Last Updated on December 13, 2021 by Admin 3

 CISA : Certified Information Systems Auditor : Part 163

  1. Which of the following is the GREATEST advantage of elliptic curve encryption over RSA encryption?

    • Computation speed
    • Ability to support digital signatures
    • Simpler key distribution
    • Greater strength for a given key length

    The main advantage of elliptic curve encryption over RSA encryption is its computation speed. This method was first independently suggested by Neal Koblitz and Victor S. Miller. Both encryption methods support digital signatures and are used for public key encryption and distribution. However, a stronger key per se does not necessarily guarantee better performance, but rather the actual algorithm employed.

  2. Which of the following would be the BEST overall control for an Internet business looking for confidentiality, reliability and integrity of data?

    • Secure Sockets Layer (SSL)
    • Intrusion detection system (IDS)
    • Public key infrastructure (PKI)
    • Virtual private network (VPN)
    PKl would be the best overall technology because cryptography provides for encryption, digital signatures and non-repudiation controls for confidentiality and reliability. SSL can provide confidentiality. IDS is a detective control. A VPN would provide confidentiality and authentication (reliability). 
  3. To ensure message integrity, confidentiality and non-repudiation between two parties, the MOST effective method would be to create a message digest by applying a cryptographic hashing algorithm against:

    • the entire message, enciphering the message digest using the sender’s private key, enciphering the message with a symmetric key and enciphering the key by using the receiver’s public key.
    • any part of the message, enciphering the message digest using the sender’s private key, enciphering the message with a symmetric key and enciphering the key using the receiver’s public key.
    • the entire message, enciphering the message digest using the sender’s private key, enciphering the message with a symmetric key and enciphering both the encrypted message and digest using the receiver’s public key.
    • the entire message, enciphering the message digest using the sender’s private key and enciphering the message using the receiver’s public key.
    Applying a cryptographic hashing algorithm against the entire message addresses the message integrity issue. Enciphering the message digest using the sender’s private key addresses non repudiation. Encrypting the message with a symmetric key, thereafter allowing the key to be enciphered using the receiver’s public key, most efficiently addresses the confidentiality of the message as well as the receiver’s non repudiation. The other choices would address only a portion of the requirements.
  4. Which of the following antivirus software implementation strategies would be the MOST effective in an interconnected corporate network?

    • Server antivirus software
    • Virus walls
    • Workstation antivirus software
    • Virus signature updating
    An important means of controlling the spread of viruses is to detect the virus at the point of entry, before it has an opportunity to cause damage. In an interconnected corporate network, virus scanning software, used as an integral part of firewall technologies, is referred to as a virus wall. Virus walls scan incoming traffic with the intent of detecting and removing viruses before they enter the protected network. The presence of virus walls does not preclude the necessity for installing virus detection software on servers and workstations within the network, but network- level protection is most effective the earlier the virus is detected. Virus signature updating is a must in all circumstances, networked or not. 
  5. Which of the following would be of MOST concern to an IS auditor reviewing a virtual private network (VPN) implementation? Computers on the network that are located:

    • on the enterprise’s internal network.
    • at the backup site.
    • in employees’ homes.
    • at the enterprise’s remote offices.
    One risk of a virtual private network (VPN) implementation is the chance of allowing high- risk computers onto the enterprise’s network. All machines that are allowed onto the virtual network should be subject to the same security policy. Home computers are least subject to the corporate security policies, and therefore are high-risk computers. Once a computer is hacked and ‘owned/ any network that trusts that computer is at risk. Implementation and adherence to corporate security policy is easier when all computers on the network are on the enterprise’s campus. On an enterprise’s internal network, there should be security policies in place to detect and halt an outside attack that uses an internal machine as a staging platform. Computers at the backup site are subject to the corporate security policy, and therefore are not high-risk computers. Computers on the network that are at the enterprise’s remote offices, perhaps with different IS and security employees who have different ideas about security, are more risky than choices A and B, but obviously less risky than home computers.
  6. The PRIMARY reason for using digital signatures is to ensure data:

    • confidentiality.
    • integrity.
    • availability.
    • timeliness.
    Digital signatures provide integrity because the digital signature of a signed message (file, mail, document, etc.) changes every time a single bit of the document changes; thus, a signed document cannot be altered. Depending on the mechanism chosen to implement a digital signature, the mechanism might be able to ensure data confidentiality or even timeliness, but this is not assured. Availability is not related to digital signatures.
  7. Which of the following is an example of a passive attack initiated through the Internet?

    • Traffic analysis
    • Masquerading
    • Denial of service
    • E-mail spoofing
    Internet security threats/vulnerabilities are divided into passive and active attacks. Examples of passive attacks include network analysis, eavesdropping and traffic analysis. Active attacks include brute force attacks, masquerading, packet replay, message modification, unauthorized access through the Internet or web-based services, denial-of-service attacks, dial-in penetration attacks, e-mail bombing and spamming, and e-mail spoofing.
  8. Transmitting redundant information with each character or frame to facilitate detection and correction of errors is called a:

    • feedback error control.
    • block sum check.
    • forward error control.
    • cyclic redundancy check.
    Forward error control involves transmitting additional redundant information with each character or frame to facilitate detection and correction of errors, in feedback error control, only enough additional information is transmitted so the receiver can identify that an error has occurred.
    Choices B and D are both error detection methods but not error correction methods. Block sum check is an extension of parity check wherein an additional set of parity bits is computed for a block of characters. A cyclic redundancy check is a technique wherein a single set of check digits is generated, based on the contents of the frame, for each frame transmitted.
  9. The security level of a private key system depends on the number of:

    • encryption key bits.
    • messages sent.
    • keys.
    • channels used.
    The security level of a private key system depends on the number of encryption key bits. The larger the number of bits, the more difficult it would be to understand or determine the algorithm. The security of the message will depend on the encryption key bits used. More than keys by themselves, the algorithm and its complexity make the content more secured. Channels, which could be open or secure, are the mode for sending the message.
  10. During what process should router access control lists be reviewed?

    • Environmental review
    • Network security review
    • Business continuity review
    • Data integrity review
    Network security reviews include reviewing router access control lists, port scanning, internal and external connections to the system, etc. Environmental reviews, business continuity reviews and data integrity reviews do not require a review of the router access control lists.
  11. Which of the following components is responsible for the collection of data in an intrusion detection system (IDS)?

    • Analyzer
    • Administration console
    • User interface
    • Sensor
    Sensors are responsible for collecting data. Analyzers receive input from sensors and determine intrusive activity. An administration console and a user interface are components of an IDS.
  12. Which of the following concerns associated with the World Wide Web would be addressed by a firewall?

    • Unauthorized access from outside the organization
    • Unauthorized access from within the organization
    • A delay in Internet connectivity
    • A delay in downloading using File Transfer Protocol (FTP)
    Firewalls are meant to prevent outsiders from gaining access to an organization’s computer systems through the internet gateway. They form a barrier with the outside world, but are not intended to address access by internal users; they are more likely to cause delays than address such concerns.
  13. A digital signature contains a message digest to:

    • show if the message has been altered after transmission.
    • define the encryption algorithm.
    • confirm the identity of the originator.
    • enable message transmission in a digital format.
    The message digest is calculated and included in a digital signature to prove that the message has not been altered. It should be the same value as a recalculation performed upon receipt. It does not define the algorithm or enable the transmission in digital format and has no effect on the identity of the user; it is there to ensure integrity rather than identity.
  14. Which of the following manages the digital certificate life cycle to ensure adequate security and controls exist in digital signature applications related to e-commerce?

    • Registration authority
    • Certificate authority (CA)
    • Certification relocation list
    • Certification practice statement
    The certificate authority maintains a directory of digital certificates for the reference of those receiving them, it manages the certificate life cycle, including certificate directory maintenance and certificate revocation list maintenance and publication. Choice A is not correct because a registration authority is an optional entity that is responsible for the administrative tasks associated with registering the end entity that is the subject of the certificate issued by the CA. Choice C is incorrect since a CRL is an instrument for checking the continued validity of the certificates for which the CA has responsibility. Choice D is incorrect because a certification practice statement is a detailed set of rules governing the certificate authority’s operations.
  15. A TCP/IP-based environment is exposed to the Internet. Which of the following BEST ensures that complete encryption and authentication protocols exist for protecting information while transmitted?

    • Work is completed in tunnel mode with IP security using the nested services of authentication header (AH) and encapsulating security payload (ESP).
    • A digital signature with RSA has been implemented.
    • Digital certificates with RSA are being used.
    • Work is being completed in TCP services.
    Tunnel mode with IP security provides encryption and authentication of the complete IP package. To accomplish this, the AH and ESP services can be nested. Choices B and C provide authentication and integrity. TCP services do not provide encryption and authentication.
  16. Digital signatures require the:

    • signer to have a public key and the receiver to have a private key.
    • signer to have a private key and the receiver to have a public key.
    • signer and receiver to have a public key.
    • signer and receiver to have a private key.
    Digital signatures are intended to verify to a recipient the integrity of the data and the identity of the sender. The digital signature standard is a public key algorithm. This requires the signer to have a private key and the receiver to have a public key.
  17. The feature of a digital signature that ensures the sender cannot later deny generating and sending the message is called:

    • data integrity.
    • authentication.
    • non repudiation.
    • replay protection.
    All of the above are features of a digital signature. Non repudiation ensures that the claimed sender cannot later deny generating and sending the message. Data integrity refers to changes in the plaintext message that would result in the recipient failing to compute the same message hash. Since only the claimed sender has the key, authentication ensures that the message has been sent by the claimed sender. Replay protection is a method that a recipient can use to check that the message was not intercepted and replayed.
  18. An IS auditor doing penetration testing during an audit of internet connections would:

    • evaluate configurations.
    • examine security settings.
    • ensure virus-scanning software is in use.
    • use tools and techniques available to a hacker.
    Penetration testing is a technique used to mimic an experienced hacker attacking a live site by using tools and techniques available to a hacker. The other choices are procedures that an IS auditor would consider undertaking during an audit of Internet connections, but are not aspects of penetration testing techniques.
  19. Which of the following should concern an IS auditor when reviewing security in a client- server environment?

    • Protecting data using an encryption technique
    • Preventing unauthorized access using a diskless workstation
    • The ability of users to access and modify the database directly
    • Disabling floppy drives on the users’ machines
    For the purpose of data security in a client-server environment, an IS auditor should be concerned with the user’s ability to access and modify a database directly. This could affect the integrity of the data in the database. Data protected by encryption aid in securing the data. Diskless workstations prevent copying of data into local disks and thus help to maintain the integrity and confidentiality of data. Disabling floppy drives is a physical access control, which helps to maintain the confidentiality of data by preventing it from being copied onto a disk.
  20. Which of the following is a technique that could be used to capture network user passwords?

    • Encryption
    • Sniffing
    • Spoofing
    • Data destruction
    Sniffing is an attack that can be used to capture sensitive pieces of information (e.g., a password) passing through the network. Encryption is a method of scrambling information to prevent unauthorized individuals from understanding the transmission. Spoofing is forging an address and inserting it into a packet to disguise the origin of the communication. Data destruction is erasing information or removing it from its original location.