Which of the following is LEAST likely to be contained in a
digital certificate for the purposes of verification by a
trusted third party (TTP)/certification authority (CA)?
A. Name of the TTP/CA
B. Public key of the sender
C. Name of the public key holder
D. Time period for which the key is valid
Answer / guest
Answer: C
The public key is stored in the key servers and can be
accessed by anyone, and therefore, the holders of the public
key are unlikely to be included in the certificate. In
addition, the public key holder is not needed for validation
of the certificate. The name of the CA is needed for
validation of the certificate, since the public key of the
CA is needed to verify the public key of the message sender,
before it can be used to verify the message. The public key
of the sender is needed to verify the message hash, while
the time period for which the key is valid is needed to
ensure the key is still valid.
| Is This Answer Correct ? | 4 Yes | 0 No |
An IS auditor performing an access controls review should be LEAST concerned if: A. audit trails were not enabled. B. programmers have access to the live environment. C. group logons are being used for critical functions. D. the same user can initiate transactions and also change related parameters.
Prices are charged on the basis of a standard master file rate that changes as volume increases. Any exceptions must be manually approved. What is the MOST effective automated control to help ensure that all price exceptions are approved? A. All amounts are displayed back to the data entry clerk, who must verify them visually. B. Prices outside the normal range should be entered twice to verify data entry accuracy. C. The system beeps when price exceptions are entered and prints such occurrences on a report. D. A second-level password must be entered before a price exception can be processed.
Which of the following types of transmission media provide the BEST security against unauthorized access? A. Copper wire B. Twisted pair C. Fiber-optic cables D. Coaxial cables
A strength of an implemented quality system based on ISO 9001 is that it: A. guarantees quality solutions to business problems. B. results in improved software life cycle activities. C. provides clear answers to questions concerning cost-effectiveness. D. does not depend on the maturity of the implemented quality system.
Which of the following duties would be a concern if performed along with systems administration? A. Maintenance of access rules B. Review of system audit trail C. Data librarian D. Performance monitoring
Change control procedures to prevent scope creep during an application development project should be defined during: A. design. B. feasibility. C. implementation. D. requirements definition.
In an EDI process, the device which transmits and receives electronic documents is the: A. communications handler. B. EDI translator. C. application interface. D. EDI interface.
While reviewing the business continuity plan of an organization, the IS auditor observed that the organization's data and software files are backed up on a periodic basis. Which characteristic of an effective plan does this demonstrate? A. Deterrence B. Mitigation C. Recovery D. Response
Which of the following is a substantive test?
Which of the following development methods uses a prototype that can be updated continually to meet changing user or business requirements? A. Data-oriented development (DOD) B. Object-oriented development (OOD) C. Business process reengineering (BPR) D. Rapid application development (RAD)
Which of the following hardware devices relieves the central computer from performing network control, format conversion and message handling tasks? A. Spool B. Cluster controller C. Protocol converter D. Front end processor
Which of the following pairs of functions should not be combined to provide proper segregation of duties? A. Tape librarian and computer operator B. Application programming and data entry C. Systems analyst and database administrator D. Security administrator and quality assurance