Interested to Buy Any Domain ? << Click Here >> for more details...
During an audit of an enterprise that is dedicated to
e-commerce, the IS manager states that digital signatures
are used in the establishment of its commercial relations.
To substantiate this, the IS auditor must prove that which
of the following is used?
A. A biometric, digitalized and encrypted parameter with the
customer's public key
B. A hash of the data that is transmitted and encrypted with
the customer's private key
C. A hash of the data that is transmitted and encrypted with
the customer's public key
D. The customer's scanned signature, encrypted with the
customer's public key
- 1 Answers
- 5684 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: C
The calculation of a hash or digest of the data that is
transmitted and its encryption requires the public key of
the client (receiver) and is called a signature of the
message or digital signature. The receiver performs the same
process and then compares the received hash once it has been
decrypted with his/her private key, with the hash that
he/she calculates with the received data. If they are the
same, the conclusion would be that there is integrity in the
data that has arrived and the origin is authenticated.
| Is This Answer Correct ? | 3 Yes | 9 No |
When assessing the portability of a database application, the IS auditor should verify that: A. a structured query language (SQL) is used. B. information import and export procedures with other systems exist. C. indexes are used. D. all entities have a significant name and identified primary and foreign keys.
An IS auditor is assigned to help design the data security aspects of an application under development. Which of the following provides the MOST reasonable assurance that corporate assets are protected when the application is certified for production? A. A review conducted by the internal auditor B. A review conducted by the assigned IS auditor C. Specifications by the user on the depth and content of the review D. An independent review conducted by another equally experienced IS auditor
Which of the following can identify attacks and penetration attempts to a network? A. Firewall B. Packet filters C. Stateful inspection D. Intrusion detection system (IDs)
In a risk-based audit approach an IS auditor should FIRST complete a/an: A. inherent risk assessment. B. control risk assessment. C. test of control assessment. D. substantive test assessment.
Which of the following can consume valuable network bandwidth? A. Trojan horses B. Trap doors C. Worms D. Vaccines
In a risk-based audit approach, an IS auditor, in addition to risk, would be influenced by: A. the availability of CAATs. B. management's representation. C. organizational structure and job responsibilities. D. the existence of internal and operational controls
Which of the following is the initial step in creating a firewall policy? A. A cost-benefits analysis of methods for securing the applications B. Identification of network applications to be externally accessed C. Identification of vulnerabilities associated with network applications to be externally accessed D. Creation of an applications traffic matrix showing protection methods
The reliability of an application system's audit trail may be questionable if: A. user IDs are recorded in the audit trail. B. the security administrator has read-only rights to the audit file. C. date time stamps record when an action occurs. D. users can amend audit trail records when correcting system errors.
The reason for having controls in an IS environment: A. remains unchanged from a manual environment, but the implemented control features may be different. B. changes from a manual environment, therefore the implemented control features may be different. C. changes from a manual environment, but the implemented control features will be the same. D. remains unchanged from a manual environment and the implemented control features will also be the same.
Access rules normally are included in which of the following documentation categories? A. Technical reference documentation B. User manuals C. Functional design specifications D. System development methodology documents
When implementing and application software package, which of the following presents the GREATEST risk? A. Uncontrolled multiple software versions B. Source programs that are not synchronized with object code C. Incorrectly set parameters D. Programming errors
The rate of change of technology increases the importance of: A. outsourcing the IS function. B. implementing and enforcing good processes. C. hiring personnel willing to make a career within the organization. D. meeting user requirements.
Cisco Certifications 
