Answer / guest

Answer: D

Most encrypted transactions today use a combination of
private keys, public keys, secret keys, hash functions and
digital certificates to achieve confidentiality, message
integrity and nonrepudiation by either sender or recipient.
The recipient uses the sender's public key to decrypt the
pre-hash code into a post-hash code which when equaling the
pre-hash code verifies the identity of the sender and that
the message has not been changed in route and would provide
the greatest assurance. Each sender and recipient has a
private key, known only to him/her and a public key, which
can be known by anyone. Each encryption/decryption process
requires at least one public key and one private key and
both must be from the same party. A single secret key is
used to encrypt the message, because secret key encryption
requires less processing power than using public and private
keys. A digital certificate, signed by a certificate
authority, validates senders' and recipients' public keys.

Which of the following systems or tools can recognize that a credit card transaction is more likely to have resulted from a stolen credit card than from the holder of the credit card? A. Intrusion detection systems B. Data mining techniques C. Firewalls D. Packet filtering routers

1 Answers  

---

A company performs full backup of data and programs on a regular basis. The primary purpose of this practice is to: A. maintain data integrity in the applications. B. restore application processing after a disruption. C. prevent unauthorized changes to programs and data. D. ensure recovery of data processing in case of a disaster.

2 Answers  

---

A data warehouse is: A. object orientated. B. subject orientated. C. departmental specific. D. a volatile databases.

2 Answers  

---

A digital signature contains a message digest to: A. show if the message has been altered after transmission. B. define the encryption algorithm. C. confirm the identity of the originator. D. enable message transmission in a digital format.

2 Answers  

---

When reviewing a business process reengineering (BPR) project, which of the following is the MOST important for an IS auditor to evaluate? A. The impact of removed controls. B. The cost of new controls. C. The BPR project plans. D. The continuous improvement and monitoring plans.

1 Answers  

---

A key element in a risk analysis is/are: A. audit planning. B. controls. C. vulnerabilities. D. liabilities.

1 Answers  

---

An organization is considering connecting a critical PC-based system to the Internet. Which of the following would provide the BEST protection against hacking? A. An application-level gateway B. A remote access server C. A proxy server D. Port scanning

2 Answers  

---

The development of an IS security policy is ultimately the responsibility of the: A. IS department. B. security committee. C. security administrator. D. board of directors.

1 Answers  

---

An integrated test facility is considered a useful audit tool because it: A. is a cost-efficient approach to auditing application controls. B. enables the financial and IS auditors to integrate their audit tests. C. compares processing output with independently calculated data. D. provides the IS auditor with a tool to analyze a large range of information.

2 Answers  

---

1. which of the following is used to achieve accountability. a.identification b. authentication c. authorization d. iniation

5 Answers  

---

When performing a general controls review, an IS auditor checks the relative location of the computer room inside the building. What potential threat is the IS auditor trying to identify? A. Social engineering B. Windstorm C. Earthquake D. Flooding

1 Answers  

---

Electronic signatures can prevent messages from being: A. suppressed. B. repudiated. C. disclosed. D. copied.

1 Answers  

---