11.
Digital signatures are designed to provide additional protection for electronic messages in
order to determine which of the following?
- A.Message read by unauthorized party
- B.Message sender verification
- C.Message deletion
- D.Message modification
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| Digital signatures provide authentication assurance of the email sender. A cryptographic process uses the private key of the sender to form a hash value of the message. Message hashing provides assurance that the message is from the specified sender and was not modifi ed. |
12.
Which is the primary benefit of using a risk-based approach in audit planning?
- A.Simplifies resource scheduling.
- B.Allocates resources to the areas of highest concern.
- C.Properly trained personnel are available.
- D.Lowers the overall cost of compliance.
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| Areas of highest concern are usually identified by comparing individual tasks identified within the auditee’s workflow process diagram with the handling rules of individual data assets being used according to their records management system (RMS). A risk-based approach allows annual audit compliance requirements to be divided up into a series of smaller audits occurring each month in each quarter. Resource scheduling and verifying the availability of properly trained personnel may be done months in advance using various methods of external individual audits. |
13.
What indicators are used to identify the anticipated level of recovery and loss at a given
point in time?
- A.RPO and RTO
- B.RTO and SDO
- C.RPO and ITO
- D.SDO and IRO
- Answer & Explanation
- Report
Answer : [A]
Explanation :
Explanation :
| The recovery point objective (RPO) indicates the fallback position and duration of loss that has occurred. A valid RPO example is to recover by using backup data from last night’s backup tape, meaning that the more recent transactions would be lost. The recovery time objective (RTO) indicates a point in time that the restored data should be available for the user to access. |
14.
Which of the following is the best choice to ensure that internal control objectives are met?
- A.Top executive issues a policy stating compliance objectives.
- B.Procedures are created to govern employee conduct.
- C.Suitable systems for tracking and reporting incidents are used.
- D.The clients operating records are audited annually
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| Designing, implementing, and using suitable systems for tracking and reporting incidents is the best way to ensure that internal control objectives are met. What gets measured is what gets done, so tracking the detection of problems is the best answer. The other choices are also important actions, but in the hierarchy of controls the fi rst priority is timely detection. Lack of detection is a total governance failure. |
15.
Which of the following statements is true concerning asymmetric key cryptography?
- A.The sender encrypts the files by using the recipient’s private key.
- B.The sender and receiver use the same key.
- C.Asymmetric keys cannot be used for digital signatures.
- D.The sender and receiver have different keys.
- Answer & Explanation
- Report
Answer : [D]
Explanation :
Explanation :
| The sender and receiver each have their own public and private key pair. Only the public keys are shared between sender and receiver. All the other statements are false. Asymmetric keys are definitely used for creating digital signatures. The sender would never use the recipient’s private key, only the recipient’s public key. |
|
|
||||||||||||||||||||||||||||
