Interested to Buy Any Domain ? << Click Here >> for more details...
The PKI element that manages the certificate life cycle,
including certificate directory maintenance and certificate
revocation list (CRL) maintenance and publication is the:
A. certificate authority.
B. digital certificate.
C. certification practice statement.
D. registration authority.
- 2 Answers
- 8681 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / me
Answer :A
The certificate authority manages the certificate life
cycle, including certificate directory maintenance and CRL
maintenance and publication. The CA attests, as a trusted
provider of the public/private key pairs, to the
authenticity of the owner to whom a public/private key pair
has been given. The digital certificate is composed of a
public key and identifying information about the owner of
the public key. It associates a public key with an
individual's identity. Certificates are e-documents,
digitally signed by a trusted entity and containing
information on individuals. The process entails the sender,
who is digitally signing a document with the digital
certificate attached issued by a trusted entity where the
receiver relies on the public key that is included in the
digital certificate, to authenticate the message. The
certification practice statement is the governance process
for CA operations. A CPS documents the high-level
practices, procedures and controls of a CA. The
registration authority attests, as a trusted provider of
the public/private key pairs, to the authenticity of the
owner to whom a public/private key pair has been provided.
In other words, the registration authority performs the
process of identification and authentication by
establishing a link between the identity of the requesting
person or organization and the public key. As a brief note,
a CA manages and issues certificates, whereas a RA is
responsible for identifying and authenticating subscribers,
but does not sign or issue certificates. Definitions can be
found in a glossary posted at:
http://sig.nfc.usda.gov/pki/glossary/glossary.html and
http://www.cio-dpi.gc.ca/pki-icp/beginners/glossary/
glossary_e.asp?format=print and in "Auditing and
Certification of a Public Key Infrastructure," by Ronald
Koorn, Peter Walsen, Mark Lund, Information Systems Control
Journal, vol. 5, 2002, p. 28-29.
| Is This Answer Correct ? | 16 Yes | 3 No |
Answer / guest
Answer: D
The registration authority manages the certificate life
cycle, including certificate directory maintenance and
certificate revocation list (CRL) maintenance and
publication. The certificate authority attests, as a trusted
provider of the public/private key pairs, to the
authenticity of the owner to whom a public/private key pair
has been given. The digital certificate is composed of a
public key together with identifying information about the
owner of the public key. It associates a public key with an
individual's identity. Certificates are e-documents
digitally signed by a trusted entity containing information
on individuals. The process entails the sender digitally
signing a document with the digital certificate attached
issued by a trusted entity where the receiver relies on the
public key that is included in the digital certificate to
authenticate the message. The certification practice
statement is the governance process for CA operations.
| Is This Answer Correct ? | 5 Yes | 13 No |
In a web server, a common gateway interface (CGI) is MOST often used as a(n): A. consistent way for transferring data to the application program and back to the user. B. computer graphics imaging method for movies and TV. C. graphic user interface for web design. D. interface to access the private gateway domain.
While designing the business continuity plan (BCP) for an airline reservation system, the MOST appropriate method of data transfer/back up at an offsite location would be: A. shadow file processing. B. electronic vaulting. C. hard-disk mirroring. D. hot-site provisioning.
Peer reviews to detect software errors during a program development activity are called: A. emulation techniques. B. structured walk-throughs. C. modular program techniques. D. top-down program construction.
The PRIMARY reason for separating the test and development environments is to: A. restrict access to systems under test. B. segregate user and development staff. C. control the stability of the test environment. D. secure access to systems under development.
In an online transaction processing system, data integrity is maintained by ensuring that a transaction is either completed in its entirety or not at all. This principle of data integrity is known as: A. isolation. B. consistency. C. atomicity. D. durability.
Confidential data residing on a PC is BEST protected by: A. a password. B. file encryption. C. removable diskettes. D. a key operated power source.
With regard to sampling it can be said that: A. sampling is generally applicable when the population relates to an intangible or undocumented control. B. if an auditor knows internal controls are strong, the confidence coefficient may be lowered. C. attribute sampling would help prevent excessive sampling of an attribute by stopping an audit test at the earliest possible moment. D. variable sampling is a technique to estimate the rate of occurrence of a given control or set of related controls.
A database administrator is responsible for: A. defining data ownership. B. establishing operational standards for the data dictionary. C. creating the logical and physical database. D. establishing ground rules for ensuring data integrity and security.
Which of the following is a benefit of a risk-based approach to audit planning? Audit: A. scheduling may be performed months in advance. B. budgets are more likely to be met by the IS audit staff. C. staff will be exposed to a variety of technologies. D. resources are allocated to the areas of highest concern.
A programmer managed to gain access to the production library, modified a program that was then used to update a sensitive table in the payroll database and restored the original program. Which of the following methods would MOST effectively detect this type of unauthorized changes? A. Source code comparison B. Executable code comparison C. Integrated test facilities (ITF) D. Review of transaction log files
During an audit of a reciprocal disaster recovery agreement between two companies, the IS auditor would be PRIMARILY concerned about: A. the soundness of the impact analysis. B. hardware and software compatibility. C. differences in IS policies and procedures. D. frequency of system testing.
In an EDI process, the device which transmits and receives electronic documents is the: A. communications handler. B. EDI translator. C. application interface. D. EDI interface.
Cisco Certifications 
