Which of the following manages the digital certificate life cycle to ensure adequate security and controls
exist in digital signature applications related to e-commerce?

• A.Registration authority
• B.Certificate authority (CA)
• C.Certification relocation list
• D.Certification practice statement

Comment: *

Name: *

Email: *

Verification: *

Naming conventions for system resources are important for access control because they:

• A.ensure that resource names are not ambiguous.
• B.reduce the number of rules required to adequately protect resources.
• C.ensure that user access to resources is clearly and uniquely identified.
• D.ensure that internationally recognized names are used to protect resources.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST relevant for an information security manager to communicate to IT operations?

• A.The level of inherent risk
• B.Vulnerability assessments
• C.Threat assessments
• D.The level of exposure

Comment: *

Name: *

Email: *

Verification: *

Many IT projects experience problems because the development time and/or resource requirements are
underestimated. Which of the following techniques would provide the GREATEST assistance in developing
an estimate of project duration?

• A.Function point analysis
• B.PERT chart
• C.Rapid application development
• D.Object-oriented system development

Comment: *

Name: *

Email: *

Verification: *

An organization s data retention policy states that all data will be backed up, retained for 10 years, and then destroyed. When conducting an audit of the long-term offsite backup program, an IS auditor should:

• A.review data classification schemes for appropriate security levels.
• B.verify that business owners review data before it is destroyed.
• C.verify that there is a process to ensure readability and restore capability
• D.confirm that business interruption insurance coverage is in place.

Comment: *

Name: *

Email: *

Verification: *