CISA
, In a public key infrastructure (PKI), which of the following may be relied upon to prove
that an online transaction was authorized by a specific customer?
Correct A. Nonrepudiation
B. Encryption
C. Authentication
D. Integrity
. - Answer✔️✔️You are correct, the answer is A.
A. Nonrepudiation, achieved through the use of digital signatures, prevents the senders
from later denying that they generated and sent the message.
B. Encryption may protect the data transmitted over the Internet, but may not prove that
the transactions were made.
, C. Authentication is necessary to establish the identification of all parties to a
communication.
D. Integrity ensures that transactions are accurate but does not provide the identification
of the customer
Which of the following BEST ensures the integrity of a server's operating system (OS)?
A. Protecting the server in a secure location
B. Setting a boot password
Correct C. Hardening the server configuration
D. Implementing activity logging - Answer✔️✔️You are correct, the answer is C.
A. Protecting the server in a secure location is a good practice, but does not ensure that a
user will not try to exploit logical vulnerabilities and compromise the operating system (OS).
B. Setting a boot password is a good practice, but does not ensure that a user will not try
to exploit logical vulnerabilities and compromise the OS.
, C. Hardening a system means to configure it in the most secure manner (install latest
security patches, properly define access authorization for users and administrators, disable
insecure options and uninstall unused services) to prevent nonprivileged users from gaining the
right to execute privileged instructions and, thus, take control of the entire machine, jeopardizing
the integrity of the OS.
D. Activity logging has two weaknesses in this scenario—it is a detective control (not a
preventive one), and the attacker who already gained privileged access can modify logs or
disable them.
The IS auditor is reviewing an organization's human resources (HR) database
implementation. The IS auditor discovers that the database servers are clustered for high
availability, all default database accounts have been removed and database audit logs are kept
and reviewed on a weekly basis. What other area should the IS auditor check to ensure that the
databases are appropriately secured?
A. Database digital signatures
Incorrect B. Database encryption nonces and other variables
C. Database media access control (MAC) address authentication
D. Database initialization parameters - Answer✔️✔️You answered B. The correct answer
is D.
, In a public key infrastructure (PKI), which of the following may be relied upon to prove
that an online transaction was authorized by a specific customer?
Correct A. Nonrepudiation
B. Encryption
C. Authentication
D. Integrity
. - Answer✔️✔️You are correct, the answer is A.
A. Nonrepudiation, achieved through the use of digital signatures, prevents the senders
from later denying that they generated and sent the message.
B. Encryption may protect the data transmitted over the Internet, but may not prove that
the transactions were made.
, C. Authentication is necessary to establish the identification of all parties to a
communication.
D. Integrity ensures that transactions are accurate but does not provide the identification
of the customer
Which of the following BEST ensures the integrity of a server's operating system (OS)?
A. Protecting the server in a secure location
B. Setting a boot password
Correct C. Hardening the server configuration
D. Implementing activity logging - Answer✔️✔️You are correct, the answer is C.
A. Protecting the server in a secure location is a good practice, but does not ensure that a
user will not try to exploit logical vulnerabilities and compromise the operating system (OS).
B. Setting a boot password is a good practice, but does not ensure that a user will not try
to exploit logical vulnerabilities and compromise the OS.
, C. Hardening a system means to configure it in the most secure manner (install latest
security patches, properly define access authorization for users and administrators, disable
insecure options and uninstall unused services) to prevent nonprivileged users from gaining the
right to execute privileged instructions and, thus, take control of the entire machine, jeopardizing
the integrity of the OS.
D. Activity logging has two weaknesses in this scenario—it is a detective control (not a
preventive one), and the attacker who already gained privileged access can modify logs or
disable them.
The IS auditor is reviewing an organization's human resources (HR) database
implementation. The IS auditor discovers that the database servers are clustered for high
availability, all default database accounts have been removed and database audit logs are kept
and reviewed on a weekly basis. What other area should the IS auditor check to ensure that the
databases are appropriately secured?
A. Database digital signatures
Incorrect B. Database encryption nonces and other variables
C. Database media access control (MAC) address authentication
D. Database initialization parameters - Answer✔️✔️You answered B. The correct answer
is D.
