Interested to Buy Any Domain ? << Click Here >> for more details...
Which of the following encrypt/decrypt steps provides the
GREATEST assurance in achieving confidentiality, message
integrity and nonrepudiation by either sender or recipient?
A. The recipient uses his/her private key to decrypt the
secret key.
B. The encrypted pre-hash code and the message are encrypted
using a secret key.
C. The encrypted pre-hash code is derived mathematically
from the message to be sent.
D. The recipient uses the sender's public key, verified with
a certificate authority, to decrypt the pre-hash code.
- 1 Answers
- 8257 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: D
Most encrypted transactions today use a combination of
private keys, public keys, secret keys, hash functions and
digital certificates to achieve confidentiality, message
integrity and nonrepudiation by either sender or recipient.
The recipient uses the sender's public key to decrypt the
pre-hash code into a post-hash code which when equaling the
pre-hash code verifies the identity of the sender and that
the message has not been changed in route and would provide
the greatest assurance. Each sender and recipient has a
private key, known only to him/her and a public key, which
can be known by anyone. Each encryption/decryption process
requires at least one public key and one private key and
both must be from the same party. A single secret key is
used to encrypt the message, because secret key encryption
requires less processing power than using public and private
keys. A digital certificate, signed by a certificate
authority, validates senders' and recipients' public keys.
| Is This Answer Correct ? | 3 Yes | 0 No |
Which of the following is intended to detect the loss or duplication of input? A. Hash totals B. Check digits C. Echo checks D. Transaction codes
Connection-oriented protocols in the TCP/IP suite are implemented in the: A. transport layer. B. application layer. C. physical layer. D. network layer.
Which of the following user profiles should be of MOST concern to the IS auditor, when performing an audit of an EFT system? A. Three users with the ability to capture and verifiy their own messages B. Five users with the ability to capturr and send their own messages C. Five users with the ability to verificy other users and to send of their own messages D. Three users with the ability to capture and verifiy the messages of other users and to send their own messages
Separation of duties between computer opeartors and other data processing personnel is intended to: A. Prevent unauthorized modifications to program or data. B. Reduce overall cost of operations C. Allow operators to concentrate on their assigned duties D. Restrict operator access to data
Which of the following is LEAST likely to be contained in a digital certificate for the purposes of verification by a trusted third party (TTP)/certification authority (CA)? A. Name of the TTP/CA B. Public key of the sender C. Name of the public key holder D. Time period for which the key is valid
When auditing the requirements phase of a system development project, an IS auditor would: A. assess the adequacy of audit trails. B. identify and determine the criticality of the need. C. verify cost justifications and anticipated benefits. D. ensure that control specifications have been defined.
Utility programs that assemble software modules needed to execute a machine instruction application program version are: A. text editors. B. program library managers. C. linkage editors and loaders. D. debuggers and development aids.
An IS auditor conducting a review of disaster recovery planning at a financial processing organization has discovered the following: * The existing disaster recovery plan was compiled two years ago by a systems analyst in the organization's IT department using transaction flow projections from the operations department. * The plan was presented to the deputy CEO for approval and formal issue, but it is still awaiting his attention. * The plan has never been updated, tested or circulated to key management and staff, though interviews show that each would know what action to take for their area in the event of a disruptive incident. The basis of an organization's disaster recovery plan is to reestablish live processing at an alternative site where a similar, but not identical hardware configuration is already established. The IS auditor should: A. take no action as the lack of a current plan is the only significant finding. B. recommend that the hardware configuration at each site should be identical. C. perform a review to verify that the second configuration can support live processing. D. report that the financial expenditure on the alternative site is wasted without an effective plan.
Which of the following can consume valuable network bandwidth? A. Trojan horses B. Trap doors C. Worms D. Vaccines
Which of the following is MOST important to have provided for in a disaster recovery plan? A. Backup of compiled object programs B. Reciprocal processing agreement C. Phone contact list D. Supply of special forms
IS management has decided to rewrite a legacy customer relations system using fourth-generation languages (4GLs). Which of the following risks is MOST often associated with system development using 4GLs? A. Inadequate screen/report design facilities B. Complex programming language subsets C. Lack of portability across operating systems D. Inability to perform data intensive operations
Which of the following goals would you expect to find in an organization's strategic plan? A. Test a new accounting package. B. Perform an evaluation of information technology needs. C. Implement a new project planning system within the next 12 months. D. Become the supplier of choice within a given time period for the product offered.
Cisco Certifications 
