To affix a digital signature to a message, the sender must
first create a message digest by applying a cryptographic
hashing algorithm against:
A. the entire message and thereafter enciphering the message
digest using the sender's private key.
B. any arbitrary part of the message and thereafter
enciphering the message digest using the sender's private key.
C. the entire message and thereafter enciphering the message
using the sender's private key.
D. the entire message and thereafter enciphering the message
along with the message digest using the sender's private key.
- 1 Answers
- 8130 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: A
A digital signature is a cryptographic method that ensures
data integrity, authentication of the message, and
non-repudiation. To ensure these, the sender first creates a
message digest by applying a cryptographic hashing algorithm
against the entire message and thereafter enciphers the
message digest using the sender's private key. A message
digest is created by applying a cryptographic hashing
algorithm against the entire message not on any arbitrary
part of the message. After creating the message digest, only
the message digest is enciphered using the sender's private
key, not the message.
| Is This Answer Correct ? | 3 Yes | 0 No |
Which of the following would be MOST appropriate to ensure the confidentiality of transactions initiated via the Internet? A. Digital signature B. Data encryption standard (DES) C. Virtual private network (VPN) D. Public key encryption
With regard to sampling it can be said that: A. sampling is generally applicable when the population relates to an intangible or undocumented control. B. if an auditor knows internal controls are strong, the confidence coefficient may be lowered. C. attribute sampling would help prevent excessive sampling of an attribute by stopping an audit test at the earliest possible moment. D. variable sampling is a technique to estimate the rate of occurrence of a given control or set of related controls.
An IS auditor is assigned to help design the data security aspects of an application under development. Which of the following provides the MOST reasonable assurance that corporate assets are protected when the application is certified for production? A. A review conducted by the internal auditor B. A review conducted by the assigned IS auditor C. Specifications by the user on the depth and content of the review D. An independent review conducted by another equally experienced IS auditor
Which of the following access control functions is LEAST likely to be performed by a database management system (DBMS) software package? A. User access to field data B. User sign-on at the network level C. User authentication at the program level D. User authentication at the transaction level
A goal of processing controls is to ensure that: A. the data are delivered without compromised confidentiality. B. all transactions are authorized. C. accumulated data are accurate and complete through authorized routines. D. only authorized individuals perform sensitive functions.
An organization acquiring other businesses continues using its legacy EDI systems, and uses three separate value added network (VAN) providers. No written VAN agreements exist. The IS auditor should recommend that management: A. obtain independent assurance of the third party service providers. B. set up a process for monitoring the service delivery of the third party. C. ensure that formal contracts are in place. D. consider agreements with third party service providers in the development of continuity plans.
Of the following, the MAIN purpose for periodically testing offsite backup facilities is to: A. ensure the integrity of the data in the database. B. eliminate the need to develop detailed contingency plans. C. ensure the continued compatibility of the contingency facilities. D. ensure that program and system documentation remains current.
While developing a risk-based audit program, which of the following would the IS auditor MOST likely focus on? A. Business processes B. Critical IT applications C. Corporate objectives D. Business strategies
Large-scale systems development efforts: A. are not affected by the use of prototyping tools. B. can be carried out independent of other organizational practices. C. require that business requirements be defined before the project begins. D. require that project phases and deliverables be defined during the duration of the project.
When conducting an audit of client/server database security, the IS auditor would be MOST concerned about the availability of: A. system utilities. B. application program generators. C. system security documentation. D. access to stored procedures.
Which of the following pairs of functions should not be combined to provide proper segregation of duties? A. Tape librarian and computer operator B. Application programming and data entry C. Systems analyst and database administrator D. Security administrator and quality assurance
Which of the following programs would a sound information security policy MOST likely include to handle suspected intrusions? A. Response B. Correction C. Detection D. Monitoring
Cisco Certifications 
