CISAβCertified Information Systems Auditor - Part 278
1. A digital signature contains a message digest to:
A) show if the message has been altered after transmission.
B) define the encryption algorithm.
C) confirm the identity of the originator.
D) enable message transmission in a digital format.
2. Which of the following manages the digital certificate life cycle to ensure adequate security and controls exist in digital signature applications related to e- commerce?
A) Registration authority
B) Certificate authority (CA)
C) Certification relocation list
D) Certification practice statement
3. A TCP/IP-based environment is exposed to the Internet. Which of the following BEST ensures that complete encryption and authentication protocols exist for protecting information while transmitted?
A) Work is completed in tunnel mode with IP security using the nested services of authentication header (AH) and encapsulating security payload (ESP).
B) A digital signature with RSA has been implemented.
C) Digital certificates with RSA are being used.
D) Work is being completed in TCP services.
4. Digital signatures require the:
A) signer to have a public key and the receiver to have a private key.
B) signer to have a private key and the receiver to have a public key.
C) signer and receiver to have a public key.
D) signer and receiver to have a private key.
5. The feature of a digital signature that ensures the sender cannot later deny generating and sending the message is called:
A) data integrity.
B) authentication.
C) non repudiation.
D) replay protection.
A) show if the message has been altered after transmission.
B) define the encryption algorithm.
C) confirm the identity of the originator.
D) enable message transmission in a digital format.
2. Which of the following manages the digital certificate life cycle to ensure adequate security and controls exist in digital signature applications related to e- commerce?
A) Registration authority
B) Certificate authority (CA)
C) Certification relocation list
D) Certification practice statement
3. A TCP/IP-based environment is exposed to the Internet. Which of the following BEST ensures that complete encryption and authentication protocols exist for protecting information while transmitted?
A) Work is completed in tunnel mode with IP security using the nested services of authentication header (AH) and encapsulating security payload (ESP).
B) A digital signature with RSA has been implemented.
C) Digital certificates with RSA are being used.
D) Work is being completed in TCP services.
4. Digital signatures require the:
A) signer to have a public key and the receiver to have a private key.
B) signer to have a private key and the receiver to have a public key.
C) signer and receiver to have a public key.
D) signer and receiver to have a private key.
5. The feature of a digital signature that ensures the sender cannot later deny generating and sending the message is called:
A) data integrity.
B) authentication.
C) non repudiation.
D) replay protection.
1. Right Answer: A
Explanation: The message digest is calculated and included in a digital signature to prove that the message has not been altered. It should be the same value as a recalculation performed upon receipt. It does not define the algorithm or enable the transmission in digital format and has no effect on the identity of the user; it is there to ensure integrity rather than identity.
2. Right Answer: B
Explanation: The certificate authority maintains a directory of digital certificates for the reference of those receiving them, it manages the certificate life cycle, including certificate directory maintenance and certificate revocation list maintenance and publication. Choice A is not correct because a registration authority is an optional entity that is responsible for the administrative tasks associated with registering the end entity that is the subject of the certificate issued by the CA. Choice C is incorrect since a CRL is an instrument for checking the continued validity of the certificates for which the CA has responsibility. Choice D is incorrect because a certification practice statement is a detailed set of rules governing the certificate authority's operations.
3. Right Answer: A
Explanation: Tunnel mode with IP security provides encryption and authentication of the complete IP package. To accomplish this, the AH and ESP services can be nested.Choices B and C provide authentication and integrity. TCP services do not provide encryption and authentication.
4. Right Answer: B
Explanation: Digital signatures are intended to verify to a recipient the integrity of the data and the identity of the sender. The digital signature standard is a public key algorithm.This requires the signer to have a private key and the receiver to have a public key.
5. Right Answer: C
Explanation: All of the above are features of a digital signature. Non repudiation ensures that the claimed sender cannot later deny generating and sending the message. Data integrity refers to changes in the plaintext message that would result in the recipient failing to compute the same message hash. Since only the claimed sender has the key, authentication ensures that the message has been sent by the claimed sender. Replay protection is a method that a recipient can use to check that the message was not intercepted and replayed.
Explanation: The message digest is calculated and included in a digital signature to prove that the message has not been altered. It should be the same value as a recalculation performed upon receipt. It does not define the algorithm or enable the transmission in digital format and has no effect on the identity of the user; it is there to ensure integrity rather than identity.
2. Right Answer: B
Explanation: The certificate authority maintains a directory of digital certificates for the reference of those receiving them, it manages the certificate life cycle, including certificate directory maintenance and certificate revocation list maintenance and publication. Choice A is not correct because a registration authority is an optional entity that is responsible for the administrative tasks associated with registering the end entity that is the subject of the certificate issued by the CA. Choice C is incorrect since a CRL is an instrument for checking the continued validity of the certificates for which the CA has responsibility. Choice D is incorrect because a certification practice statement is a detailed set of rules governing the certificate authority's operations.
3. Right Answer: A
Explanation: Tunnel mode with IP security provides encryption and authentication of the complete IP package. To accomplish this, the AH and ESP services can be nested.Choices B and C provide authentication and integrity. TCP services do not provide encryption and authentication.
4. Right Answer: B
Explanation: Digital signatures are intended to verify to a recipient the integrity of the data and the identity of the sender. The digital signature standard is a public key algorithm.This requires the signer to have a private key and the receiver to have a public key.
5. Right Answer: C
Explanation: All of the above are features of a digital signature. Non repudiation ensures that the claimed sender cannot later deny generating and sending the message. Data integrity refers to changes in the plaintext message that would result in the recipient failing to compute the same message hash. Since only the claimed sender has the key, authentication ensures that the message has been sent by the claimed sender. Replay protection is a method that a recipient can use to check that the message was not intercepted and replayed.
Comments
0
CA Foundation Business Economics Questions 2023 - Part 32
03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 31
03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 29
03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 28
03 Mar 2023
