Interested to Buy Any Domain ? << Click Here >> for more details...
A single digitally signed instruction was given to a
financial institution to credit a customer's account. The
financial institution received the instruction three times
and credited the account three times. Which of the following
would be the MOST appropriate control against such multiple
credits?
A. Encrypting the hash of the payment instruction with the
public key of the financial institution.
B. Affixing a time stamp to the instruction and using it to
check for duplicate payments.
C. Encrypting the hash of the payment instruction with the
private key of the instructor.
D. Affixing a time stamp to the hash of the instruction
before being digitally signed by the instructor.
- 1 Answers
- 7151 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: B
Affixing a time stamp to the instruction and using it to
check for duplicate payments makes the instruction unique.
The financial institution can check that the instruction was
not intercepted and replayed and thus it could prevent
crediting the account three times. Encrypting the hash of
the payment instruction with the public key of the financial
institution does not protect replay, it only protects
confidentiality and integrity of the instruction. Encrypting
the hash of the payment instruction with the private key of
the instructor ensures integrity of the instruction and
nonrepudiation of the issued instruction. The process of
creating a message digest requires applying a cryptographic
hashing algorithm to the entire message. The receiver, upon
decrypting the message digest, will re-compute the hash
using the same hashing algorithm and compare the result with
what was sent. Hence, affixing a time stamp into the hash of
the instruction before being digitally signed by the
instructor would violate the integrity requirements of
digital signature.
| Is This Answer Correct ? | 2 Yes | 0 No |
The responsibility for designing, implementing and maintaining a system of internal control lies with: A. the IS auditor. B. management. C. the external auditor. D. the programming staff.
Which of the following functions would be acceptable for the security administrator to perform in addition to his/her normal functions? A. Systems analyst B. Quality assurance C. Computer operator D. Systems programmer
When planning an audit of a network set up, the IS auditor should give highest priority to obtaining which of the following network documentation? A. Wiring and schematic diagram B. Users list and responsibilities C. Applications list and their details D. Backup and recovery procedures
Which of the following is an output control objective? A. Maintenance of accurate batch registers B. Completeness of batch processing C. Appropriate accounting for rejections and exceptions D. Authorization of file updates
Which of the following is a practice that should be incorporated into the plan for testing disaster recovery procedures? A. Invite client participation. B. Involve all technical staff. C. Rotate recovery managers. D. Install locally stored backup.
A PING command is used to measure: A. attenuation. B. throughput. C. delay distortion. D. latency.
Which of the following is a continuity plan test that uses actual resources to simulate a system crash to cost-effectively obtain evidence about the plan's effectiveness? A. Paper test B. Post test C. Preparedness test D. Walk-through
Is it appropriate for an IS auditor from a company that is considering outsourcing its IS processing to request and review a copy of each vendor's business continuity plan? A. Yes, because the IS auditor will evaluate the adequacy of the service bureau's plan and assist his/her company in implementing a complementary plan. B. Yes, because, based on the plan, the IS auditor will evaluate the financial stability of the service bureau and its ability to fulfill the contract. C. No, because the backup to be provided should be specified adequately in the contract. D. No, because the service bureau's business continuity plan is proprietary information.
Which of the following would be a compensating control to mitigate risks resulting from an inadequate segregation of duties? A. Sequence check B. Check digit C. Source documentation retention D. Batch control reconciliations
To determine which users can gain access to the privileged supervisory state, which of the following should an IS auditor review? A. System access log files B. Enabled access control software parameters C. Logs of access control violations D. System configuration files for control options used
The security level of a private key system depends on the number of: A. encryption key bits. B. messages sent. C. keys. D. channels used.
Compensating controls are intended to: A. reduce the risk of an existing or potential control weakness. B. predict potential problems before they occur. C. remedy problems discovered by detective controls. D. report errors or omissions.
Cisco Certifications 
