Applying a digital signature to data traveling in a network
provides:
A. confidentiality and integrity.
B. security and nonrepudiation.
C. integrity and nonrepudiation.
D. confidentiality and nonrepudiation.
Answers were Sorted based on User's Feedback
Answer / guest
Answer: C
The process of applying a mathematical algorithm to the data
that travels in the network and placing the results of this
operation with the hash data is used for controlling data
integrity, since any unauthorized modification to this data
would result in a be different hash. The application of a
digital signature would accomplish the nonrepudiation of the
delivery of the message. The term security is a broad
concept and not a specific one. In addition to a hash and a
digital signature, confidentiality is applied when an
encryption process exists.
| Is This Answer Correct ? | 7 Yes | 0 No |
Answer / adja
Just like a traditional manual signature, when a message is digitally signed it applied that the receiver agreed on the integrity of that document. You don't sign a document you disagree to. It is Non-Repudiation because this signature is unique to that person and a proof of the person's identity (Authentication). So the a digitally signed document can provide INTEGRITY, NON-REPUDIATION and AUTHENTICATION. From all the answers only "C" provides the right answer
| Is This Answer Correct ? | 1 Yes | 0 No |
Which of the following issues should be included in the business continuity plan? A. The staff required to maintain critical business functions in the short, medium and long term B. The potential for a natural disaster to occur, such as an earthquake C. Disastrous events impacting information systems processing and end-user functions D. A risk analysis that considers systems malfunctions, accidental file deletions or other failures
An IS auditor reviewing database controls discovered that changes to the database during normal working hours were handled through a standard set of procedures. However, changes made after normal hours required only an abbreviated number of steps. In this situation, which of the following would be considered an adequate set of compensating controls? A. Allow changes to be made only with the DBA user account. B. Make changes to the database after granting access to a normal user account C. Use the DBA user account to make changes, log the changes and review the change log the following day. D. Use the normal user account to make changes, log the changes and review the change log the following day.
The most common problem in the operation of an intrusion detection system (IDS) is: A. the detection of false positives. B. receiving trap messages. C. reject error rates. D. denial-of-service attacks.
The BEST method of proving the accuracy of a system tax calculation is by: A. detailed visual review and analysis of the source code of the calculation programs. B. recreating program logic using generalized audit software to calculate monthly totals. C. preparing simulated transactions for processing and comparing the results to predetermined results. D. automatic flowcharting and analysis of the source code of the calculation programs.
The FIRST step in data classification is to: A. establish ownership. B. perform a criticality analysis. C. define access rules. D. create a data dictionary.
Which of the following would be considered a business risk? A. Former employees B. Part-time and temporary personnel C. Loss of competitive edge D. Hackers
Which of the following is a threat? A. Lack of security B. Loss of goodwill C. Power outage D. Information services
Which of the following is an example of a passive attack, initiated through the Internet? A. Traffic analysis B. Masquerading C. Denial of service D. E-mail spoofing
An IS auditor who is reviewing application run manuals would expect them to contain: A. details of source documents. B. error codes and their recovery actions. C. program logic flowcharts and file definitions. D. change records for the application source code.
Which of the following audit tools is MOST useful to an IS auditor when an audit trail is required? A. Integrated test facility (ITF) B. Continuous and intermittent simulation (CIS) C. Audit hooks D. Snapshots
When implementing and application software package, which of the following presents the GREATEST risk? A. Uncontrolled multiple software versions B. Source programs that are not synchronized with object code C. Incorrectly set parameters D. Programming errors
Which of the following message services provides the strongest protection that a specific action has occurred? A. Proof of delivery B. Nonrepudiation C. Proof of submission D. Message origin authentication