Interested to Buy Any Domain ? << Click Here >> for more details...
Which of the following is a concern when data is transmitted
through secure socket layer (SSL) encryption implemented on
a trading partner's server?
A. Organization does not have control over encryption.
B. Messages are subjected to wire tapping.
C. Data might not reach the intended recipient.
D. The communication may not be secure.
- 2 Answers
- 5866 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: A
The SSL security protocol provides data encryption, server
authentication, message integrity and optional client
authentication. Because SSL is built into all major browsers
and web servers, simply installing a digital certificate
turns on the SSL capabilities. SSL encrypts the data while
it is being transmitted over the Internet. The encryption is
done in the background, without any interaction from the
user, consequently there's no password to remember either.
The other choices are incorrect. Since the communication
between client and server is encrypted, the confidentiality
of information is not affected by wire tapping. Since SSL
does the client authentication, only the intended recipient
will receive the decrypted data. All data sent over an
encrypted SSL connection is protected with a mechanism to
detect tampering, that is, automatically determining whether
data has been altered in transit.
| Is This Answer Correct ? | 1 Yes | 0 No |
Answer / oshan
A. The organization does not have control over encryption.
The SSL security protocol provides data encryption, server
authentication, message integrity and optional client
authentication. Because SSL is built into all major browsers
and web servers, simply installing a digital certificate
turns on the SSL capabilities. SSL encrypts the datum while
it is being transmitted over the Internet. The encryption is
done in the background, without any interaction from the
user, consequently there is no password to remember either.
The other choices are incorrect. Since the communication
between client and server is encrypted, the confidentiality
of information is not affected by wire tapping. Since SSL
does the client authentication, only the intended recipient
will receive the decrypted data. All data sent over an
encrypted SSL connection are protected with a mechanism to
detect tampering, i.e., automatically determining whether
data has been altered in transit.
| Is This Answer Correct ? | 1 Yes | 0 No |
Before reporting results of an audit to senior management, an IS auditor should: A. Confirm the findings with auditees. B. Prepare an executive summary and send it to auditee management. C. Define recommendations and present the findings to the audit committee. D. Obtain agreement from the auditee on findings and actions to be taken.
During the course of an audit, the IS auditor discovers that the human resources (HR) department uses a cloud-based application to manage employee records. The HR department engaged in a contract outside of the normal vendor management process and manages the application on its own. Which of the following choices is of MOST concern? A. Maximum acceptable downtime metrics have not been defined in the contract. B. The IT department does not manage the relationship with the cloud vendor. C. The help desk call center is in a different country, with different privacy requirements. D. Company-defined security policies are not applied to the cloud application.
To make an electronic funds transfer (EFT), one employee enters the amount field and another employee reenters the same data again, before the money is transferred. The control adopted by the organization in this case is: A. sequence check. B. key verification. C. check digit. D. completeness check.
When reviewing the implementation of a LAN the IS auditor should FIRST review the: A. node list. B. acceptance test report. C. network diagram. D. user's list.
An organization wants to enforce data integrity principles and achieve faster performance/execution in a database application. Which of the following design principles should be applied? A. User (customized) triggers B. Data validation at the front end C. Data validation at the back end D. Referential integrity
An IS auditor, in evaluating proposed biometric control devices reviews the false rejection rates (FRRs), false acceptance rates (FARs) and equal error rates (ERRs) of three different devices. The IS auditor should recommend acquiring the device having the: A. least ERR. B. most ERR. C. least FRR but most FAR. D. least FAR but most FRR.
To identify the value of inventory that has been kept for more than eight weeks, an IS auditor would MOST likely use: A. test data. B. statistical sampling. C. an integrated test facility. D. generalized audit software.
Electronic signatures can prevent messages from being: A. suppressed. B. repudiated. C. disclosed. D. copied.
As a result of a business process reengineering (BPR) project: A. an IS auditor would be concerned with the key controls that existed in the prior business process and not those in the new process. B. system processes are automated in such a way that there are more manual interventions and manual controls. C. the newly designed business processes usually do not involve changes in the way(s) of doing business. D. advantages usually are realized when the reengineering process appropriately suits the business and risk.
Use of asymmetric encryption in an Internet e-commerce site, where there is one private key for the hosting server and the public key is widely distributed to the customers, is MOST likely to provide comfort to the: A. customer over the authenticity of the hosting organization. B. hosting organization over the authenticity of the customer. C. customer over the confidentiality of messages from the hosting organization. D. hosting organization over the confidentiality of messages passed to the customer.
In a web server, a common gateway interface (CGI) is MOST often used as a(n): A. consistent way for transferring data to the application program and back to the user. B. computer graphics imaging method for movies and TV. C. graphic user interface for web design. D. interface to access the private gateway domain.
An IS auditor finds that not all employees are aware of the enterprise's information security policy. The IS auditor should conclude that: A. this lack of knowledge may lead to unintentional disclosure of sensitive information. B. information security is not critical to all functions. C. IS audit should provide security training to the employees. D. the audit finding will cause management to provide continuous training to staff.
Cisco Certifications 
