CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 283
1. Which of the following functions is performed by a virtual private network (VPN)?
A) Hiding information from sniffers on the net
B) Enforcing security policies
C) Detecting misuse or mistakes
D) Regulating access
2. Applying a digital signature to data traveling in a network provides:
A) confidentiality and integrity.
B) security and nonrepudiation.
C) integrity and nonrepudiation.
D) confidentiality and nonrepudiation.
3. Which of the following would an IS auditor consider a weakness when performing an audit of an organization that uses a public key infrastructure with digital certificates for its business-to- consumer transactions via the internet?
A) Customers are widely dispersed geographically, but the certificate authorities are not.
B) Customers can make their transactions from any computer or mobile device.
C) The certificate authority has several data processing subcenters to administer certificates.
D) The organization is the owner of the certificate authority.
4. Which of the following implementation modes would provide the GREATEST amount of security for outbound data connecting to the internet?
A) Transport mode with authentication header (AH) plus encapsulating security payload (ESP)
B) Secure Sockets Layer (SSL) mode
C) Tunnel mode with AH plus ESP
D) Triple-DES encryption mode
5. Which of the following is the MOST reliable sender authentication method?
A) Digital signatures
B) Asymmetric cryptography
C) Digital certificates
D) Message authentication code
A) Hiding information from sniffers on the net
B) Enforcing security policies
C) Detecting misuse or mistakes
D) Regulating access
2. Applying a digital signature to data traveling in a network provides:
A) confidentiality and integrity.
B) security and nonrepudiation.
C) integrity and nonrepudiation.
D) confidentiality and nonrepudiation.
3. Which of the following would an IS auditor consider a weakness when performing an audit of an organization that uses a public key infrastructure with digital certificates for its business-to- consumer transactions via the internet?
A) Customers are widely dispersed geographically, but the certificate authorities are not.
B) Customers can make their transactions from any computer or mobile device.
C) The certificate authority has several data processing subcenters to administer certificates.
D) The organization is the owner of the certificate authority.
4. Which of the following implementation modes would provide the GREATEST amount of security for outbound data connecting to the internet?
A) Transport mode with authentication header (AH) plus encapsulating security payload (ESP)
B) Secure Sockets Layer (SSL) mode
C) Tunnel mode with AH plus ESP
D) Triple-DES encryption mode
5. Which of the following is the MOST reliable sender authentication method?
A) Digital signatures
B) Asymmetric cryptography
C) Digital certificates
D) Message authentication code
1. Right Answer: A
Explanation: A VPN hides information from sniffers on the net using encryption. It works based on tunneling. A VPN does not analyze information packets and, therefore, cannot enforce security policies, it also does not check the content of packets, so it cannot detect misuse or mistakes. A VPN also does not perform an authentication function and, therefore, cannot regulate access.
2. Right Answer: C
Explanation: The process of applying a mathematical algorithm to the data that travel in the network and placing the results of this operation with the hash data is used for controlling data integrity, since any unauthorized modification to this data would result in a different hash. The application of a digital signature would accomplish the non-repudiation of the delivery of the message. The term security is a broad concept and not a specific one. In addition to a hash and a digital signature, confidentiality is applied when an encryption process exists.
3. Right Answer: D
Explanation: If the certificate authority belongs to the same organization, this would generate a conflict of interest. That is, if a customer wanted to repudiate a transaction, they could allege that because of the shared interests, an unlawful agreement exists between the parties generating the certificates, if a customer wanted to repudiate a transaction, they could argue that there exists a bribery between the parties to generate the certificates, as shared interests exist. The other options are not weaknesses.
4. Right Answer: C
Explanation: Tunnel mode provides protection to the entire IP package. To accomplish this, AH and ESP services can be nested. The transport mode provides primary protection for the higher layers of the protocols by extending protection to the data fields (payload) of an IP package. The SSL mode provides security to the higher communication layers (transport layer). The triple-DES encryption mode is an algorithm that provides confidentiality.
5. Right Answer: C
Explanation: Digital certificates are issued by a trusted third party. The message sender attaches the certificate and the recipient can verify authenticity with the certificate repository. Asymmetric cryptography, such as public key infrastructure (PKl), appears to authenticate the sender but is vulnerable to a man-in-the-middle attack.Digital signatures are used for both authentication and confidentiality, but the identity of the sender would still be confirmed by the digital certificate. Message authentication code is used for message integrity verification.
Explanation: A VPN hides information from sniffers on the net using encryption. It works based on tunneling. A VPN does not analyze information packets and, therefore, cannot enforce security policies, it also does not check the content of packets, so it cannot detect misuse or mistakes. A VPN also does not perform an authentication function and, therefore, cannot regulate access.
2. Right Answer: C
Explanation: The process of applying a mathematical algorithm to the data that travel in the network and placing the results of this operation with the hash data is used for controlling data integrity, since any unauthorized modification to this data would result in a different hash. The application of a digital signature would accomplish the non-repudiation of the delivery of the message. The term security is a broad concept and not a specific one. In addition to a hash and a digital signature, confidentiality is applied when an encryption process exists.
3. Right Answer: D
Explanation: If the certificate authority belongs to the same organization, this would generate a conflict of interest. That is, if a customer wanted to repudiate a transaction, they could allege that because of the shared interests, an unlawful agreement exists between the parties generating the certificates, if a customer wanted to repudiate a transaction, they could argue that there exists a bribery between the parties to generate the certificates, as shared interests exist. The other options are not weaknesses.
4. Right Answer: C
Explanation: Tunnel mode provides protection to the entire IP package. To accomplish this, AH and ESP services can be nested. The transport mode provides primary protection for the higher layers of the protocols by extending protection to the data fields (payload) of an IP package. The SSL mode provides security to the higher communication layers (transport layer). The triple-DES encryption mode is an algorithm that provides confidentiality.
5. Right Answer: C
Explanation: Digital certificates are issued by a trusted third party. The message sender attaches the certificate and the recipient can verify authenticity with the certificate repository. Asymmetric cryptography, such as public key infrastructure (PKl), appears to authenticate the sender but is vulnerable to a man-in-the-middle attack.Digital signatures are used for both authentication and confidentiality, but the identity of the sender would still be confirmed by the digital certificate. Message authentication code is used for message integrity verification.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment