Which of the following would an IS auditor consider a weakness when performing an audit of an organization that uses a public key infrastructure (PKI) with digital certificates for its business-to-consumer transactions via the Internet?
A. Customers are widely dispersed geographically, but the certificate authorities (CAs) are not.
B. Customers can make their transactions from any computer or mobile device.
C. The CA has several data processing subcenters to administer certificates.
D. The organization is the owner of the CA.
- 1 Answers
- 2749 Views
- I also Faced
- E-Mail Answers
Answer / heather chatterjee
D is the Correct Answer.
A. It is common to use a single certificate authority (CA). They do not need to be geographically dispersed.
B. The use of public key infrastructure (PKI) and certificates allows flexible secure communications from many devices.
C. The CA will often have redundancy and failover capabilities to alternate data centers.
D. If the CA belongs to the same organization, this would pose a risk. The management of a CA must be based on trusted and secure procedures. If the organization has not set in place the controls to manage the registration, distribution and revocation of certificates this could lead to a compromise of the certificates and loss of trust.
| Is This Answer Correct ? | 5 Yes | 0 No |
The PRIMARY benefit of database normalization is the: A. minimization redundancy of information in tables required to satisfy users? needs. B. ability to satisfy more queries. C. maximization of database integrity by providing information in more than one table. D. minimization of response time through faster processing of information.
Which of the following controls would be MOST effective in ensuring that production source code and object code are synchronized? A. Release-to-release source and object comparison reports B. Library control software restricting changes to source code C. Restricted access to source code and object code D. Date and time-stamp reviews of source and object code
An IS auditor should use statistical sampling and not judgmental (nonstatistical) sampling, when: A. the probability of error must be objectively quantified. B. the auditor wants to avoid sampling risk. C. generalized audit software is unavailable. D. the tolerable error rate cannot be determined.
An IS auditor has been assigned to conduct a test that compares job run logs to computer job schedules. Which of the following observations would be of the GREATEST concern to the IS auditor? A. There are a growing number of emergency changes. B. There were instances when some jobs were not completed on time. C. There were instances when some jobs were overridden by computer operators. D. Evidence shows that only scheduled jobs were run.
An audit charter should: A. be dynamic and change often to coincide with the changing nature of technology and the audit profession. B. clearly state audit objectives for the delegation of authority for the maintenance and review of internal controls. C. document the audit procedures designed to achieve the planned audit objectives. D. outline the overall authority, scope and responsibilities of the audit function.
During an IS audit of the disaster recovery plan (DRP) of a global enterprise, the auditor observes that some remote offices have very limited local IT resources. Which of the following observations would be the MOST critical for the IS auditor? A. A test has not been made to ensure that local resources could maintain security and service standards when recovering from a disaster or incident. B. The corporate business continuity plan (BCP) does not accurately document the systems that exist at remote offices. C. Corporate security measures have not been incorporated into the test plan. D. A test has not been made to ensure that tape backups from the remote offices are usable.
The risk of an IS auditor using an inadequate test procedure and concluding that material errors do not exist when, in fact, they exist is:
An IS auditor evaluates the test results of a modification to a system that deals with payment computation. The auditor finds that 50 percent of the calculations do not match predetermined totals. Which of the following would MOST likely be the next step in the audit? A. Design further tests of the calculations that are in error. B. Identify variables that may have caused the test results to be inaccurate. C. Examine some of the test cases to confirm the results. D. Document the results and prepare a report of findings, conclusions and recommendations.
Disaster recovery planning for a company's computer system usually focuses on: A. operations turnover procedures. B. strategic long-range planning. C. the probability that a disaster will occur. D. alternative procedures to process transactions.
To meet pre-defined criteria, which of the following continuous audit techniques would BEST identify transactions to audit? A. Systems Control Audit Review File and Embedded Audit Modules (SCARF/EAM) B. Continuous and Intermittent Simulation (CIS) C. Integrated Test Facilities (ITF) D. Audit hooks
Birth date and marriage date items were switched while entering data. Which of the following data validation checks could detect this? A. Logical relationship B. Sequence C. Reasonableness D. Validity
Testing the connection of two or more system components that pass information from one area to another is: A. pilot testing. B. parallel testing C. interface testing. D. regression testing.
Cisco Certifications 
