Interested to Buy Any Domain ? << Click Here >> for more details...
Which of the following would an IS auditor consider a weakness when performing an audit of an organization that uses a public key infrastructure (PKI) with digital certificates for its business-to-consumer transactions via the Internet?
A. Customers are widely dispersed geographically, but the certificate authorities (CAs) are not.
B. Customers can make their transactions from any computer or mobile device.
C. The CA has several data processing subcenters to administer certificates.
D. The organization is the owner of the CA.
- 1 Answers
- 3633 Views
- I also Faced
- E-Mail Answers
Answer / heather chatterjee
D is the Correct Answer.
A. It is common to use a single certificate authority (CA). They do not need to be geographically dispersed.
B. The use of public key infrastructure (PKI) and certificates allows flexible secure communications from many devices.
C. The CA will often have redundancy and failover capabilities to alternate data centers.
D. If the CA belongs to the same organization, this would pose a risk. The management of a CA must be based on trusted and secure procedures. If the organization has not set in place the controls to manage the registration, distribution and revocation of certificates this could lead to a compromise of the certificates and loss of trust.
| Is This Answer Correct ? | 5 Yes | 0 No |
Which of the following is MOST directly affected by network performance monitoring tools? A. Integrity B. Availability C. Completeness D. Confidentiality
A sequence of bits appended to a digital document that is used to secure an e-mail sent through the Internet is called a: A. digest signature. B. electronic signature. C. digital signature. D. hash signature.
Which of the following environmental controls is appropriate to protect computer equipment against short-term reductions in electrical power? A. Power line conditioners B. A surge protective device C. An alternative power supply D. An interruptible power supply
The database administrator has recently informed you of the decision to disable certain normalization controls in the database management system (DBMS) software to provide users with increased query performance. This will MOST likely increase the risk of: A. loss of audit trails. B. redundancy of data. C. loss of data integrity. D. unauthorized access to data.
In an audit of a business continuity plan, which of the following findings is of MOST concern? A. There is no insurance for the addition of assets during the year. B. BCP manual is not updated on a regular basis. C. Testing of the backup of data has not been done regularly. D. Records for maintenance of access system have not been maintained.
Which of the following represents the GREATEST potential risk in an EDI environment? A. Transaction authorization B. Loss or duplication of EDI transmissions C. Transmission delay D. Deletion or manipulation of transactions prior to or after establishment of application controls
Which of the following is a disadvantage of image processing? A. Verifies signatures B. Improves service C. Relatively inexpensive to use D. Reduces deterioration due to handling
Which of the following exposures could be caused by a line-grabbing technique? A. Unauthorized data access B. Excessive CPU cycle usage C. Lockout of terminal polling D. Multiplexor control dysfunction
Data flow diagrams are used by IS auditors to: A. order data hierarchically. B. highlight high-level data definitions. C. graphically summarize data paths and storage. D. portray step-by-step details of data generation.
Failure to adequately define or manage the requirements for a system can result in a number of risks. The GREATEST risk is: A. inadequate user involvement. B. inadequate allocation of resources. C. scope creep. D. an incorrect estimation of the critical path.
Sales orders are automatically numbered sequentially at each of a retailer's multiple outlets. Small orders are processed directly at the outlets, with large orders sent to a central production facility. The MOST appropriate control to ensure that all orders transmitted to production are received and processed would be to: A. send and reconcile transaction counts and totals. B. have data transmitted back to the local site for comparison. C. compare data communications protocols with parity checking. D. track and account for the numerical sequence of sales orders at the production facility.
An IS auditor conducting a review of disaster recovery planning at a financial processing organization has discovered the following: * The existing disaster recovery plan was compiled two years ago by a systems analyst in the organization's IT department using transaction flow projections from the operations department. * The plan was presented to the deputy CEO for approval and formal issue, but it is still awaiting his attention. * The plan has never been updated, tested or circulated to key management and staff, though interviews show that each would know what action to take for their area in the event of a disruptive incident. The IS auditor's report should recommend that: A. the deputy CEO be censured for his failure to approve the plan. B. a board of senior managers be set up to review the existing plan. C. the existing plan be approved and circulated to all key management and staff. D. a manager coordinate the creation of a new or revised plan within a defined time limit.
Cisco Certifications 
