The PKI element that manages the certificate life cycle,
including certificate directory maintenance and certificate
revocation list (CRL) maintenance and publication is the:
A. certificate authority.
B. digital certificate.
C. certification practice statement.
D. registration authority.
- 2 Answers
- 8763 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / me
Answer :A
The certificate authority manages the certificate life
cycle, including certificate directory maintenance and CRL
maintenance and publication. The CA attests, as a trusted
provider of the public/private key pairs, to the
authenticity of the owner to whom a public/private key pair
has been given. The digital certificate is composed of a
public key and identifying information about the owner of
the public key. It associates a public key with an
individual's identity. Certificates are e-documents,
digitally signed by a trusted entity and containing
information on individuals. The process entails the sender,
who is digitally signing a document with the digital
certificate attached issued by a trusted entity where the
receiver relies on the public key that is included in the
digital certificate, to authenticate the message. The
certification practice statement is the governance process
for CA operations. A CPS documents the high-level
practices, procedures and controls of a CA. The
registration authority attests, as a trusted provider of
the public/private key pairs, to the authenticity of the
owner to whom a public/private key pair has been provided.
In other words, the registration authority performs the
process of identification and authentication by
establishing a link between the identity of the requesting
person or organization and the public key. As a brief note,
a CA manages and issues certificates, whereas a RA is
responsible for identifying and authenticating subscribers,
but does not sign or issue certificates. Definitions can be
found in a glossary posted at:
http://sig.nfc.usda.gov/pki/glossary/glossary.html and
http://www.cio-dpi.gc.ca/pki-icp/beginners/glossary/
glossary_e.asp?format=print and in "Auditing and
Certification of a Public Key Infrastructure," by Ronald
Koorn, Peter Walsen, Mark Lund, Information Systems Control
Journal, vol. 5, 2002, p. 28-29.
| Is This Answer Correct ? | 16 Yes | 3 No |
Answer / guest
Answer: D
The registration authority manages the certificate life
cycle, including certificate directory maintenance and
certificate revocation list (CRL) maintenance and
publication. The certificate authority attests, as a trusted
provider of the public/private key pairs, to the
authenticity of the owner to whom a public/private key pair
has been given. The digital certificate is composed of a
public key together with identifying information about the
owner of the public key. It associates a public key with an
individual's identity. Certificates are e-documents
digitally signed by a trusted entity containing information
on individuals. The process entails the sender digitally
signing a document with the digital certificate attached
issued by a trusted entity where the receiver relies on the
public key that is included in the digital certificate to
authenticate the message. The certification practice
statement is the governance process for CA operations.
| Is This Answer Correct ? | 5 Yes | 13 No |
An IS auditor performing a review of the IS department discovers that formal project approval procedures do not exist. In the absence of these procedures the IS manager has been arbitrarily approving projects that can be completed in a short duration and referring other more complicated projects to higher levels of management for approval. The IS auditor should recommend as a FIRST course of action that: A. users participate in the review and approval process. B. formal approval procedures be adopted and documented. C. projects be referred to appropriate levels of management for approval. D. the IS manager's job description be changed to include approval authority.
Which of the following ensures completeness and accuracy of accumulated data? A. Processing control procedures B. Data file control procedures C. Output controls D. Application controls
Which of the following BEST describes an integrated test facility? A. A technique that enables the IS auditor to test a computer application for the purpose of verifying correct processing B. The utilization of hardware and/or software to review and test the functioning of a computer system C. A method of using special programming options to permit printout of the path through a computer program taken to process a specific transaction D. A procedure for tagging and extending transactions and master records that are used by an IS auditor for tests
Business continuity/disaster recovery is PRIMARILY the responsibility of: A. IS management. B. business unit managers. C. the security administrator. D. the board of directors.
Which of the following is the MOST important issue to the IS auditor in a business process re-engineering (BPR) project would be? A. The loss of middle management, which often is a result of a BPR project B. That controls are usually given low priority in a BPR project C. The considerable negative impact that information protection could have on BPR D. The risk of failure due to the large size of the task usually undertaken in a BPR project
A PING command is used to measure: A. attenuation. B. throughput. C. delay distortion. D. latency.
To check the performance of flow and error control, an IS auditor should focus the use of a protocol analyzer on which of the following layers? A. Network B. Transport C. Data link D. Application
During a post-implementation review of an enterprise resource management system, an IS auditor would MOST likely: A. review access control configuration. B. evaluate interface testing. C. review detailed design documentation. D. evaluate system testing.
An IS auditor conducting a review of disaster recovery planning at a financial processing organization has discovered the following: * The existing disaster recovery plan was compiled two years ago by a systems analyst in the organization's IT department using transaction flow projections from the operations department. * The plan was presented to the deputy CEO for approval and formal issue, but it is still awaiting his attention. * The plan has never been updated, tested or circulated to key management and staff, though interviews show that each would know what action to take for their area in the event of a disruptive incident. The basis of an organization's disaster recovery plan is to reestablish live processing at an alternative site where a similar, but not identical hardware configuration is already established. The IS auditor should: A. take no action as the lack of a current plan is the only significant finding. B. recommend that the hardware configuration at each site should be identical. C. perform a review to verify that the second configuration can support live processing. D. report that the financial expenditure on the alternative site is wasted without an effective plan.
An IS auditor who has discovered unauthorized transactions during a review of EDI transactions is likely to recommend improving the: A. EDI trading partner agreements. B. physical controls for terminals. C. authentication techniques for sending and receiving messages. D. program change control procedures.
When a new system is to be implemented within a short time frame, it is MOST important to: A. finish writing user manuals. B. perform user acceptance testing. C. add last-minute enhancements to functionalities. D. ensure that code has been documented and reviewed.
Which of the following is the MOST important consideration when developing a business continuity plan for a bank? A. Antivirus software B. Naming standards C. Customer balance list D. Password policy
Cisco Certifications 
