Which of the following would an IS auditor consider a
weakness when performing an audit of an organization that
uses a public key infrastructure with digital certificates
for its business-to-consumer transactions via the Internet?
A. Customers are widely dispersed geographically, but not
the certificate authorities.
B. Customers can make their transactions from any computer
or mobile device.
C. The certificate authority has several data processing
subcenters to administrate certificates.
D. The organization is the owner of the certificate authority.
- 1 Answers
- 8959 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: D
If the certificate authority belongs to the same
organization, this would generate a conflict of interest. If
a customer wanted to repudiate a transaction, he/she could
allege that there exists an unlawful agreement between the
parties generating the certificates, because of the shared
interests. If a customer wanted to repudiate a transaction,
he/she could believe that there exists a bribery between the
parties to generate the certificates, as there exist shared
interests. The other options are not weaknesses.
| Is This Answer Correct ? | 5 Yes | 0 No |
An advantage in using a bottom-up versus a top-down approach to software testing is that: A. interface errors are detected earlier. B. confidence in the system is achieved earlier. C. errors in critical modules are detected earlier. D. major functions and processing are tested earlier.
The knowledge base of an expert system that uses questionnaires to lead the user through a series of choices before a conclusion is reached is known as: A. rules. B. decision trees. C. semantic nets. D. data flow diagrams.
To prevent unauthorized entry to the data maintained in a dial-up fast response system, an IS auditor should recommend: A. online terminals be placed in restricted areas. B. online terminals be equipped with key locks. C. ID cards be required to gain access to online terminals. D. online access be terminated after three unsuccessful attempts.
The MOST effective method of preventing unauthorized use of data files is: A. automated file entry. B. tape librarian. C. access control software. D. locked library.
The reliability of an application system's audit trail may be questionable if: A. user IDs are recorded in the audit trail. B. the security administrator has read-only rights to the audit file. C. date time stamps record when an action occurs. D. users can amend audit trail records when correcting system errors.
The MOST appropriate person to chair the steering committee for a system development project with significant impact on a business area would be the: A. business analyst. B. chief information officer. C. project manager. D. executive level manager.
Which of the following reports should an IS auditor use to check compliance with a service level agreement (SLA) requirement for uptime? A. Utilization reports B. Hardware error reports C. System logs D. Availability reports
Java applets and ActiveX controls are distributed executable programs that execute in the background of a web browser client. This practice is considered reasonable when: A. a firewall exists. B. a secure web connection is used. C. the source of the executable is certain. D. the host website is part of your organization.
Which is the first software capability maturity model (CMM) level to include a standard software development process? A. Initial (level 1) B. Repeatable (level 2) C. Defined (level 3) D. Optimizing (level 5)
Which of the following is a technique that could be used to capture network user passwords? A. Encryption B. Sniffing C. Spoofing D. A signed document cannot be altered.
The review of router access control lists should be conducted during a/an: A. environmental review. B. network security review. C. business continuity review. D. data integrity review.
When developing a risk-based audit strategy, an IS auditor should conduct a risk assessment to ensure that:
Cisco Certifications 
