Interested to Buy Any Domain ? << Click Here >> for more details...
Which of the following BEST determines that complete
encryption and authentication protocols exist for protecting
information while transmitted?
A. A digital signature with RSA has been implemented.
B. Work is being done in tunnel mode with the nested
services of AH and ESP
C. Digital certificates with RSA are being used.
D. Work is being done in transport mode, with the nested
services of AH and ESP
- 1 Answers
- 5344 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: B
Tunnel mode provides encryption and authentication of the
complete IP package. To accomplish this, the AH
(authentication header) and ESP (encapsulating security
payload) services can be nested. The transport mode provides
primary protection for the protocols? higher layers, this
is, protection extends to the data field (payload) of an IP
package. The other two mechanisms provide authentication and
integrity.
| Is This Answer Correct ? | 6 Yes | 0 No |
When reviewing an organization's logical access security, which of the following would be of the MOST concern to an IS auditor? A. Passwords are not shared. B. Password files are encrypted. C. Redundant logon IDs are deleted. D. The allocation of logon IDs is controlled.
Which of the following concerns associated with the World Wide Web would be addressed by a firewall? A. Unauthorized access from outside the organization B. Unauthorized access from within the organization C. A delay in Internet connectivity D. A delay in downloading using file transfer protocol (FTP)
Which of the following is the primary purpose for conducting parallel testing? A. To determine if the system is cost-effective. B. To enable comprehensive unit and system testing. C. To highlight errors in the program interfaces with files. D. To ensure the new system meets user requirements.
Many organizations require an employee to take a mandatory vacation (holiday) of a week or more to: A. ensure the employee maintains a quality of life, which will lead to greater productivity. B. reduce the opportunity for an employee to commit an improper or illegal act. C. provide proper cross training for another employee. D. eliminate the potential disruption caused when an employee takes vacation one day at a time.
An IS auditor should be able to identify and evaluate various types of risks and their potential effects. Which of the following risks is associated with authorized program exits (trap doors)? A. Inherent B. Detection C. Audit D. Error
When evaluating the collective effect of preventive, detective or corrective controls within a process an IS auditor should be aware: A. of the point at which controls are exercised as data flows through the system. B. that only preventive and detective controls are relevant. C. that corrective controls can only be regarded as compensating. D. that classification allows an IS auditor to determine which controls are missing.
Which of the following is the BEST form of transaction validation? A. Use of key field verification techniques in data entry B. Use of programs to check the transaction against criteria set by management C. Authorization of the transaction by supervisory personnel in an adjacent department D. Authorization of the transaction by a department supervisor prior to the batch process
Which of the following security techniques is the BEST method for authenticating a user's identity? A. Smart card B. Biometrics C. Challenge-response token D. User ID and password
An IS auditor has recently discovered that because of a shortage of skilled operations personnel, the security administrator has agreed to work one late-night shift a month as the senior computer operator. The MOST appropriate course of action for the IS auditor is to: A. advise senior management of the risk involved. B. agree to work with the security officer on these shifts as a form of preventative control. C. develop a computer-assisted audit technique to detect instances of abuses of this arrangement. D. review the system log for each of the late-night shifts to determine whether any irregular actions occurred.
A web-based bookstore has included the customer relationship management (CRM) system in its operations. An IS auditor has been assigned to perform a call center review. Which of the following is the MOST appropriate first step for the IS auditor to take? A. Review the company's performance since the CRM was implemented. B. Review the IT strategy. C. Understand the business focus of the bookstore. D. Interview salespeople and supervisors.
An enterprisewide network security architecture of public key infrastructure (PKI) would be comprised of: A. A public key cryptosystem, private key cryptosystem and digital certificate B. A public key cryptosystem, symmetric encryption and certificate authorities C. A symmetric encryption, digital certificate and kerberos authentication D. A public key cryptosystem, digital certificate and certificate authorities
Which of the following is a management technique that enables organizations to develop strategically important systems faster while reducing development costs and maintaining quality? A. Function point analysis B. Critical path methodology C. Rapid application development D. Program evaluation review technique
Cisco Certifications 
