Answer / guest

Answer: A

The SSL security protocol provides data encryption, server
authentication, message integrity and optional client
authentication. Because SSL is built into all major browsers
and web servers, simply installing a digital certificate
turns on the SSL capabilities. SSL encrypts the data while
it is being transmitted over the Internet. The encryption is
done in the background, without any interaction from the
user, consequently there's no password to remember either.
The other choices are incorrect. Since the communication
between client and server is encrypted, the confidentiality
of information is not affected by wire tapping. Since SSL
does the client authentication, only the intended recipient
will receive the decrypted data. All data sent over an
encrypted SSL connection is protected with a mechanism to
detect tampering, that is, automatically determining whether
data has been altered in transit.

Answer / oshan

A. The organization does not have control over encryption.

The SSL security protocol provides data encryption, server
authentication, message integrity and optional client
authentication. Because SSL is built into all major browsers
and web servers, simply installing a digital certificate
turns on the SSL capabilities. SSL encrypts the datum while
it is being transmitted over the Internet. The encryption is
done in the background, without any interaction from the
user, consequently there is no password to remember either.
The other choices are incorrect. Since the communication
between client and server is encrypted, the confidentiality
of information is not affected by wire tapping. Since SSL
does the client authentication, only the intended recipient
will receive the decrypted data. All data sent over an
encrypted SSL connection are protected with a mechanism to
detect tampering, i.e., automatically determining whether
data has been altered in transit.

Which of the following is a control over database administration activities? A. A database checkpoint to restart processing after a system failure B. Database compression to reduce unused space C. Supervisory review of access logs D. Backup and recovery procedures to ensure database availability

1 Answers  

---

A malicious code that changes itself with each file it infects is called a: A. logic bomb. B. stealth virus. C. trojan horse. D. polymorphic virus.

3 Answers  

---

Which of the following would an IS auditor place LEAST reliance on when determining management's effectiveness in communicating information systems policies to appropriate personnel? A. Interviews with user and IS personnel B. Minutes of IS steering committee meetings C. User department systems and procedures manuals D.Information processing facilities operations and procedures manuals

1 Answers  

---

A debugging tool, which reports on the sequence of steps executed by a program, is called a/an: A. output analyzer. B. memory dump. C. compiler. D. logic path monitor.

2 Answers  

---

A consulting firm has created a File Transfer Protocol (FTP) site for the purpose of receiving financial data and has communicated the site's address, user ID and password to the financial services company in separate email messages. The company is to transmit its data to the FTP site after manually encrypting the data. The IS auditor's GREATEST concern with this process is that: A. the users may not remember to manually encrypt the data before transmission. B. the site credentials were sent to the financial services company via email. C. personnel at the consulting firm may obtain access to sensitive data. D. the use of a shared user ID to the FTP site does not allow for user accountability.

1 Answers  

---

In a risk-based audit approach, an IS auditor, in addition to risk, would be influenced by: A. the availability of CAATs. B. management's representation. C. organizational structure and job responsibilities. D. the existence of internal and operational controls

1 Answers  

---

Which of the following is an advantage of an integrated test facility (ITF)? A. It uses actual master files or dummies and the IS auditor does not have to review the source of the transaction. B. Periodic testing does not require separate test processes. C. It validates application systems and tests the ongoing operation of the system. D. It eliminates the need to prepare test data.

1 Answers  

---

Accountability for the maintenance of appropriate security measures over information assets resides with the: A. security administrator. B. systems administrator. C. data and systems owners. D. systems operations group.

2 Answers  

---

The intent of application controls is to ensure that when inaccurate data is entered into the system, the data is: A. accepted and processed. B. accepted and not processed. C. not accepted and not processed. D. not accepted and processed.

1 Answers  

---

Which of the following procedures would BEST determine whether adequate recovery/restart procedures exist? A. Reviewing program code B. Reviewing operations documentation C. Turning off the UPS, then the power D. Reviewing program documentation

1 Answers  

---

Without compensating controls, which of the following functions would represent a risk if combined with that of a system analyst? A. Application programming B. Data entry C. Quality assurance D. Database administrator

1 Answers  

---

Corrective action has been taken by an auditee immediately after the identification of a reportable finding. The auditor should: A. include the finding in the final report because the IS auditor is responsible for an accurate report of all findings. B. not include the finding in the final report because the audit report should include only unresolved findings. C. not include the finding in the final report because corrective action can be verified by the IS auditor during the audit. D. include the finding in the closing meeting for discussion purposes only.

2 Answers  

---