1、The extent to which data will be collected during an IS audit should be determined based on the: A、availability of critical and required information. B、auditor's familiarity with the circumstances. C、auditee's ability to find relevant evidence. D、purpose and scope of the audit being done.
NOTE: The extent to which data will be collected during an ISaudit should be related directly to the scope and purpose of the audit. An audit with a narrow purpose and scope would result most likely in less data collection, than an audit with a wider purpose and scope. The scope of an IS audit should not be constrained by the ease of obtaining the information or by the auditor's familiarity with the area being audited. Collecting all the required evidenceis a required element of an IS audit, and the scope of the audit should not be limited by the auditee's ability to find relevant evidence. 2、Which of the following ensures a sender's authenticity and an e-mail's confidentiality? A、Encrypting the hash of the message with the sender's private key and thereafter encrypting the hash of the message with the receiver's public key B、The sender digitallysigning the message and thereafter encrypting the hash of the message with the sender's private key
C、Encrypting the hash of the message with the sender's private key and thereafter encrypting the message with the receiver's public key D、Encrypting the message with the sender's private key and encrypting the message hash with the receiver's public key
NOTE: To ensure authenticity andconfidentiality, a message must be encrypted twice: first with the sender's private key, and then with the receiver's public key. The receiver can decrypt the message, thus ensuring confidentiality of the message. Thereafter, the decrypted message can be decrypted with the public key of the sender, ensuring authenticity of the message. Encrypting the message with the sender's private key enables anyoneto decrypt it. 3、Which of the following is the GREATEST advantage of elliptic curve encryption over RSA encryption? A、Computation speed B、Ability to support digital signatures C、Simpler key distribution D、Greater strength for a given key length
NOTE: The main advantage of elliptic curve encryption over RSA encryption is its computation speed. This method was first independently suggested by NealKoblitz and Victor S. Miller. Both encryption methods support digital signatures and are used for public key encryption and distribution. However, a stronger key per se does not necessarily guarantee better performance, but rather the actual algorithm employed. 4、Which of the following controls would provide the GREATEST assurance of database integrity? A、Audit log procedures B、Tablelink/reference checks
C、Query/table access time checks D、Rollback and rollforward database features
NOTE: Performing table link/reference checks serves to detect table linking errors (such as completeness and accuracy of the contents of the database), and thus provides the greatest assurance of database integrity. Audit log procedures enable recording of all events that have been identified and help intracing the events. However, they only point to the event and do not ensure completeness or accuracy of the database's contents. Querying/monitoring table access time checks helps designers improve database performance, but not integrity. Rollback and rollforward database features ensure recovery from an abnormal disruption. They assure the integrity of the transaction that was being processed atthe time of disruption, but do not provide assurance on the integrity of the contents of the database. 5、A benefit of open system architecture is that it: A、facilitates interoperability. B、facilitates the integration of proprietary components. C、will be a basis for volume discounts from equipment vendors. D、allows for the achievement of more economies of scale for equipment.