Interested to Buy Any Domain ? << Click Here >> for more details...
Which of the following would an IS auditor consider a
weakness when performing an audit of an organization that
uses a public key infrastructure with digital certificates
for its business-to-consumer transactions via the Internet?
A. Customers are widely dispersed geographically, but not
the certificate authorities.
B. Customers can make their transactions from any computer
or mobile device.
C. The certificate authority has several data processing
subcenters to administrate certificates.
D. The organization is the owner of the certificate authority.
- 1 Answers
- 9860 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: D
If the certificate authority belongs to the same
organization, this would generate a conflict of interest. If
a customer wanted to repudiate a transaction, he/she could
allege that there exists an unlawful agreement between the
parties generating the certificates, because of the shared
interests. If a customer wanted to repudiate a transaction,
he/she could believe that there exists a bribery between the
parties to generate the certificates, as there exist shared
interests. The other options are not weaknesses.
| Is This Answer Correct ? | 5 Yes | 0 No |
Which of the following security techniques is the BEST method for authenticating a user's identity? A. Smart card B. Biometrics C. Challenge-response token D. User ID and password
Which of the following is the MOST important criterion for the selection of a location for an offsite storage facility for IS backup files? The offsite facility must be: A. physically separated from the data center and not subject to the same risks. B. given the same level of protection as that of the computer data center. C. outsourced to a reliable third party. D. equipped with surveillance capabilities.
Which of the following types of firewalls would BEST protect a network from an Internet attack? A. Screened subnet firewall B. Application filtering gateway C. Packet filtering router D. Circuit-level gateway
The FIRST step in developing a business continuity plan (BCP) is to: A. classify the importance of systems. B. establish a disaster recovery strategy. C. determine the critical recovery time period. D. perform a risk ranking.
As updates to an online order entry system are processed, the updates are recorded on a transaction tape and a hard-copy transaction log. At the end of the day, the order entry files are backed up on tape. During the backup procedure, a drive malfunctions and the order entry files are lost. Which of the following are necessary to restore these files? A. The previous day's backup file and the current transaction tape B. The previous day's transaction file and the current transaction tape C. The current transaction tape and the current hard-copy transaction log D. The current hard-copy transaction log and the previous day's transaction file
Which of the following audit techniques would an IS auditor place the MOST reliance on when determining whether an employee practices good preventive and detective security measures? A. Observation B. Detail testing C. Compliance testing D. Risk assessment
Which of the following can be used to verify output results and control totals by matching them against the input data and control totals? A. Batch header forms B. Batch balancing C. Data conversion error corrections D. Access controls over print spools
Business continuity/disaster recovery is PRIMARILY the responsibility of: A. IS management. B. business unit managers. C. the security administrator. D. the board of directors.
IS management has recently informed the IS auditor of its decision to disable certain referential integrity controls in the payroll system to provide users with a faster report generator. This will MOST likely increase the risk of: A. data entry by unauthorized users. B. a nonexistent employee being paid. C. an employee receiving an unauthorized raise. D. duplicate data entry by authorized users.
Which of the following would an IS auditor consider to be the MOST important when evaluating an organization's IS strategy? That it: A. has been approved by line management. B. does not vary from the IS department's preliminary budget. C. complies with procurement procedures. D. supports the business objectives of the organization.
Which of the following represents the GREATEST potential risk in an EDI environment? A. Transaction authorization B. Loss or duplication of EDI transmissions C. Transmission delay D. Deletion or manipulation of transactions prior to or after establishment of application controls
Which of the following information valuation methods is LEAST likely to be used during a security review? A. Processing cost B. Replacement cost C. Unavailability cost D. Disclosure cost
Cisco Certifications 
