An organization issues digital certificates to employees to enable connectivity to a web-based application.
Which of the following public key infrastructure (PKI) components MUST be included in the application architecture for determining the on-going validity of connections?

• A.Secure hash algorithm (SHA)
• B.Certificate authority (CA)
• C.Registration authority (RA)
• D.Certificate revocation list (CRL)

Comment: *

Name: *

Email: *

Verification: *

.If a programmer has update access to a live system, IS auditors are more concerned with the programmer's ability to initiate or modify transactions and the ability to access production than with the programmer's ability to authorize transactions. True or false?

• A.True
• B.False

Comment: *

Name: *

Email: *

Verification: *

A decision support system (DSS):

• A.is aimed at solving highly structured problems.
• B.combines the use of models with nontraditional data access and retrieval functions.
• C.emphasizes flexibility in the decision making approach of users.
• D.supports only structured decision making tasks.

Comment: *

Name: *

Email: *

Verification: *

The PRIMARY benefit of implementing a security program as part of a security governance framework is the:

• A.alignment of the IT activities with IS audit recommendations.
• B.enforcement of the management of security risks.
• C.implementation of the chief information security officer's (CISO) recommendations.
• D.reduction of the cost for IT security.

Comment: *

Name: *

Email: *

Verification: *

What is the BEST action to prevent loss of data integrity or confidentiality in the case of
an e-commerce application running on a LAN, processing electronic fund transfers (EFT) and orders?

• A.Using virtual private network (VPN) tunnels for data transfer
• B.Enabling data encryption within the application
• C.Auditing the access control to the network
• D.Logging all changes to access lists

Comment: *

Name: *

Email: *

Verification: *