CISA (701-800) Verified Exam Questions
and Answers
Digital signatures require the:
Select an answer:
A.
signer to have a public key and the receiver to have a private key.
B.
signer to have a private key and the receiver to have a public key.
C.
signer and receiver to have a public key.
D.
signer and receiver to have a private key. - answer✔✔You answered D. The correct answer is B.
A. If a sender encrypts a message with a public key, it will provide confidential transmission to
the receiver with the private key.
B. Digital signatures are intended to verify to a recipient the integrity of the data and the identity
of the sender. The digital signature standard is based on the sender encrypting a digest of the
message with their private key and the receiver validating the message with the public key.
C. Asymmetric key cryptography always works with key pairs. Therefore, a message encrypted
with a public key could only be opened with a private key.
D. If both the sender and receiver have a private key there would be no way to validate the
digital signature.
The feature of a digital signature that ensures the sender cannot later deny generating and
sending the message is called:
Select an answer:
A.
data integrity.
B.
authentication.
C.
nonrepudiation.
D.
replay protection. - answer✔✔You are correct, the answer is C.
A. Data integrity refers to changes in the plaintext message that would result in the recipient
failing to compute the same message hash.
B. Because only the claimed sender has the private key used to create the digital signature,
authentication ensures that the message has been sent by the claimed sender.
C. Integrity, authentication, nonrepudiation and replay protection are all features of a digital
signature. Nonrepudiation ensures that the claimed sender cannot later deny generating and
sending the message.
D. Replay protection is a method that a recipient can use to check that the message was not
intercepted and re-sent (replayed).
Which of the following controls would BEST detect intrusion?
Select an answer:
A.
User IDs and user privileges are granted through authorized procedures.
B.
Automatic logoff is used when a workstation is inactive for a particular period of time.
C.
Automatic logoff of the system occurs after a specified number of unsuccessful attempts.
D.
Unsuccessful logon attempts are monitored by the security administrator. - answer✔✔You are
correct, the answer is D.
A. User IDs and the granting of user privileges define a policy. This is a type of administrative or
managerial control that may prevent intrusion but would not detect it.
B. Automatic logoff is a method of preventing access through unattended or inactive terminals,
but is not a detective control.
C. Unsuccessful attempts to log on are a method for preventing intrusion, not detecting it.
D. Intrusion is detected by the active monitoring and review of unsuccessful logon attempts.
An IS auditor performing a telecommunication access control review should be concerned
PRIMARILY with the:
Select an answer:
A.
maintenance of access logs of usage of various system resources.
B.
authorization and authentication of the user prior to granting access to system resources.
C.
adequate protection of stored data on servers by encryption or other means.
D.
accountability system and the ability to identify any terminal accessing system resources. -
answer✔✔You are correct, the answer is B.
A. The maintenance of access logs of usage of system resources is a detective control. A
preventive control should be used first.
B. The authorization and authentication of users before granting them access to system resources
(networks, servers, applications, etc.) is the most significant aspect in a telecommunication
access control review because it is a preventive control. Weak controls at this level can affect all
other aspects of security.
C. The adequate protection of data being stored on servers by encryption or other means is a
method of protecting stored information and is not a network access issue.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Brightstars. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.49. You're not tied to anything after your purchase.
