CISAβCertified Information Systems Auditor - Part 286
1. While copying files from a floppy disk, a user introduced a virus into the network. Which of the following would MOST effectively detect the existence of the virus?
A) A scan of all floppy disks before use
B) A virus monitor on the network file server
C) Scheduled daily scans of all network drives
D) A virus monitor on the user's personal computer
2. Which of the following message services provides the strongest evidence that a specific action has occurred?
A) Proof of delivery
B) Nonrepudiation
C) Proof of submission
D) Message origin authentication
3. The PRIMARY objective of Secure Sockets Layer (SSL) is to ensure:
A) only the sender and receiver are able to encrypt/decrypt the data.
B) the sender and receiver can authenticate their respective identities.
C) the alteration of transmitted data can be detected.
D) the ability to identify the sender by generating a one-time session key.
4. The role of the certificate authority (CA) as a third party is to:
A) provide secured communication and networking services based on certificates.
B) host a repository of certificates with the corresponding public and secret keys issued by that CA.
C) act as a trusted intermediary between two communication partners.
D) confirm the identity of the entity owning a certificate issued by that CA.
5. Which of the following is a distinctive feature of the Secure Electronic Transactions (SET) protocol when used for electronic credit card payments?
A) The buyer is assured that neither the merchant nor any other party can misuse their credit card data.
B) All personal SET certificates are stored securely in the buyer's computer.
C) The buyer is liable for any transaction involving his/her personal SET certificates.
D) The payment process is simplified, as the buyer is not required to enter a credit card number and an expiration date.
A) A scan of all floppy disks before use
B) A virus monitor on the network file server
C) Scheduled daily scans of all network drives
D) A virus monitor on the user's personal computer
2. Which of the following message services provides the strongest evidence that a specific action has occurred?
A) Proof of delivery
B) Nonrepudiation
C) Proof of submission
D) Message origin authentication
3. The PRIMARY objective of Secure Sockets Layer (SSL) is to ensure:
A) only the sender and receiver are able to encrypt/decrypt the data.
B) the sender and receiver can authenticate their respective identities.
C) the alteration of transmitted data can be detected.
D) the ability to identify the sender by generating a one-time session key.
4. The role of the certificate authority (CA) as a third party is to:
A) provide secured communication and networking services based on certificates.
B) host a repository of certificates with the corresponding public and secret keys issued by that CA.
C) act as a trusted intermediary between two communication partners.
D) confirm the identity of the entity owning a certificate issued by that CA.
5. Which of the following is a distinctive feature of the Secure Electronic Transactions (SET) protocol when used for electronic credit card payments?
A) The buyer is assured that neither the merchant nor any other party can misuse their credit card data.
B) All personal SET certificates are stored securely in the buyer's computer.
C) The buyer is liable for any transaction involving his/her personal SET certificates.
D) The payment process is simplified, as the buyer is not required to enter a credit card number and an expiration date.
1. Right Answer: C
Explanation: Scheduled daily scans of all network drives will detect the presence of a virus after the infection has occurred. All of the other choices are controls designed to prevent a computer virus from infecting the system.
2. Right Answer: B
Explanation: Nonrepudiation services provide evidence that a specific action occurred. Nonrepudiation services are similar to their weaker proof counterparts, i.e., proof of submission, proof of delivery and message origin authentication. However, nonrepudiation provides stronger evidence because the proof can be demonstrated to a third party. Digital signatures are used to provide nonrepudiation. Message origination authentication will only confirm the source of the message and does not confirm the specification that has been completed.
3. Right Answer: A
Explanation: SSL generates a session key used to encrypt/decrypt the transmitted data, thus ensuring its confidentiality. Although SSL allows the exchange of X509 certificates to provide for identification and authentication, this feature along with choices C and D are not the primary objectives.
4. Right Answer: D
Explanation: The primary activity of a CA is to issue certificates. The primary role of the CA is to check the identity of the entity owning a certificate and to confirm the integrity of any certificate it issued. Providing a communication infrastructure is not a CA activity. The secret keys belonging to the certificates would not be archived at theCA. The CA can contribute to authenticating the communicating partners to each other, but the CA is not involved in the communication stream itself.
5. Right Answer: C
Explanation: The usual agreement between the credit card issuer and the cardholder stipulates that the cardholder assumes responsibility for any use of their personal SET certificates for e- commerce transactions. Depending upon the agreement between the merchant and the buyer's credit card issuer, the merchant will have access to the credit card number and expiration date. Secure data storage in the buyer's computer (local computer security) is not part of the SET standard.Although the buyer is not required to enter their credit card data, they will have to handle the wallet software.
Explanation: Scheduled daily scans of all network drives will detect the presence of a virus after the infection has occurred. All of the other choices are controls designed to prevent a computer virus from infecting the system.
2. Right Answer: B
Explanation: Nonrepudiation services provide evidence that a specific action occurred. Nonrepudiation services are similar to their weaker proof counterparts, i.e., proof of submission, proof of delivery and message origin authentication. However, nonrepudiation provides stronger evidence because the proof can be demonstrated to a third party. Digital signatures are used to provide nonrepudiation. Message origination authentication will only confirm the source of the message and does not confirm the specification that has been completed.
3. Right Answer: A
Explanation: SSL generates a session key used to encrypt/decrypt the transmitted data, thus ensuring its confidentiality. Although SSL allows the exchange of X509 certificates to provide for identification and authentication, this feature along with choices C and D are not the primary objectives.
4. Right Answer: D
Explanation: The primary activity of a CA is to issue certificates. The primary role of the CA is to check the identity of the entity owning a certificate and to confirm the integrity of any certificate it issued. Providing a communication infrastructure is not a CA activity. The secret keys belonging to the certificates would not be archived at theCA. The CA can contribute to authenticating the communicating partners to each other, but the CA is not involved in the communication stream itself.
5. Right Answer: C
Explanation: The usual agreement between the credit card issuer and the cardholder stipulates that the cardholder assumes responsibility for any use of their personal SET certificates for e- commerce transactions. Depending upon the agreement between the merchant and the buyer's credit card issuer, the merchant will have access to the credit card number and expiration date. Secure data storage in the buyer's computer (local computer security) is not part of the SET standard.Although the buyer is not required to enter their credit card data, they will have to handle the wallet software.
Comments
0
CA Foundation Business Economics Questions 2023 - Part 32
03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 31
03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 29
03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 28
03 Mar 2023
