Interested to Buy Any Domain ? << Click Here >> for more details...
The PKI element that manages the certificate life cycle,
including certificate directory maintenance and certificate
revocation list (CRL) maintenance and publication is the:
A. certificate authority.
B. digital certificate.
C. certification practice statement.
D. registration authority.
- 2 Answers
- 8547 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / me
Answer :A
The certificate authority manages the certificate life
cycle, including certificate directory maintenance and CRL
maintenance and publication. The CA attests, as a trusted
provider of the public/private key pairs, to the
authenticity of the owner to whom a public/private key pair
has been given. The digital certificate is composed of a
public key and identifying information about the owner of
the public key. It associates a public key with an
individual's identity. Certificates are e-documents,
digitally signed by a trusted entity and containing
information on individuals. The process entails the sender,
who is digitally signing a document with the digital
certificate attached issued by a trusted entity where the
receiver relies on the public key that is included in the
digital certificate, to authenticate the message. The
certification practice statement is the governance process
for CA operations. A CPS documents the high-level
practices, procedures and controls of a CA. The
registration authority attests, as a trusted provider of
the public/private key pairs, to the authenticity of the
owner to whom a public/private key pair has been provided.
In other words, the registration authority performs the
process of identification and authentication by
establishing a link between the identity of the requesting
person or organization and the public key. As a brief note,
a CA manages and issues certificates, whereas a RA is
responsible for identifying and authenticating subscribers,
but does not sign or issue certificates. Definitions can be
found in a glossary posted at:
http://sig.nfc.usda.gov/pki/glossary/glossary.html and
http://www.cio-dpi.gc.ca/pki-icp/beginners/glossary/
glossary_e.asp?format=print and in "Auditing and
Certification of a Public Key Infrastructure," by Ronald
Koorn, Peter Walsen, Mark Lund, Information Systems Control
Journal, vol. 5, 2002, p. 28-29.
| Is This Answer Correct ? | 16 Yes | 3 No |
Answer / guest
Answer: D
The registration authority manages the certificate life
cycle, including certificate directory maintenance and
certificate revocation list (CRL) maintenance and
publication. The certificate authority attests, as a trusted
provider of the public/private key pairs, to the
authenticity of the owner to whom a public/private key pair
has been given. The digital certificate is composed of a
public key together with identifying information about the
owner of the public key. It associates a public key with an
individual's identity. Certificates are e-documents
digitally signed by a trusted entity containing information
on individuals. The process entails the sender digitally
signing a document with the digital certificate attached
issued by a trusted entity where the receiver relies on the
public key that is included in the digital certificate to
authenticate the message. The certification practice
statement is the governance process for CA operations.
| Is This Answer Correct ? | 5 Yes | 13 No |
Which of the following reports is a measure of telecommunication transmissions and determines whether transmissions are completed accurately? A. Online monitor reports B. Downtime reports C. Help desk reports D. Response time reports
Which of the following BEST determines that complete encryption and authentication protocols exist for protecting information while transmitted? A. A digital signature with RSA has been implemented. B. Work is being done in tunnel mode with the nested services of AH and ESP C. Digital certificates with RSA are being used. D. Work is being done in transport mode, with the nested services of AH and ESP
During a post-implementation review of an enterprise resource management system, an IS auditor would MOST likely: A. review access control configuration. B. evaluate interface testing. C. review detailed design documentation. D. evaluate system testing.
The IS department of an organization wants to ensure that the computer files, used in the information processing facility, are backed up adequately to allow for proper recovery. This is a/an: A. control procedure. B. control objective. C. corrective control. D. operational control.
A PING command is used to measure: A. attenuation. B. throughput. C. delay distortion. D. latency.
Which of the following is the operating system mode in which all instructions can be executed? A. Problem B. Interrupt C. Supervisor D. Standard processing
Corrective action has been taken by an auditee immediately after the identification of a reportable finding. The auditor should: A. include the finding in the final report because the IS auditor is responsible for an accurate report of all findings. B. not include the finding in the final report because the audit report should include only unresolved findings. C. not include the finding in the final report because corrective action can be verified by the IS auditor during the audit. D. include the finding in the closing meeting for discussion purposes only.
IS auditors, in performing detailed network assessments and access control reviews should FIRST: A. determine the points of entry. B. evaluate users access authorization. C. assess users identification and authorization. D. evaluate the domain-controlling server configuration.
Information requirement definitions, feasibility studies and user requirements are significant considerations when: A. defining and managing service levels. B. identifying IT solutions. C. managing changes. D. assessing internal IT control.
In a LAN environment, which of the following minimizes the risk of data corruption during transmission? A. Using end-to-end encryption for data communication B. Using separate conduits for electrical and data cables C. Using check sums for checking the corruption of data D. Connecting the terminals using a star topology
An IS auditor discovers that an organization?s business continuity plan provides for an alternate processing site that will accommodate fifty percent of the primary processing capability. Based on this, which of the following actions should the IS auditor take? A. Do nothing, because generally, less than twenty-five percent of all processing is critical to an organization?s survival and the backup capacity, therefore is adequate. B. Identify applications that could be processed at the alternate site and develop manual procedures to backup other processing. C. Ensure that critical applications have been identified and that the alternate site could process all such applications. D. Recommend that the information processing facility arrange for an alternate processing site with the capacity to handle at least seventy-five percent of normal processing.
When a new system is to be implemented within a short time frame, it is MOST important to: A. finish writing user manuals. B. perform user acceptance testing. C. add last-minute enhancements to functionalities. D. ensure that code has been documented and reviewed.
Cisco Certifications 
