Which of the following statement correctly describes the difference between IPSec and SSH protocols?
Correct Answer: B
Explanation/Reference: For CISA exam you should know below information about SSH and IPSec protocol SSH -A client server program that opens a secure, encrypted command-line shell session from the Internet for remote logon. Similar to a VPN, SSH uses strong cryptography to protect data, including password, binary files and administrative commands, transmitted between system on a network. SSH is typically implemented between two parties by validating each other's credential via digital certificates. SSH is useful in securing Telnet and FTP services, and is implemented at the application layer, as opposed to operating at network layer (IPSec Implementation) IPSec -The IP network layer packet security protocol establishes VPNsvia transport and tunnel mode encryption methods. For the transport method, the data portion of each packet referred to as the encapsulation security payload(ESP) is encrypted, achieving confidentiality over a process. In the tunnel mode, the ESP payload and its header's are encrypted. To achieve non-repudiation, an additional authentication header (AH) is applied. In establishing IPSec sessions in either mode, Security Association (SAs) are established. SAs defines which security parameters should be applied between communication parties as encryption algorithms, key initialization vector, life span of keys, etc. Within either ESP or AH header, respectively. An SAsis established when a 32-bit security parameter index (SPI) field is defined within the sending host. The SPI is unique identifier that enables the sending host to reference the security parameter to apply, as specified, on the receiving host. IPSec can be made more secure by using asymmetric encryption through the use of Internet Security Association and Key Management Protocol/ Oakley (ISAKMP/Oakley), which allows the key management, use of public keys, negotiation, establishment, modification and deletion of SAs and attributes. For authentication, the sender uses digital certificates. The connection is made secure by supporting the generation, authentication, distribution of the SAs and those of the cryptographic keys. The following were incorrect answers: The other options presented are invalid as IPSec works at network layer where as SSH works at application layer of an OSI Model. The following reference(s) were/was used to create this question: CISA review manual 2014 Page number352 and 353
Question 572
Which of the following is the MOST important consideration when incorporating data analytics into an audit?
Correct Answer: C
Question 573
An IS auditor observes an organization is performing data backup and restoration testing on an ad hoc basis without a defined process. What is the MOST likely result of a data disruption event?
Correct Answer: D
Question 574
Which of the following should be an IS auditor's PRIMARY focus when evaluating the response process for cyber crimes?
Correct Answer: C
Section: The process of Auditing Information System
Question 575
An IS auditor finds that a new network connection allows communication between the Internet and the internal enterprise resource planning (ERP) system. Which of the following is the PRIMARY business impact to include when presenting this observation to management?
