Interested to Buy Any Domain ? << Click Here >> for more details...
Which of the following provides nonrepudiation services for
e-commerce transactions?
A. Public key infrastructure (PKI)
B. Data encryption standard (DES)
C. Message authentication code (MAC)
D. Personal identification number (PIN)
- 1 Answers
- 7954 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: A
PKI is the administrative infrastructure for digital
certificates and encryption key-pairs. The tests of an
acceptable digital signature are: it is unique to the person
using it, it is capable of verification, it is under the
sole control of the person using it and it is linked to data
in such a manner that if data are changed, the digital
signature is invalidated. PKI meets these tests. The data
encryption standard (DES) is the most common private-key
cryptographic system. DES does not address non-repudiation.
A MAC is a cryptographic value calculated by passing an
entire message through a cipher system. The sender attaches
the MAC before transmission and the receiver recalculates
the MAC and compares it to the sent MAC. If the two MACs are
not equal, this indicates that the message has been altered
during transmission. It has nothing to do with
non-repudiation. A PIN is a type of password, a secret
number assigned to an individual which, in conjunction with
some other means of identification serves to verify the
authenticity of the individual.
| Is This Answer Correct ? | 9 Yes | 0 No |
A company uses a bank to process its weekly payroll. Time sheets and payroll adjustment forms (e.g., hourly rate changes, terminations) are completed and delivered to the bank, which prepares checks (cheques) and reports for distribution. To BEST ensure payroll data accuracy: A. payroll reports should be compared to input forms. B. gross payroll should be recalculated manually. C. checks (cheques) should be compared to input forms. D. checks (cheques) should be reconciled with output reports.
Which of the following is an objective of a control self-assessment (CSA) program? A. Audit responsibility enhancement B. Problem identification C. Solution brainstorming D. Substitution for an audit
The PRIMARY reason for separating the test and development environments is to: A. restrict access to systems under test. B. segregate user and development staff. C. control the stability of the test environment. D. secure access to systems under development.
In an EDI process, the device which transmits and receives electronic documents is the: A. communications handler. B. EDI translator. C. application interface. D. EDI interface.
Which of the following audit tools is MOST useful to an IS auditor when an audit trail is required? A. Integrated test facility (ITF) B. Continuous and intermittent simulation (CIS) C. Audit hooks D. Snapshots
To reduce the possibility of losing data during processing, the FIRST point at which control totals should be implemented is: A. during data preparation. B. in transit to the computer. C. between related computer runs. D. during the return of the data to the user department.
Which of the following is the MOST effective means of determining which controls are functioning properly in an operating system? A. Consulting with the vendor B. Reviewing the vendor installation guide C. Consulting with the system programmer D. Reviewing the system generation parameters
Which of the following programs would a sound information security policy MOST likely include to handle suspected intrusions? A. Response B. Correction C. Detection D. Monitoring
Which of the following controls would be the MOST comprehensive in a remote access network with multiple and diverse subsystems? A. Proxy server B. Firewall installation C. Network administrator D. Password implementation and administration
The difference between a vulnerability assessment and a penetration test is that a vulnerability assessment: A. searches and checks the infrastructure to detect vulnerabilities, whereas penetration testing intends to exploit the vulnerabilities to probe the damage that could result from the vulnerabilities. B. and penetration tests are different names for the same activity. C. is executed by automated tools, whereas penetration testing is a totally manual process. D. is executed by commercial tools, whereas penetration testing is executed by public processes.
Compensating controls are intended to: A. reduce the risk of an existing or potential control weakness. B. predict potential problems before they occur. C. remedy problems discovered by detective controls. D. report errors or omissions.
Which of the following integrity tests examines the accuracy, completeness, consistency and authorization of data? A. Data B. Relational C. Domain D. Referential
Cisco Certifications 
