Free Access to ISACA.CISA.v2024-12-27.q999 with Valid Practice Test (Page 115)

Question 566

The goal of an information system is to achieve integrity, authenticity and non-repudiation of information's
sent across the network. Which of the following statement correctly describe the steps to address all three?

A.Encrypt the message digest using symmetric key and then send the encrypted digest to receiver along
with original message.
B.Encrypt the message digest using receiver's public key and then send the encrypted digest to receiver
along with original message. The receiver can decrypt the message digest using his own private key.
C.Encrypt the message digest using sender's public key and then send the encrypted digest to the
receiver along with original message. The receiver can decrypt using his own private key.
D.Encrypt message digest using sender's private key and then send the encrypted digest to the receiver
along with original message. Receiver can decrypt the same using sender's public key.

Correct Answer: D

Section: Protection of Information Assets
Explanation/Reference:
The digital signature is used to achieve integrity, authenticity and non-repudiation. In a digital signature, the
sender's private key is used to encrypt the message digest of the message. Encrypting the message digest
is the act of Signing the message. The receiver will use the matching public key of the sender to decrypt
the Digital Signature using the sender's public key.
A digital signature (not to be confused with a digital certificate) is an electronic signature that can be used
to authenticate the identity of the sender of a message or the signer of a document, and possibly to ensure
that the original content of the message or document that has been sent is unchanged. Digital signatures
cannot be forged by someone else who does not possess the private key, it can also be automatically time-
stamped. The ability to ensure that the original signed message arrived means that the sender cannot
easily repudiate it later.
A digital signature can be used with any kind of message, whether it is encrypted or not, simply so that the
receiver can be sure of the sender's identity and that the message arrived intact. A digital certificate
contains the digital signature of the certificate-issuing authority so that anyone can verify that the certificate
is real and has not been modified since the day it was issued.
How Digital Signature Works
Assume you were going to send the draft of a contract to your lawyer in another town. You want to give
your lawyer the assurance that it was unchanged from what you sent and that it is really from you.
You copy-and-paste the contract (it's a short one!) into an e-mail note.
Using special software, you obtain a message hash (mathematical summary) of the contract.
You then use a private key that you have previously obtained from a public-private key authority to encrypt
the hash.
The encrypted hash becomes your digital signature of the message. (Note that it will be different each time
you send a message.)
At the other end, your lawyer receives the message.
To make sure it's intact and from you, your lawyer makes a hash of the received message.
Your lawyer then uses your public key to decrypt the message hash or summary.
If the hashes match, the received message is valid.
Below are some common reasons for applying a digital signature to communications:
Authentication
Although messages may often include information about the entity sending a message, that information
may not be accurate. Digital signatures can be used to authenticate the source of messages. The
importance of high assurance in the sender authenticity is especially obvious in a financial context. For
example, suppose a bank's branch office sends instructions to the central office requesting a change in the
balance of an account. If the central office is not convinced that such a message is truly sent from an
authorized source, acting on such a request could be a serious mistake.
Integrity
In many scenarios, the sender and receiver of a message may have a need for confidence that the
message has not been altered during transmission. Although encryption hides the contents of a message,
it may be possible to change an encrypted message without understanding it.(Some encryption algorithms,
known as nonmalleable ones, prevent this, but others do not.) However, if a message is digitally signed,
any change in the message after the signature has been applied would invalidates the signature.
Furthermore, there is no efficient way to modify a message and its signature to produce a new message
with a valid signature, because this is still considered to be computationally infeasible by most
cryptographic hash functions (see collision resistance).
Non-repudiation
Non-repudiation, or more specifically non-repudiation of origin, is an important aspect of digital signatures.
By this property, an entity that has signed some information cannot at a later time deny having signed it.
Similarly, access to the public key only does not enable a fraudulent party to fake a valid signature.
Note that authentication, non-repudiation, and other properties rely on the secret key not having been
revoked prior to its usage. Public revocation of a key-pair is a required ability, else leaked secret keys
would continue to implicate the claimed owner of the key-pair. Checking revocation status requires an
"online" check, e.g. checking a "Certificate Revocation List" or via the "Online Certificate Status Protocol".
This is analogous to a vendor who receives credit-cards first checking online with the credit-card issuer to
find if a given card has been reported lost or stolen.
Tip for the exam
Digital Signature does not provide confidentiality. It provides only authenticity and integrity. The sender's
private key is used to encrypt the message digest to calculate the digital signature
Encryption provides only confidentiality. The receiver's public key or symmetric key is used for encryption
The following were incorrect answers:
Encrypt the message digest using symmetric key and then send the encrypted digest to receiver along with
original message - Symmetric key encryption does not provide non-repudiation as symmetric key is shared
between users
Encrypt the message digest using receiver's public key and then send the encrypted digest to receiver
along with original message. The receiver can decrypt the message digest using his own private key -
Receiver's public key is known to everyone. This will not address non-repudiation
Encrypt the message digest using sender's public key and then send the encrypted digest to the receiver
along with original message. The receiver can decrypt using his own private key -The sender public key is
known to everyone. If sender's key is used for encryption, then sender's private key is required to decrypt
data. The receiver will not be able to decrypt the digest as receiver will not have sender's private key.
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 331
http://upload.wikimedia.org/wikipedia/commons/2/2b/Digital_Signature_diagram.svg
http://en.wikipedia.org/wiki/Digital_signature
http://searchsecurity.techtarget.com/definition/digital-signature

Question 567

An IS auditor is reviewing database fields updated in real-time and displayed through other applications in multiple organizational functions. When validating business approval for these various use cases, which of the following sources of information would be the BEST starting point?

A.Network map from the network administrator
B.Historical database change log records
C.List of integrations from the database administrator (DBA)
D.Business process flow from management

Question 568

Which of the following provides an IS auditor the MOST assurance that an organization is compliant with legal and regulatory requirements?

A.The IT manager is responsible for the organization's compliance with legal and regulatory requirements.
B.Controls associated with legal and regulatory requirements have been identified and tested.
C.Senior management has provided attestation of legal and regulatory compliance.
D.There is no history of complaints or fines from regulators regarding noncompliance.

Question 569

An organization is using an enterprise resource management (ERP) application. Which of the following would be an effective access control?

A.User-level permissions
B.Role-based
C.Fine-grained
D.Discretionary

Question 570

Which of the following is the INCORRECT Layer to Protocol mapping used in the DOD TCP/IP model?

A.Application layer - Telnet
B.Transport layer - ICMP
C.Internet layer - IP
D.Network Access layer - Ethernet

Correct Answer: B

Section: Information System Operations, Maintenance and Support
Explanation:
The keyword INCORRECT is used within the question. You need to find out the incorrect Layer to Protocol mapping.
The ICMP protocol works at Internet layer of the DoD TCP/IP model, not at the Transport Layer.
For your exam you should know below information about the TCP/IP models:
Network Models

Layer 4. Application Layer
Application layer is the top most layer of four layer TCP/IP model. Application layer is present on the top of the Transport layer. Application layer defines TCP/IP application protocols and how host programs interface with Transport layer services to use the network.
Application layer includes all the higher-level protocols like DNS (Domain Naming System), HTTP (Hypertext Transfer Protocol), Telnet, SSH, FTP (File Transfer Protocol), TFTP (Trivial File Transfer Protocol), SNMP (Simple Network Management Protocol), SMTP (Simple Mail Transfer Protocol) , DHCP (Dynamic Host Configuration Protocol), X Windows, RDP (Remote Desktop Protocol) etc.
Layer 3. Transport Layer
Transport Layer is the third layer of the four layer TCP/IP model. The position of the Transport layer is between Application layer and Internet layer. The purpose of Transport layer is to permit devices on the source and destination hosts to carry on a conversation. Transport layer defines the level of service and status of the connection used when transporting data.
The main protocols included at Transport layer are TCP (Transmission Control Protocol) and UDP (User Datagram Protocol).
Layer 2. Internet Layer
Internet Layer is the second layer of the four layer TCP/IP model. The position of Internet layer is between Network Access Layer and Transport layer. Internet layer pack data into data packets known as IP datagram's, which contain source and destination address (logical address or IP address) information that is used to forward the datagram's between hosts and across networks. The Internet layer is also responsible for routing of IP datagram's.
Packet switching network depends upon a connectionless internetwork layer. This layer is known as Internet layer. Its job is to allow hosts to insert packets into any network and have them to deliver independently to the destination. At the destination side data packets may appear in a different order than they were sent. It is the job of the higher layers to rearrange them in order to deliver them to proper network applications operating at the Application layer.
The main protocols included at Internet layer are IP (Internet Protocol), ICMP (Internet Control Message Protocol), ARP (Address Resolution Protocol), RARP (Reverse Address Resolution Protocol) and IGMP (Internet Group Management Protocol).
Layer 1. Network Access Layer
Network Access Layer is the first layer of the four layer TCP/IP model. Network Access Layer defines details of how data is physically sent through the network, including how bits are electrically or optically signaled by hardware devices that interface directly with a network medium, such as coaxial cable, optical fiber, or twisted pair copper wire.
The protocols included in Network Access Layer are Ethernet, Token Ring, FDDI, X.25, Frame Relay etc.
The most popular LAN architecture among those listed above is Ethernet. Ethernet uses an Access Method called CSMA/CD (Carrier Sense Multiple Access/Collision Detection) to access the media, when Ethernet operates in a shared media. An Access Method determines how a host will place data on the medium.
IN CSMA/CD Access Method, every host has equal access to the medium and can place data on the wire when the wire is free from network traffic. When a host wants to place data on the wire, it will check the wire to find whether another host is already using the medium. If there is traffic already in the medium, the host will wait and if there is no traffic, it will place the data in the medium. But, if two systems place data on the medium at the same instance, they will collide with each other, destroying the data. If the data is destroyed during transmission, the data will need to be retransmitted. After collision, each host will wait for a small interval of time and again the data will be retransmitted.
Protocol Data Unit (PDU):

The following answers are incorrect:
The other options correctly describe the Layer to Protocol mapping of the DoD TCP/IP model protocols.
Reference:
CISA review manual 2014 page number 272

Question 566

Question 567

Question 568

Question 569

Question 570

Download PDF File