Answer / guest

Answer: A

The SSL security protocol provides data encryption, server
authentication, message integrity and optional client
authentication. Because SSL is built into all major browsers
and web servers, simply installing a digital certificate
turns on the SSL capabilities. SSL encrypts the data while
it is being transmitted over the Internet. The encryption is
done in the background, without any interaction from the
user, consequently there's no password to remember either.
The other choices are incorrect. Since the communication
between client and server is encrypted, the confidentiality
of information is not affected by wire tapping. Since SSL
does the client authentication, only the intended recipient
will receive the decrypted data. All data sent over an
encrypted SSL connection is protected with a mechanism to
detect tampering, that is, automatically determining whether
data has been altered in transit.

Answer / oshan

A. The organization does not have control over encryption.

The SSL security protocol provides data encryption, server
authentication, message integrity and optional client
authentication. Because SSL is built into all major browsers
and web servers, simply installing a digital certificate
turns on the SSL capabilities. SSL encrypts the datum while
it is being transmitted over the Internet. The encryption is
done in the background, without any interaction from the
user, consequently there is no password to remember either.
The other choices are incorrect. Since the communication
between client and server is encrypted, the confidentiality
of information is not affected by wire tapping. Since SSL
does the client authentication, only the intended recipient
will receive the decrypted data. All data sent over an
encrypted SSL connection are protected with a mechanism to
detect tampering, i.e., automatically determining whether
data has been altered in transit.

The knowledge base of an expert system that uses questionnaires to lead the user through a series of choices before a conclusion is reached is known as: A. rules. B. decision trees. C. semantic nets. D. data flow diagrams.

1 Answers  

---

In a risk-based audit approach, an IS auditor, in addition to risk, would be influenced by: A. the availability of CAATs. B. management's representation. C. organizational structure and job responsibilities. D. the existence of internal and operational controls

1 Answers  

---

Which of the following represents the MOST pervasive control over application development? A. IS auditors B. Standard development methodologies C. Extensive acceptance testing D. Quality assurance groups

1 Answers  

---

Congestion control is BEST handled by which OSI layer? A. Data link B. Session layer C. Transport layer D. Network layer

3 Answers  

---

An IS auditor discovers that programmers have update access to the live environment. In this situation, the IS auditor is LEAST likely to be concerned that programmers can: A. authorize transactions. B. add transactions directly to the database. C. make modifications to programs directly. D. access data from live environment and provide faster maintenance.

1 Answers  

---

The most common reason for the failure of information systems to meet the needs of users is that: A. user needs are constantly changing. B. the growth of user requirements was forecast inaccurately. C. the hardware system limits the number of concurrent users. D. user participation in defining the system's requirements was inadequate.

1 Answers  

---

Which of the following fire suppressant systems would an IS auditor expect to find when conducting an audit of an unmanned computer center? A. Carbon dioxide B. Halon C. Dry-pipe sprinkler D. Wet-pipe sprinkler

1 Answers  

---

Sign-on procedures include the creation of a unique user ID and password. However, an IS auditor discovers that in many cases the user name and password are the same. The BEST control to mitigate this risk is to: A. change the company's security policy. B. educate users about the risk of weak passwords. C. build in validations to prevent this during user creation and password change. D. require a periodic review of matching user ID and passwords for detection and correction.

1 Answers  

---

Which of the following provides nonrepudiation services for e-commerce transactions? A. Public key infrastructure (PKI) B. Data encryption standard (DES) C. Message authentication code (MAC) D. Personal identification number (PIN)

1 Answers  

---

Which of the following is the MOST important issue to the IS auditor in a business process re-engineering (BPR) project would be? A. The loss of middle management, which often is a result of a BPR project B. That controls are usually given low priority in a BPR project C. The considerable negative impact that information protection could have on BPR D. The risk of failure due to the large size of the task usually undertaken in a BPR project

2 Answers  

---

Which of the following processes describes risk assessment? Risk assessment is: A. subjective. B. objective. C. mathematical. D. statistical.

1 Answers  

---

A manufacturing firm wants to automate its invoice payment system. Objectives state that the system should require considerably less time for review and authorization and the system should be capable of identifying errors that require follow up. Which of the following would BEST meet these objectives? A. Establishing an inter-networked system of client servers with suppliers for increased efficiencies B. Outsourcing the function to a firm specializing in automated payments and accounts receivable/invoice processing C. Establishing an EDI system of electronic business documents and transactions with key suppliers, computer to computer, in a standard format D. Reengineering the existing processing and redesigning the existing system

1 Answers  

---