Beruflich Dokumente
Kultur Dokumente
Q&A
DEMO Version
Important Note
Please Read Carefully
For demonstration purpose only, this free version Chinatag study guide contains 10 full length questions selected
from our full version products which have more than 200 questions each.
This Study guide has been carefully written and compiled by Chinatag certification experts. It is designed to help you
learn the concepts behind the questions rather than be a strict memorization tool. Repeated readings will increase
your comprehension.
For promotion purposes, all PDF files are not encrypted. Feel free to distribute copies among your friends and let
them know Chinatag website.
Study Tips
This product will provide you questions and answers along with detailed explanations carefully compiled and written
by our experts. Try to understand the concepts behind the questions instead of cramming the questions. Go through
the entire document at least twice so that you make sure that you are not missing anything.
Latest Version
We are constantly reviewing our products. New material is added and old material is revised. Free updates are
available for 90 days after the purchase. You should check the products page on the http://www.chinatag.com
website for an update 3-4 days before the scheduled exam date.
Please tell us what you think of our products. We appreciate both positive and critical comments as your feedback
helps us improve future versions. Feedback on specific questions should be send to feedback@chinatag.com.
Thanks for purchasing our products and look forward to supplying you with all your Certification training needs.
Good studying!
2008 CISA PRACTICE QUESTION C、Encrypting the hash of the message with the sender's private
key and thereafter encrypting the message with the receiver's public
QUESTIONS: key
1、The extent to which data will be collected during an IS audit
should be determined based on the: D、Encrypting the message with the sender's private key and
encrypting the message hash with the receiver's public key
A、availability of critical and required information.
ANSWER: C
B、auditor's familiarity with the circumstances.
NOTE: To ensure authenticity and confidentiality, a message must be
C、auditee's ability to find relevant evidence. encrypted twice: first with the sender's private key, and then with the
receiver's public key. The receiver can decrypt the message, thus
D、purpose and scope of the audit being done. ensuring confidentiality of the message. Thereafter, the decrypted
message can be decrypted with the public key of the sender, ensuring
ANSWER: D authenticity of the message. Encrypting the message with the sender's
private key enables anyone to decrypt it.
NOTE: The extent to which data will be collected during an IS audit
should be related directly to the scope and purpose of the audit. An 3、Which of the following is the GREATEST advantage of elliptic
audit with a narrow purpose and scope would result most likely in less curve encryption over RSA encryption?
data collection, than an audit with a wider purpose and scope. The
scope of an IS audit should not be constrained by the ease of obtaining A、Computation speed
the information or by the auditor's familiarity with the area being
audited. Collecting all the required evidence is a required element of B、Ability to support digital signatures
an IS audit, and the scope of the audit should not be limited by the
auditee's ability to find relevant evidence. C、Simpler key distribution
2、Which of the following ensures a sender's authenticity and an e- D、Greater strength for a given key length
mail's confidentiality?
ANSWER: A
A、Encrypting the hash of the message with the sender's private
key and thereafter encrypting the hash of the message with the NOTE: The main advantage of elliptic curve encryption over RSA
receiver's public key encryption is its computation speed. This method was first
independently suggested by Neal Koblitz and Victor S. Miller. Both
B、The sender digitally signing the message and thereafter encryption methods support digital signatures and are used for public
encrypting the hash of the message with the sender's private key key encryption and distribution. However, a stronger key per se does
not necessarily guarantee better performance, but rather the actual
algorithm employed.
3
CISA
4
CISA
ANSWER: A
A、Protecting the server in a secure location
NOTE: There is no attempt on the part of the investment advisor to
B、Setting a boot password prove their identity or to keep the newsletter confidential. The objective
is to assure the receivers that it came to them without any modification,
C、Hardening the server configuration i.e., it has message integrity. Choice A is correct because the hash is
encrypted using the advisor's private key. The recipients can open the
newsletter, recompute the hash and decrypt the received hash using
D、Implementing activity logging
the advisor's public key. If the two hashes are equal, the newsletter
was not modified in transit. Choice B is not feasible, for no one other
ANSWER: C
than the investment advisor can open it. Choice C addresses sender
authentication but not message integrity. Choice D addresses
NOTE: Hardening a system means to configure it in the most secure
confidentiality, but not message integrity, because anyone can obtain
manner (install latest security patches, properly define the access
the investment advisor's public key, decrypt the newsletter, modify it
authorization for users and administrators, disable insecure options
and send it to others. The interceptor will not be able to use the
and uninstall unused services) to prevent nonprivileged users from
advisor's private key, because they do not have it. Anything encrypted
gaining the right to execute privileged instructions and thus take control
using the interceptor's private key can be decrypted by the receiver
of the entire machine, jeopardizing the OS's integrity. Protecting the
only by using their public key.
server in a secure location and setting a boot password are good
practices, but do not ensure that a user will not try to exploit logical
9、In reviewing the IS short-range (tactical) plan, an IS auditor should
vulnerabilities and compromise the OS. Activity logging has two
weaknesses in this scenario—it is a detective control (not a preventive determine whether:
one), and the attacker who already gained privileged access can
modify logs or disable them. A、there is an integration of IS and business staffs within projects.
8、An investment advisor e-mails periodic newsletters to clients and B、there is a clear definition of the IS mission and vision.
wants reasonable assurance that no one has modified the newsletter.
This objective can be achieved by: C、a strategic information technology planning methodology is in
place.
A、encrypting the hash of the newsletter using the advisor's private
key. D、the plan correlates business objectives to IS goals and
objectives.
B、encrypting the hash of the newsletter using the advisor's public
key. ANSWER: A
C、digitally signing the document using the advisor's private key. NOTE: The integration of IS and business staff in projects is an
operational issue and should be considered while reviewing the short-
range plan. A strategic plan would provide a framework for the IS
D、encrypting the newsletter using the advisor's private key.
5
CISA
ANSWER: A