved program changes are implemented D. Access controls to prevent the operator from making program modifications
Which of the following is a control to compensate for a programmer having access to accounts payable production data? A. Processing controls such as range checks and logic edits B. Reviewing accounts payable output reports by data entry C. Reviewing system-produced reports for checks (cheques) over a stated amount D. Having the accounts payable supervisor match all checks (cheques) to approved invoices
A manufacturing firm wants to automate its invoice payment system. Objectives state that the system should require considerably less time for review and authorization and the system should be capable of identifying errors that require follow up. Which of the following would BEST meet these objectives? A. Establishing an inter-networked system of client servers with suppliers for increased efficiencies B. Outsourcing the function to a firm specializing in automated payments and accounts receivable/invoice processing C. Establishing an EDI system of electronic business documents and transactions with key suppliers, computer to computer, in a standard format D. Reengineering the existing processing and redesigning the existing system
An IS auditor conducting a review of software usage and licensing discovers that numerous PCs contain unauthorized software. Which of the following actions should the IS auditor take? A. Personally delete all copies of the unauthorized software. B. Inform auditee of the unauthorized software, and follow up to confirm deletion. C. Report the use of the unauthorized software to auditee management and the need to prevent recurrence. D. Take no action, as it is a commonly accepted practice and operations management is responsible for monitoring such use.
Which of the following is the MOST critical element of an effective disaster recovery plan (DRP)? A. Offsite storage of backup data B. Up-to-date list of key disaster recovery contacts C. Availability of a replacement data center D. Clearly defined recovery time objective (RTO)
Which of the following is a technique that could be used to capture network user passwords? A. Encryption B. Sniffing C. Spoofing D. A signed document cannot be altered.
A large chain of shops with EFT at point-of-sale devices has a central communications processor for connecting to the banking network. Which of the following is the BEST disaster recovery plan for the communications processor? A. Offsite storage of daily backups B. Alternative standby processor onsite C. Installation of duplex communication links D. Alternative standby processor at another network node
Programs that can run independently and travel from machine to machine across network connections, with the ability to destroy data or utilize tremendous computer and communication resources, are referred to as: A. trojan horses. B. viruses. C. worms. D. logic bombs.
Cisco Certifications 
