CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 284
1. Which of the following provides the GREATEST assurance of message authenticity?
A) The prehash code is derived mathematically from the message being sent.
B) The prehash code is encrypted using the sender's private key.
C) The prehash code and the message are encrypted using the secret key.
D) The sender attains the recipient's public key and verifies the authenticity of its digital certificate with a certificate authority.
2. Which of the following internet security threats could compromise integrity?
A) Theft of data from the client
B) Exposure of network configuration information
C) A Trojan horse browser
D) Eavesdropping on the net
3. Which of the following is a concern when data are transmitted through Secure Sockets Layer (SSL) encryption, implemented on a trading partner's server?
A) The organization does not have control over encryption.
B) Messages are subjected to wiretapping.
C) Data might not reach the intended recipient.
D) The communication may not be secure.
4. If inadequate, which of the following would be the MOST likely contributor to a denial-of- service attack?
A) Router configuration and rules
B) Design of the internal network
C) Updates to the router system software
D) Audit testing and review techniques
5. The Secure Sockets Layer (SSL) protocol addresses the confidentiality of a message through:
A) symmetric encryption.
B) message authentication code.
C) hash function.
D) digital signature certificates.
A) The prehash code is derived mathematically from the message being sent.
B) The prehash code is encrypted using the sender's private key.
C) The prehash code and the message are encrypted using the secret key.
D) The sender attains the recipient's public key and verifies the authenticity of its digital certificate with a certificate authority.
2. Which of the following internet security threats could compromise integrity?
A) Theft of data from the client
B) Exposure of network configuration information
C) A Trojan horse browser
D) Eavesdropping on the net
3. Which of the following is a concern when data are transmitted through Secure Sockets Layer (SSL) encryption, implemented on a trading partner's server?
A) The organization does not have control over encryption.
B) Messages are subjected to wiretapping.
C) Data might not reach the intended recipient.
D) The communication may not be secure.
4. If inadequate, which of the following would be the MOST likely contributor to a denial-of- service attack?
A) Router configuration and rules
B) Design of the internal network
C) Updates to the router system software
D) Audit testing and review techniques
5. The Secure Sockets Layer (SSL) protocol addresses the confidentiality of a message through:
A) symmetric encryption.
B) message authentication code.
C) hash function.
D) digital signature certificates.
1. Right Answer: B
Explanation: Encrypting the prehash code using the sender's private key provides assurance of the authenticity of the message. Mathematically deriving the prehash code provides integrity to the message. Encrypting the prehash code and the message using the secretkey provides confidentiality.
2. Right Answer: C
Explanation: Internet security threats/vulnerabilities to integrity include a Trojan horse, which could modify user data, memory and messages found in client-browser software.The other options compromise confidentiality.
3. Right Answer: A
Explanation: The SSL security protocol provides data encryption, server authentication, message integrity and optional client authentication. Because SSL is built into all major browsers and web servers, simply installing a digital certificate turns on the SSL capabilities. SSL encrypts the datum while it is being transmitted over the internet.The encryption is done in the background, without any interaction from the user; consequently, there is no password to remember. The other choices are incorrect.Since the communication between client and server is encrypted, the confidentiality of information is not affected by wiretapping. Since SSL does the client authentication, only the intended recipient will receive the decrypted data. All data sent over an encrypted SSL connection are protected with a mechanism to detect tampering, i.e., automatically determining whether data has been altered in transit.
4. Right Answer: A
Explanation: Inadequate router configuration and rules would lead to an exposure to denial-of-service attacks. Choices B and C would be lesser contributors. Choice D is incorrect because audit testing and review techniques are applied after the fact.
5. Right Answer: A
Explanation: SSL uses a symmetric key for message encryption. A message authentication code is used for ensuring data integrity. Hash function is used for generating a message digest; it does not use public key encryption for message encryption. Digital signature certificates are used by SSL for server authentication.
Explanation: Encrypting the prehash code using the sender's private key provides assurance of the authenticity of the message. Mathematically deriving the prehash code provides integrity to the message. Encrypting the prehash code and the message using the secretkey provides confidentiality.
2. Right Answer: C
Explanation: Internet security threats/vulnerabilities to integrity include a Trojan horse, which could modify user data, memory and messages found in client-browser software.The other options compromise confidentiality.
3. Right Answer: A
Explanation: The SSL security protocol provides data encryption, server authentication, message integrity and optional client authentication. Because SSL is built into all major browsers and web servers, simply installing a digital certificate turns on the SSL capabilities. SSL encrypts the datum while it is being transmitted over the internet.The encryption is done in the background, without any interaction from the user; consequently, there is no password to remember. The other choices are incorrect.Since the communication between client and server is encrypted, the confidentiality of information is not affected by wiretapping. Since SSL does the client authentication, only the intended recipient will receive the decrypted data. All data sent over an encrypted SSL connection are protected with a mechanism to detect tampering, i.e., automatically determining whether data has been altered in transit.
4. Right Answer: A
Explanation: Inadequate router configuration and rules would lead to an exposure to denial-of-service attacks. Choices B and C would be lesser contributors. Choice D is incorrect because audit testing and review techniques are applied after the fact.
5. Right Answer: A
Explanation: SSL uses a symmetric key for message encryption. A message authentication code is used for ensuring data integrity. Hash function is used for generating a message digest; it does not use public key encryption for message encryption. Digital signature certificates are used by SSL for server authentication.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment