Interested to Buy Any Domain ? << Click Here >> for more details...
Which of the following manages the digital certificate life
cycle to ensure adequate security and controls exist in
digital signature applications related to e-commerce?
A. Registration authority
B. Certification authority
C. Certification relocation list
D. Certification practice statement
- 1 Answers
- 5272 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: B
The certification authority (CA) maintains a directory of
digital certificates for the reference of those receiving
them. It manages the certificate life cycle, including
certificate directory maintenance and certificate revocation
list maintenance and publication. Choice A is not correct
because a registration authority is an optional entity that
is responsibile for the administrative tasks associated with
registering the end entity that is the subject of the
certificate issued by the CA. Choice C is incorrect since a
CRL is an instrument for checking the continued validity of
the certificates for which the CA has responsibility. Choice
D is incorrect because a certification practice statement is
a detailed set of rules governing the certificate
authority's operations.
| Is This Answer Correct ? | 3 Yes | 0 No |
Which of the following has the LEAST effect on controlling physical access? A. Access to the work area is restricted through a swipe card. B. All physical assets have an identification tag and are properly recorded. C. Access to the premises is restricted and all visitors authorized for entry. D. Visitors are issued a pass and escorted in and out by a concerned employee.
Which of the following encrypt/decrypt steps provides the GREATEST assurance in achieving confidentiality, message integrity and nonrepudiation by either sender or recipient? A. The recipient uses his/her private key to decrypt the secret key. B. The encrypted pre-hash code and the message are encrypted using a secret key. C. The encrypted pre-hash code is derived mathematically from the message to be sent. D. The recipient uses the sender's public key, verified with a certificate authority, to decrypt the pre-hash code.
When evaluating the collective effect of preventive, detective or corrective controls within a process an IS auditor should be aware: A. of the point at which controls are exercised as data flows through the system. B. that only preventive and detective controls are relevant. C. that corrective controls can only be regarded as compensating. D. that classification allows an IS auditor to determine which controls are missing.
As part of the business continuity planning process, which of the following should be identified FIRST in the business impact analysis (BIA)? A. Organizational risks, such as single point-of-failure and infrastructure risk B. Threats to critical business processes C. Critical business processes for ascertaining the priority for recovery D. Resources required for resumption of business
A vendor/contractor?s performance against service level agreements must be evaluated by the: A. customer. B. contractor. C. third-party. D. contractor?s management.
When auditing security for a data center, an IS auditor should look for the presence of a voltage regulator to ensure that the: A. hardware is protected against power surges. B. integrity is maintained if the main power is interrupted. C. immediate power will be available if the main power is lost. D. hardware is protected against long-term power fluctuations.
The purpose for requiring source code escrow in a contractual agreement is to: A. ensure the source code is available if the vendor ceases to exist. B. permit customization of the software to meet specified business requirements. C. review the source code for adequacy of controls. D. ensure the vendor has complied with legal requirements.
An organization acquiring other businesses continues using its legacy EDI systems, and uses three separate value added network (VAN) providers. No written VAN agreements exist. The IS auditor should recommend that management: A. obtain independent assurance of the third party service providers. B. set up a process for monitoring the service delivery of the third party. C. ensure that formal contracts are in place. D. consider agreements with third party service providers in the development of continuity plans.
Utilizing audit software to compare the object code of two programs is an audit technique used to test program: A. logic. B. changes. C. efficiency. D. computations.
Which of the following would allow a company to extend it?s enterprise?s intranet across the Internet to it?s business partners? A. Virtual private network B. Client-Server C. Dial-Up access D. Network service provider
Congestion control is BEST handled by which OSI layer? A. Data link B. Session layer C. Transport layer D. Network layer
The review of router access control lists should be conducted during a/an: A. environmental review. B. network security review. C. business continuity review. D. data integrity review.
Cisco Certifications 
