Which of the following is a concern when data is transmitted
through secure socket layer (SSL) encryption implemented on
a trading partner's server?
A. Organization does not have control over encryption.
B. Messages are subjected to wire tapping.
C. Data might not reach the intended recipient.
D. The communication may not be secure.
- 2 Answers
- 4702 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: A
The SSL security protocol provides data encryption, server
authentication, message integrity and optional client
authentication. Because SSL is built into all major browsers
and web servers, simply installing a digital certificate
turns on the SSL capabilities. SSL encrypts the data while
it is being transmitted over the Internet. The encryption is
done in the background, without any interaction from the
user, consequently there's no password to remember either.
The other choices are incorrect. Since the communication
between client and server is encrypted, the confidentiality
of information is not affected by wire tapping. Since SSL
does the client authentication, only the intended recipient
will receive the decrypted data. All data sent over an
encrypted SSL connection is protected with a mechanism to
detect tampering, that is, automatically determining whether
data has been altered in transit.
| Is This Answer Correct ? | 1 Yes | 0 No |
Answer / oshan
A. The organization does not have control over encryption.
The SSL security protocol provides data encryption, server
authentication, message integrity and optional client
authentication. Because SSL is built into all major browsers
and web servers, simply installing a digital certificate
turns on the SSL capabilities. SSL encrypts the datum while
it is being transmitted over the Internet. The encryption is
done in the background, without any interaction from the
user, consequently there is no password to remember either.
The other choices are incorrect. Since the communication
between client and server is encrypted, the confidentiality
of information is not affected by wire tapping. Since SSL
does the client authentication, only the intended recipient
will receive the decrypted data. All data sent over an
encrypted SSL connection are protected with a mechanism to
detect tampering, i.e., automatically determining whether
data has been altered in transit.
| Is This Answer Correct ? | 1 Yes | 0 No |
A B-to-C e-commerce web site as part of its information security program wants to monitor, detect and prevent hacking activities and alert the system administrator when suspicious activities occur. Which of the following infrastructure components could be used for this purpose? A. Intrusion detection systems B. Firewalls C. Routers D. Asymmetric encryption
Without causing a conflict of interest, a duty compatible with those of a security administrator would be: A. quality assurance. B. application programming. C. systems programming. D. data entry.
The responsibility, authority and accountability of the IS audit function is documented appropriately in an audit charter and MUST be: A. approved by the highest level of management. B. approved by audit department management. C. approved by user department management. D. changed every year before commencement of IS audits.
An IS auditor auditing hardware monitoring procedures should review A. system availability reports. B. cost-benefit reports. C. response time reports. D. database utilization reports.
To identify the value of inventory that has been kept for more than eight weeks, an IS auditor would MOST likely use: A. test data. B. statistical sampling. C. an integrated test facility. D. generalized audit software.
After implementation of a disaster recovery plan (DRP), pre-disaster and post-disaster operational cost for an organization will: A. decrease. B. not change (remain the same). C. increase. D. increase or decrease depending upon nature of the business.
An organization has been an Internet user for several years and the business plan now calls for initiating e-commerce via web-based transactions. Which of the following will LEAST impact transactions in e-commerce? A. Encryption is required B. Timed authentication is required C. Firewall architecture hides the internal network D. Traffic is exchanged through the firewall at the application layer only
The use of residual biometric information to gain unauthorized access is an example of which of the following attacks? A. Replay B. Brute force C. Cryptographic D. Mimic
An IS auditor conducting an access controls review in a client-server environment discovers that all printing options are accessible by all users. In this situation, the IS auditor is MOST likely to conclude that: A. exposure is greater since information is available to unauthorized users. B. operating efficiency is enhanced since anyone can print any report, any time. C. operating procedures are more effective since information is easily available. D. user friendliness and flexibility is facilitated since there is a smooth flow of information among users.
An IS auditor is reviewing the database administration function to ascertain whether adequate provision has been made for controlling data. The IS auditor should determine that the: A. function reports to data processing operations. B. responsibilities of the function are well defined. C. database administrator is a competent systems programmer. D. audit software has the capability of efficiently accessing the database.
Applying a retention date on a file will ensure that: A. data cannot be read until the date is set. B. data will not be deleted before that date. C. backup copies are not retained after that date. D. datasets having the same name are differentiated.
Which of the following is an object-oriented technology characteristic that permits an enhanced degree of security over data? A. Inheritance B. Dynamic warehousing C. Encapsulation D. Polymorphism
Cisco Certifications 
