Isaca CISA Quiz 163 Topic 5 Questions 811-815

Question: 1

The PRIMARY objective of Secure Sockets Layer (SSL) is to ensure:

Aonly the sender and receiver are able to encrypt/decrypt the data.

Bthe sender and receiver can authenticate their respective identities.

Cthe alteration of transmitted data can be detected.

Dthe ability to identify the sender by generating a one-time session key.

Show Answer

Question: 2

The role of the certificate authority (CA) as a third party is to:

Aprovide secured communication and networking services based on certificates.

Bhost a repository of certificates with the corresponding public and secret keys issued by that CA

Cact as a trusted intermediary between two communication partners.

Dconfirm the identity of the entity owning a certificate issued by that CA.

Show Answer

Question: 3

Which of the following is a distinctive feature of the Secure Electronic Transactions (SET) protocol when used for electronic credit card payments?

AThe buyer is assured that neither the merchant nor any other party can misuse their credit card data.

BAll personal SET certificates are stored securely in the buyer's computer.

CThe buyer is liable for any transaction involving his/her personal SET certificates.

DThe payment process is simplified, as the buyer is not required to enter a credit card number and an expiration date.

Show Answer

Question: 4

E-mail traffic from the Internet is routed via firewall-1 to the mail gateway. Mail is routed from the mail gateway, via firewall-2, to the mail recipients in the internal network. Other traffic is not allowed. For example, the firewalls do not allow direct traffic from the Internet to the internal network.

The intrusion detection system (IDS) detects traffic for the internal network that did not originate from the mail gateway. The FIRST action triggered by the IDS should be to:

Aalert the appropriate staff.

Bcreate an entry in the log.

Cclose firewall-2.

Dclose firewall-1.

Show Answer

Question: 5

An IS auditor should be MOST concerned with what aspect of an authorized honeypot?

AThe data collected on attack methods

BThe information offered to outsiders on thehoneypot

CThe risk that thehoneypot could be used to launch further attacks on the organization's infrastructure

DThe risk that thehoneypot would be subject to a distributed denial-of-service attack

Show Answer

Isaca CISA Quiz:163 Topic:5 Questions:811-815