Interested to Buy Any Domain ? << Click Here >> for more details...
The PKI element that manages the certificate life cycle,
including certificate directory maintenance and certificate
revocation list (CRL) maintenance and publication is the:
A. certificate authority.
B. digital certificate.
C. certification practice statement.
D. registration authority.
- 2 Answers
- 8492 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / me
Answer :A
The certificate authority manages the certificate life
cycle, including certificate directory maintenance and CRL
maintenance and publication. The CA attests, as a trusted
provider of the public/private key pairs, to the
authenticity of the owner to whom a public/private key pair
has been given. The digital certificate is composed of a
public key and identifying information about the owner of
the public key. It associates a public key with an
individual's identity. Certificates are e-documents,
digitally signed by a trusted entity and containing
information on individuals. The process entails the sender,
who is digitally signing a document with the digital
certificate attached issued by a trusted entity where the
receiver relies on the public key that is included in the
digital certificate, to authenticate the message. The
certification practice statement is the governance process
for CA operations. A CPS documents the high-level
practices, procedures and controls of a CA. The
registration authority attests, as a trusted provider of
the public/private key pairs, to the authenticity of the
owner to whom a public/private key pair has been provided.
In other words, the registration authority performs the
process of identification and authentication by
establishing a link between the identity of the requesting
person or organization and the public key. As a brief note,
a CA manages and issues certificates, whereas a RA is
responsible for identifying and authenticating subscribers,
but does not sign or issue certificates. Definitions can be
found in a glossary posted at:
http://sig.nfc.usda.gov/pki/glossary/glossary.html and
http://www.cio-dpi.gc.ca/pki-icp/beginners/glossary/
glossary_e.asp?format=print and in "Auditing and
Certification of a Public Key Infrastructure," by Ronald
Koorn, Peter Walsen, Mark Lund, Information Systems Control
Journal, vol. 5, 2002, p. 28-29.
| Is This Answer Correct ? | 16 Yes | 3 No |
Answer / guest
Answer: D
The registration authority manages the certificate life
cycle, including certificate directory maintenance and
certificate revocation list (CRL) maintenance and
publication. The certificate authority attests, as a trusted
provider of the public/private key pairs, to the
authenticity of the owner to whom a public/private key pair
has been given. The digital certificate is composed of a
public key together with identifying information about the
owner of the public key. It associates a public key with an
individual's identity. Certificates are e-documents
digitally signed by a trusted entity containing information
on individuals. The process entails the sender digitally
signing a document with the digital certificate attached
issued by a trusted entity where the receiver relies on the
public key that is included in the digital certificate to
authenticate the message. The certification practice
statement is the governance process for CA operations.
| Is This Answer Correct ? | 5 Yes | 13 No |
The PRIMARY purpose of audit trails is to: A. improve response time for users. B. establish accountability and responsibility for processed transactions. C. improve the operational efficiency of the system. D. provide useful information to auditors who may wish to track transactions.
IS auditors, in performing detailed network assessments and access control reviews should FIRST: A. determine the points of entry. B. evaluate users access authorization. C. assess users identification and authorization. D. evaluate the domain-controlling server configuration.
To determine which users can gain access to the privileged supervisory state, which of the following should an IS auditor review? A. System access log files B. Enabled access control software parameters C. Logs of access control violations D. System configuration files for control options used
Which of the following is the MOST likely reason why e-mail systems have become a useful source of evidence for litigation? A. Multiple cycles of backup files remain available. B. Access controls establish accountability for e-mail activity. C. Data classification regulates what information should be communicated via e-mail. D. Within the enterprise, a clear policy for using e-mail ensures that evidence is available.
Confidential data stored on a laptop is BEST protected by: A. storage on optical disks. B. logon ID and password. C. data encryption. D. physical locks.
While reviewing the business continuity plan of an organization, the IS auditor observed that the organization's data and software files are backed up on a periodic basis. Which characteristic of an effective plan does this demonstrate? A. Deterrence B. Mitigation C. Recovery D. Response
Which of the following is an object-oriented technology characteristic that permits an enhanced degree of security over data? A. Inheritance B. Dynamic warehousing C. Encapsulation D. Polymorphism
A primary reason for an IS auditor's involvement in the development of a new application system is to ensure that: A. adequate controls are built into the system. B. user requirements are satisfied by the system. C. sufficient hardware is available to process the system. D. data are being developed for pre-implementation testing of the system.
Which of the following is the MOST critical and contributes the MOST to the quality of data in a data warehouse? A. Accuracy of the source data B. Credibility of the data source C. Accuracy of the extraction process D. Accuracy of the data transformation
Where adequate segregation of duties between operations and programming are not achievable, the IS auditor should look for: A. compensating controls. B. administrative controls. C. corrective controls. D. access controls.
Which of the following independent duties is traditionally performed by the data control group? A. Access to data B. Authorization tables C. Custody of assets D. Reconciliation
The reliability of an application system's audit trail may be questionable if: A. user IDs are recorded in the audit trail. B. the security administrator has read-only rights to the audit file. C. date time stamps record when an action occurs. D. users can amend audit trail records when correcting system errors.
Cisco Certifications 
