Which of the following provides nonrepudiation services for
e-commerce transactions?
A. Public key infrastructure (PKI)
B. Data encryption standard (DES)
C. Message authentication code (MAC)
D. Personal identification number (PIN)
- 1 Answers
- 7210 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: A
PKI is the administrative infrastructure for digital
certificates and encryption key-pairs. The tests of an
acceptable digital signature are: it is unique to the person
using it, it is capable of verification, it is under the
sole control of the person using it and it is linked to data
in such a manner that if data are changed, the digital
signature is invalidated. PKI meets these tests. The data
encryption standard (DES) is the most common private-key
cryptographic system. DES does not address non-repudiation.
A MAC is a cryptographic value calculated by passing an
entire message through a cipher system. The sender attaches
the MAC before transmission and the receiver recalculates
the MAC and compares it to the sent MAC. If the two MACs are
not equal, this indicates that the message has been altered
during transmission. It has nothing to do with
non-repudiation. A PIN is a type of password, a secret
number assigned to an individual which, in conjunction with
some other means of identification serves to verify the
authenticity of the individual.
| Is This Answer Correct ? | 9 Yes | 0 No |
The general ledger setup function in an enterprise resource package (ERP) allows for setting accounting periods. Access to this function has been permitted to users in finance, the warehouse and order entry. The MOST likely reason for such broad access is the: A. need to change accounting periods on a regular basis.. B. requirement to post entries for a closed accounting period. C. lack of policies and procedures for the proper segregation of duties. D. need to create/modify the chart of accounts and its allocations.
When implementing continuous monitoring systems an IS auditor's first step is to identify: A. reasonable target thresholds. B. high-risk areas within the organization. C. the location and format of output files. D. applications that provide the highest potential payback.
A primary function of risk management is the identification of cost-effective controls. In selecting appropriate controls, which of the following methods is best to study the effectiveness of adding various safeguards in reducing vulnerabilities? A. "What if" analysis B. Traditional cost/benefit analysis C. Screening analysis D. A "back-of-the-envelope" analysis
An IS auditor's MAJOR concern as a result of reviewing a business process reengineering (BPR) project should be whether the: A. newly designed business process has key controls in place. B. changed process will affect organization structure, finances and personnel. C. roles for suppliers have been redefined. D. process has been documented before and after reengineering.
Which of the following represents the GREATEST risk created by a reciprocal agreement for disaster recovery made between two companies? A. Developments may result in hardware and software incompatibility. B. Resources may not be available when needed. C. The recovery plan cannot be tested. D. The security infrastructures in each company may be different.
Once an organization has finished the business process reengineering (BPR) of all its critical operations, the IS auditor would MOST likely focus on a review of: A. pre-BPR process flowcharts. B. post-BPR process flowcharts. C. BPR project plans. D. continuous improvement and monitoring plans.
Which of the following types of data validation editing checks is used to determine if a field contains data, and not zeros or blanks? A. Check digit B. Existence check C. Completeness check D. Reasonableness check
A control for a company that wants to prevent virus-infected programs (or other type of unauthorized modified programs) would be to: A. utilize integrity checkers. B. verify program's lengths. C. backup the source and object code. D. implement segregation of duties.
Which of the following would be the LEAST likely indication that complete or selected outsourcing of IS functions should be considered? A. The applications development backlog is greater than three years. B. It takes one year to develop and implement a high-priority system. C. More than 60 percent of programming costs are spent on system maintenance. D. Duplicate information systems functions exist at two sites.
Which of the following normally would be the MOST reliable evidence for an auditor? A. A confirmation letter received from a third party verifying an account balance B. Assurance from line management that an application is working as designed C. Trend data obtained from World Wide Web (Internet) sources D. Ratio analysis developed by the IS auditor from reports supplied by line management
Which of the following imaging technologies captures handwriting from a preprinted form and converts it into an electronic format? A. Magnetic ink character recognition (MICR) B. Intelligent voice recognition (IVR) C. Bar code recognition (BCR) D. Optical character recognition (OCR)
Peer reviews to detect software errors during a program development activity are called: A. emulation techniques. B. structured walk-throughs. C. modular program techniques. D. top-down program construction.
Cisco Certifications 
