Which of the following provides nonrepudiation services for
e-commerce transactions?
A. Public key infrastructure (PKI)
B. Data encryption standard (DES)
C. Message authentication code (MAC)
D. Personal identification number (PIN)
- 1 Answers
- 7194 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: A
PKI is the administrative infrastructure for digital
certificates and encryption key-pairs. The tests of an
acceptable digital signature are: it is unique to the person
using it, it is capable of verification, it is under the
sole control of the person using it and it is linked to data
in such a manner that if data are changed, the digital
signature is invalidated. PKI meets these tests. The data
encryption standard (DES) is the most common private-key
cryptographic system. DES does not address non-repudiation.
A MAC is a cryptographic value calculated by passing an
entire message through a cipher system. The sender attaches
the MAC before transmission and the receiver recalculates
the MAC and compares it to the sent MAC. If the two MACs are
not equal, this indicates that the message has been altered
during transmission. It has nothing to do with
non-repudiation. A PIN is a type of password, a secret
number assigned to an individual which, in conjunction with
some other means of identification serves to verify the
authenticity of the individual.
| Is This Answer Correct ? | 9 Yes | 0 No |
During an audit of a reciprocal disaster recovery agreement between two companies, the IS auditor would be PRIMARILY concerned about: A. the soundness of the impact analysis. B. hardware and software compatibility. C. differences in IS policies and procedures. D. frequency of system testing.
Which of the following is the PRIMARY safeguard for securing software and data within an information processing facility? A. Security awareness B. Reading the security policy C. Security committee D. Logical access controls
Which of the following is a threat? A. Lack of security B. Loss of goodwill C. Power outage D. Information services
Which of the following risks would be increased by the installation of a database system? A. Programming errors B. Data entry errors C. Improper file access D. Loss of parity
An IS auditor has recently discovered that because of a shortage of skilled operations personnel, the security administrator has agreed to work one late-night shift a month as the senior computer operator. The MOST appropriate course of action for the IS auditor is to: A. advise senior management of the risk involved. B. agree to work with the security officer on these shifts as a form of preventative control. C. develop a computer-assisted audit technique to detect instances of abuses of this arrangement. D. review the system log for each of the late-night shifts to determine whether any irregular actions occurred.
During the course of an audit, the IS auditor discovers that the human resources (HR) department uses a cloud-based application to manage employee records. The HR department engaged in a contract outside of the normal vendor management process and manages the application on its own. Which of the following choices is of MOST concern? A. Maximum acceptable downtime metrics have not been defined in the contract. B. The IT department does not manage the relationship with the cloud vendor. C. The help desk call center is in a different country, with different privacy requirements. D. Company-defined security policies are not applied to the cloud application.
Which of the following protocols would be involved in the implementation of a router and interconnectivity device monitoring system? A. Simple network management B. File transfer C. Simple Mail Transfer Protocol D. Telnet
Which of the following controls will detect MOST effectively the presence of bursts of errors in network transmissions? A. Parity check B. Echo check C. Block sum check D. Cyclic redundancy check
The primary role of an IS auditor during the system design phase of an application development project is to: A. advise on specific and detailed control procedures. B. ensure the design accurately reflects the requirement. C. ensure all necessary controls are included in the initial design. D. advise the development manager on adherence to the schedule.
An IS auditor is assigned to perform a post implementation review of an application system. Which of the following situations may have impaired the independence of the IS auditor? The IS auditor: A. implemented a specific control during the development of the application system. B. designed an embedded audit module exclusively for auditing the application system. C. participated as a member of the application system project team, but did not have operational responsibilities. D.provided consulting advice concerning application system best practices.
Which of the following systems-based approaches would a financial processing company employ to monitor spending patterns to identify abnormal patterns and report them? A. A neural network B. Database management software C. Management information systems D. Computer assisted audit techniques
1. which of the following is used to achieve accountability. a.identification b. authentication c. authorization d. iniation
Cisco Certifications 
