Answer / guest

Answer: A

The SSL security protocol provides data encryption, server
authentication, message integrity and optional client
authentication. Because SSL is built into all major browsers
and web servers, simply installing a digital certificate
turns on the SSL capabilities. SSL encrypts the data while
it is being transmitted over the Internet. The encryption is
done in the background, without any interaction from the
user, consequently there's no password to remember either.
The other choices are incorrect. Since the communication
between client and server is encrypted, the confidentiality
of information is not affected by wire tapping. Since SSL
does the client authentication, only the intended recipient
will receive the decrypted data. All data sent over an
encrypted SSL connection is protected with a mechanism to
detect tampering, that is, automatically determining whether
data has been altered in transit.

Answer / oshan

A. The organization does not have control over encryption.

The SSL security protocol provides data encryption, server
authentication, message integrity and optional client
authentication. Because SSL is built into all major browsers
and web servers, simply installing a digital certificate
turns on the SSL capabilities. SSL encrypts the datum while
it is being transmitted over the Internet. The encryption is
done in the background, without any interaction from the
user, consequently there is no password to remember either.
The other choices are incorrect. Since the communication
between client and server is encrypted, the confidentiality
of information is not affected by wire tapping. Since SSL
does the client authentication, only the intended recipient
will receive the decrypted data. All data sent over an
encrypted SSL connection are protected with a mechanism to
detect tampering, i.e., automatically determining whether
data has been altered in transit.

A manufacturer has been purchasing materials and supplies for its business through an e-commerce application. Which of the following should this manufacturer rely on to prove that the transactions were actually made? A. Reputation B. Authentication C. Encryption D. Nonrepudiation

1 Answers  

---

To prevent unauthorized entry to the data maintained in a dial-up fast response system, an IS auditor should recommend: A. online terminals be placed in restricted areas. B. online terminals be equipped with key locks. C. ID cards be required to gain access to online terminals. D. online access be terminated after three unsuccessful attempts.

1 Answers  

---

An IS auditor involved as a team member in the detailed system design phase of a system under development would be MOST concerned with: A. internal control procedures. B. user acceptance test schedules. C. adequacy of the user training program. D. clerical processes for resubmission of rejected items.

1 Answers  

---

To help mitigate the effects of a denial of service attack, which mechanism can an Internet service provider (ISP) use to identify Internet protocol (IP) packets from unauthorized sources? A. Inbound traffic filtering B. Rate limiting C. Reverse address lookup D. Network performance monitoring

2 Answers  

---

Which of the following techniques would provide the BEST assurance that the estimate of program development effort is reliable? A. Function point analysis B. Estimates by business area C. A computer-based project schedule D. An estimate by experienced programmer

1 Answers  

---

Which of the following sampling methods is MOST useful when testing for compliance? A. Attribute sampling B. Variable sampling C. Stratified mean per unit D. Difference estimation

1 Answers  

---

Which of the following is the MOST effective control procedure for security of a stand-alone small business computer environment? A. Supervision of computer usage B. Daily management review of the trouble log C. Storage of computer media in a locked cabinet D. Independent review of an application system design

1 Answers  

---

Prices are charged on the basis of a standard master file rate that changes as volume increases. Any exceptions must be manually approved. What is the MOST effective automated control to help ensure that all price exceptions are approved? A. All amounts are displayed back to the data entry clerk, who must verify them visually. B. Prices outside the normal range should be entered twice to verify data entry accuracy. C. The system beeps when price exceptions are entered and prints such occurrences on a report. D. A second-level password must be entered before a price exception can be processed.

1 Answers  

---

When logging on to an online system, which of the following processes would the system perform FIRST? A. Initiation B. Verification C. Authorization D. Authentication

1 Answers  

---

Which of the following IS functions may be performed by the same individual, without compromising on control or violating segregation of duties? A. Job control analyst and applications programmer B. Mainframe operator and system programmer C. Change/problem and quality control administrator D. Applications and system programmer

2 Answers  

---

An IS auditor who is participating in a systems development project should: A. recommend appropriate control mechanisms regardless of cost. B. obtain and read project team meeting minutes to determine the status of the project. C. ensure that adequate and complete documentation exists for all project phases. D. not worry about his/her own ability to meet target dates since work will progress regardless.

1 Answers  

---

Which of the following is the MOST effective means of determining which controls are functioning properly in an operating system? A. Consulting with the vendor B. Reviewing the vendor installation guide C. Consulting with the system programmer D. Reviewing the system generation parameters

1 Answers  

---