A single digitally signed instruction was given to a
financial institution to credit a customer's account. The
financial institution received the instruction three times
and credited the account three times. Which of the following
would be the MOST appropriate control against such multiple
credits?
A. Encrypting the hash of the payment instruction with the
public key of the financial institution.
B. Affixing a time stamp to the instruction and using it to
check for duplicate payments.
C. Encrypting the hash of the payment instruction with the
private key of the instructor.
D. Affixing a time stamp to the hash of the instruction
before being digitally signed by the instructor.
- 1 Answers
- 5902 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: B
Affixing a time stamp to the instruction and using it to
check for duplicate payments makes the instruction unique.
The financial institution can check that the instruction was
not intercepted and replayed and thus it could prevent
crediting the account three times. Encrypting the hash of
the payment instruction with the public key of the financial
institution does not protect replay, it only protects
confidentiality and integrity of the instruction. Encrypting
the hash of the payment instruction with the private key of
the instructor ensures integrity of the instruction and
nonrepudiation of the issued instruction. The process of
creating a message digest requires applying a cryptographic
hashing algorithm to the entire message. The receiver, upon
decrypting the message digest, will re-compute the hash
using the same hashing algorithm and compare the result with
what was sent. Hence, affixing a time stamp into the hash of
the instruction before being digitally signed by the
instructor would violate the integrity requirements of
digital signature.
| Is This Answer Correct ? | 2 Yes | 0 No |
Which of the following group/individuals should assume overall direction and responsibility for costs and timetables of system development projects? A. User management B. Project steering committee C. Senior management D. Systems development management
The implementation of cost-effective controls in an automated system is ultimately the responsibility of the: A. system administrator. B. quality assurance function. C. business unit management. D. chief of internal audit.
A primary function of risk management is the identification of cost-effective controls. In selecting appropriate controls, which of the following methods is best to study the effectiveness of adding various safeguards in reducing vulnerabilities? A. "What if" analysis B. Traditional cost/benefit analysis C. Screening analysis D. A "back-of-the-envelope" analysis
A data warehouse is: A. object orientated. B. subject orientated. C. departmental specific. D. a volatile databases.
Which of the following is the BEST audit procedure to determine if a firewall is configured in compliance with an organization's security policy? A. Review the parameter settings B. Interview the firewall administrator C. Review the actual procedures D. Review the device's log file for recent attacks
The MAJOR advantage of the risk assessment approach over the baseline approach to information security management is that it ensures: A. information assets are over protected. B. a basic level of protection is applied regardless of asset value. C. appropriate levels of protection are applied to information assets. D. an equal proportion of resources are devoted to protecting all information assets.
As part of the business continuity planning process, which of the following should be identified FIRST in the business impact analysis (BIA)? A. Organizational risks, such as single point-of-failure and infrastructure risk B. Threats to critical business processes C. Critical business processes for ascertaining the priority for recovery D. Resources required for resumption of business
Which of the following can be used to verify output results and control totals by matching them against the input data and control totals? A. Batch header forms B. Batch balancing C. Data conversion error corrections D. Access controls over print spools
Which of the following BEST describes the objectives of following a standard system development methodology? A. To ensure that appropriate staffing is assigned and to provide a method of controlling costs and schedules B. To provide a method of controlling costs and schedules and to ensure communication among users, IS auditors, management and IS personnel C. To provide a method of controlling costs and schedules and an effective means of auditing project development D. To ensure communication among users, IS auditors, management and personnel and to ensure that appropriate staffing is assigned
Which of the following goals would you expect to find in an organization's strategic plan? A. Test a new accounting package. B. Perform an evaluation of information technology needs. C. Implement a new project planning system within the next 12 months. D. Become the supplier of choice within a given time period for the product offered.
Without compensating controls, which of the following functions would represent a risk if combined with that of a system analyst? A. Application programming B. Data entry C. Quality assurance D. Database administrator
Which of the following is the primary purpose for conducting parallel testing? A. To determine if the system is cost-effective. B. To enable comprehensive unit and system testing. C. To highlight errors in the program interfaces with files. D. To ensure the new system meets user requirements.
Cisco Certifications 
