To affix a digital signature to a message, the sender must
first create a message digest by applying a cryptographic
hashing algorithm against:
A. the entire message and thereafter enciphering the message
digest using the sender's private key.
B. any arbitrary part of the message and thereafter
enciphering the message digest using the sender's private key.
C. the entire message and thereafter enciphering the message
using the sender's private key.
D. the entire message and thereafter enciphering the message
along with the message digest using the sender's private key.
Answer / guest
Answer: A
A digital signature is a cryptographic method that ensures
data integrity, authentication of the message, and
non-repudiation. To ensure these, the sender first creates a
message digest by applying a cryptographic hashing algorithm
against the entire message and thereafter enciphers the
message digest using the sender's private key. A message
digest is created by applying a cryptographic hashing
algorithm against the entire message not on any arbitrary
part of the message. After creating the message digest, only
the message digest is enciphered using the sender's private
key, not the message.
| Is This Answer Correct ? | 3 Yes | 0 No |
Which of the following functions should be performed by the application owners to ensure an adequate segregation of duties between IS and end users? A. System analysis B. Authorization of access to data C. Application programming D. Data administration
Digital signatures require the: A. signer to have a public key and the receiver to have a private key. B. signer to have a private key and the receiver to have a public key. C. signer and receiver to have a public key. D. signer and receiver to have a private key.
Which of the following is a data validation edit and control? A. Hash totals B. Reasonableness checks C. Online access controls D. Before and after image reporting
Which of the following audit tools is MOST useful to an IS auditor when an audit trail is required? A. Integrated test facility (ITF) B. Continuous and intermittent simulation (CIS) C. Audit hooks D. Snapshots
Which of the following exposures associated with the spooling of sensitive reports for offline printing would an IS auditor consider to be the MOST serious? A. Sensitive data can be read by operators. B. Data can be amended without authorization. C. Unauthorized report copies can be printed. D. Output can be lost in the event of system failure.
Which of the following would be included in an IS strategic plan? A. Specifications for planned hardware purchases B. Analysis of future business objectives C. Target dates for development projects D. Annual budgetary targets for the IS department
Requiring passwords to be changed on a regular basis, assigning a new one-time password when a user forgets his/hers, and requiring users not to write down their passwords are all examples of: A. audit objectives. B. audit procedures. C. controls objectives. D. control procedures.
Software maintainability BEST relates to which of the following software attributes? A. Resources needed to make specified modifications. B. Effort needed to use the system application. C. Relationship between software performance and the resources needed. D. Fulfillment of user needs.
Which of the following procedures should be implemented to help ensure the completeness of inbound transactions via electronic data interchange (EDI)? A. Segment counts built into the transaction set trailer B. A log of the number of messages received, periodically verified with the transaction originator C. An electronic audit trail for accountability and tracking D. Matching acknowledgement transactions received to the log of EDI messages sent
As part of the business continuity planning process, which of the following should be identified FIRST in the business impact analysis (BIA)? A. Organizational risks, such as single point-of-failure and infrastructure risk B. Threats to critical business processes C. Critical business processes for ascertaining the priority for recovery D. Resources required for resumption of business
A dry-pipe fire extinguisher system is a system that uses: A. water, but in which water does not enter the pipes until a fire has been detected. B. water, but in which the pipes are coated with special watertight sealants. C. carbon dioxide instead of water. D. halon instead of water.
The development of an IS security policy is ultimately the responsibility of the: A. IS department. B. security committee. C. security administrator. D. board of directors.