Created by - Mary Smith
APICS Certified Supply Chain Professional CSCPPractice Questions 2023 - Part 37
Questions 1. Allowing for organizational restructuring is an example of which of the following steps in creating successful strategic alliances among suppliers?A) Managing multifaceted relationshipsB) Negotiating a win-win dealC) Planning for changeD) Conducting pulse checks2. A company that has consistently achieved a high level of on-time delivery performance has decided to reduce its inventory level significantly. Which of the following outcomes is the most likely effect of that decision on the company's on time delivery performance?A) There will be no effect.B) It will decline and then stabilize at a lower level.C) It will improve and then stabilize at a higher level.D) It will decline until sales erode.3. What is the primary benefit of using a central storage warehouse for all components rather than using point-of-use storage?A) Reduced need for bar codes and radio frequency identification technologyB) Reduced material handling costsC) Ease of control and count accuracyD) Maintain a cleaner shop floor4. The customer who provides point-of-sale data remains the sole decision-maker regarding order quantities when what type of inventory strategy is used?A) Continuous replenishmentB) Advanced continuous replenishmentC) Vendor-managed replenishmentD) Quick response5. Which of the following statements about the use of bar code labels for product identification in the supply chain is true?A) They have been replaced by radio frequency identification tags.B) They can be read by devices 1 to 3 meters from the item.C) They facilitate the capture of information about the location of items.D) Each of the trading partners must apply a unique label. Right Answer and Explanation: 1. Right Answer: CExplanation: 2. Right Answer: BExplanation: 3. Right Answer: CExplanation: 4. Right Answer: DExplanation: 5. Right Answer: CExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }
More detailsPublished - Fri, 03 Mar 2023
Created by - Mary Smith
Automating Data Center Solutions PracticeTest Questions 2023 - Part 7
Questions 1. The Cisco Security Management Appliance API is used to make a GET call using the URI /sma/api/v2.0/reporting/mail_incoming_traffic_summary/detected_amp?startDate=2016-09-10T19:00:00.000Z&endDate=2018- 0924T23:00:00.000Z&device_type=esa&device_name=esa01. What does this GET call return?A) value of a specific counter from a counter group, with the device name and type for emailB) value of a specific counter from a counter group, with the device name and type for webC) values of all counters of a counter group, with the device group name and device type for emailD) values of all counters of a counter group, with the device group name and device type for web2. Which request searches for a process window in Cisco ThreatGRID that contains the word â??secretâ??A) /api/v2/search/submissions?term=process&q=secretB) /api/v2/search/submissions?term=window&title=secretC) /api/v2/search/submissions?term=processwindow&title=secretD) /api/v2/search/submissions?term=processwindow&q=secret3. Which query parameter is required when using the reporting API of Cisco Security Management Appliances?A) startDate + endDateB) query_typeC) device_typeD) filterValue4. What are two benefits of Ansible when managing security platforms? (Choose two.)(Select 2answers)A) End users can be identified and tracked across a network.B) The time that is needed to deploy a change is reduced, compared to manually applying the changeC) Policies can be updated on multiple devices concurrently, which reduces outage windows.D) Network performance issues can be identified and automatically remediated.5. Which URI string is used to create a policy that takes precedence over other applicable policies that are configured on Cisco Stealthwatch?A) /tenants/{tenantId}/policy/system/host-policyB) /tenants/{tenantId}/policy/systemC) /tenants/{tenantId}/policy/system/role-policyD) /tenants/{tenantId}/policy/system/{policyId} Right Answer and Explanation: 1. Right Answer: CExplanation: 2. Right Answer: AExplanation: 3. Right Answer: AExplanation: 4. Right Answer: B,CExplanation: 5. Right Answer: AExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }
More detailsPublished - Fri, 03 Mar 2023
Created by - Mary Smith
AWS ANS-C00 Certified Advanced Networking Practice Questions 2023 - Part 17
Questions 1. You work for your company as an AWS(Amazon Web Service) administrator. You?ve setup a Classic Load balancer and EC2 Instances for an application. You have setup HTTPS listeners with the default security policies. Your Security department has mentioned that the security policy defined for the load balancer does not meet the regulations defined for the policy. What changes would you make to be in line with the requirements of the IT security department?A) Create a custom security policy and associate it with the Classic Load BalancerB) Create a new SSL and associate it with the underlying EC2 InstancesC) Create a custom security policy and associate it with the EC2 InstanceD) Create a new SSL and associate it with the underlying Classic Load balancer2. Your company has setup a host of networking components in AWS. They have out stringent controls in place to ensure that these networking components are only changed by designated IT personnel. But they still need to get notified of any unwarranted access on networking components. Which of the following service can help in this requirement?A) AWS Cloud trailB) AWS VPC Flow LogsC) AWS InspectorD) AWS Trusted Advisor3. You?ve setup an a Classic Load Balancer and EC2 Instances behind the Load Balancer. The following Security Groups have been set � Security Group for the ELB - Accept Incoming traffic on port 80 from 0.0.0.0/0 � Security Group for the EC2 Instances - Accept Incoming traffic on port 80 from 0.0.0.0/0 It has been noticed that the EC2 Instances are getting a large number of direct requests from the Internet. What should be done to resolve the issue.A) Change the EC2 Instance security group to only accept traffic from the ELB Security Group on port 80B) Change the ELB security group to only accept traffic from the EC2 Instances on port 80C) Change the EC2 Instance security group to only accept traffic from the ELB Security Group on port 443D) Change the ELB security group to only accept traffic from the EC2 Instances on port 4434. Your company needs VPN connectivity to an AWS(Amazon Web Service) VPC. There are around 100 mobile devices , 40 remote computers and a site office which needs to connect. How would you achieve this connectivity? Choose 2 answers from the options given below(Select 2answers)A) Use AWS(Amazon Web Service) Direct Connect with a public VIF for the site officeB) Use AWS(Amazon Web Service) Managed VPN for the mobile and remote computersC) Use AWS(Amazon Web Service) Managed VPN for the site officeD) Use a custom VPN server to accept connections from the mobile and remote computers5. Your company has many VPC?s , one for Development, one for Staging, one for Production and one Management VPC. It is required for traffic to flow from the other VPC?s to the Management VPC?s. The VPC?s should also be traversable via the on-premise Infrastructure. How would you architect the solution with the least amount of effort?A) Create a VPN connection between the Management VPC and all other VPC5. Create a VPN connection between the Management VPC and the on-premise environment.B) Create a Virtual Private gateway connection between all of the VPC?s. Create a VPN connection between Management VPC and the on-premise environment.C) Creating a VPC peering connection between the VPC?s. Create a VPN connection between all the VPC?s and the on-premise environment.D) Creating a VPC peering connection between the VPCS. Create a VPN connection between the Management VPC and the on-premise environment. Right Answer and Explanation: 1. Right Answer: AExplanation: 2. Right Answer: AExplanation: 3. Right Answer: AExplanation: 4. Right Answer: C,DExplanation: 5. Right Answer: CExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }
More detailsPublished - Fri, 03 Mar 2023
Created by - Mary Smith
AWS Certified Cloud Practitioner Certification - Part 34
Questions 1. Which architectural principle is used when deploying an Amazon Relational Database Service (Amazon RDS) instance in Multiple Availability Zone mode?A) A. Implement loose coupling. B) B. Design for failure.C) C. Automate everything that can be automated.D) D. Use services, not servers.2. What does it mean to grant least privilege to AWS IAM users?A) A. It is granting permissions to a single user only. B) B. It is granting permissions using AWS IAM policies only.C) C. It is granting AdministratorAccess policy permissions to trustworthy users.D) D. It is granting only the permissions required to perform a given task.3. What is a benefit of loose coupling as a principle of cloud architecture design?A) A. It facilitates low-latency request handling. B) B. It allows applications to have dependent workflows.C) C. It prevents cascading failures between different components.D) D. It allows companies to focus on their physical data center operations.4. A director has been tasked with investigating hybrid cloud architecture. The company currently accesses AWS over the public internet. Which service will facilitate private hybrid connectivity?A) A. Amazon Virtual Private Cloud (Amazon VPC) NAT GatewayB) B. AWS Direct ConnectC) C. Amazon Simple Storage Service (Amazon S3) Transfer AccelerationD) D. AWS Web Application Firewall (AWS WAF)5. A company's web application currently has tight dependencies on underlying components, so when one component fails the entire web application fails. Applying which AWS Cloud design principle will address the current design issue?A) A. Implementing elasticity, enabling the application to scale up or scale down as demand changes. B) B. Enabling several EC2 instances to run in parallel to achieve better performance.C) C. Focusing on decoupling components by isolating them and ensuring individual components can function when other components fail.D) D. Doubling EC2 computing resources to increase system fault tolerance. Right Answer and Explanation: 1. Right Answer: BExplanation: Amazon RDS Multi-AZ deployments provide enhanced availability and durability for Database (DB) Instances, making them a natural fit for production database workloads. When you provision a Multi-AZ DB Instance, Amazon RDS automatically creates a primary DB Instance and synchronously replicates the data to a standby instance in a different Availability Zone (AZ). Each AZ runs on its own physically distinct, independent infrastructure, and is engineered to be highly reliable. In case of an infrastructure failure, Amazon RDS performs an automatic failover to the standby (or to a read replica in the case of Amazon Aurora), so that you can resume database operations as soon as the failover is complete. Since the endpoint for your DB Instance remains the same after a failover, your application can resume database operation without the need for manual administrative intervention.https://aws.amazon.com/rds/details/multi-az/2. Right Answer: DExplanation: When you create IAM policies, follow the standard security advice of granting least privilege, or granting only the permissions required to perform a task. Determine what users (and roles) need to do and then craft policies that allow them to perform only those tasks.https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege3. Right Answer: CExplanation: IT systems should ideally be designed in a way that reduces inter-dependencies. Your components need to be loosely coupled to avoid changes or failure in one of the components from affecting others. Your infrastructure also needs to have well defined interfaces that allow the various components to interact with each other only through specific, technology-agnostic interfaces. Modifying any underlying operations without affecting other components should be made possible.https://www.botmetric.com/blog/aws-cloud-architecture-design-principles/4. Right Answer: BExplanation: Amazon VPC provides multiple network connectivity options for you to leverage depending on your current network designs and requirements. These connectivity options include leveraging either the internet or an AWS Direct Connect connection as the network backbone and terminating the connection into either AWS or usermanaged network endpoints. Additionally, with AWS, you can choose how network routing is delivered between Amazon VPC and your networks, leveraging either AWS or user-managed network equipment and routes.https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/introduction.html5. Right Answer: CExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }
More detailsPublished - Fri, 03 Mar 2023
Created by - Mary Smith
AWS Certified Security - Specialty - Part 37
Questions 1. Your company has a set of EBS volumes defined in AWS. The security mandate is that all EBS volumes are encrypted. What can be done to notify the IT admin staff if there are any unencrypted volumes in the account?A) Use AWS(Amazon Web Service) Lambda to check for the unencrypted EBS volumesB) Use AWS(Amazon Web Service) Guard duty to check for the unencrypted EBS volumesC) Use AWS(Amazon Web Service) Conflg to check for unencrypteci EBS volumesD) Use AWS(Amazon Web Service) Inspector to inspect all the EBS volumes2. An application running on EC2 instances in a VPC must call an external web service via TLS (port 443). The instances run in public subnets. Which configurations below allow the application to function and minimize the exposure of the instances? Select 2 answers from the options given below(Select 2answers)A) A security group with a rule that allows outgoing traffic on port 443B) A network ACL with rules that allow outgoing traffic on port 443 and incoming traffic on ephemeral portsC) A network ACL with a rule that allows outgoing traffic on port 443.D) A security group with rules that allow outgoing traffic on port 443 and incoming traffic on port 443.E) A network ACL with rules that allow outgoing traffic on port 443 and incoming traffic on port 443.F) A security group with rules that allow outgoing traffic on port 443 and incoming traffic on ephemeral ports.3. You are hosting a web site via website hosting on an S3 bucket - http:!/demo.s3-websiteus-east-1 .amazonaws.com. You have some web pages that use Java script that access resources in another bucket which has web site hosting also enabled. But when users access the web pages, they are getting a blocked Java script error. How can you rectify this?A) Enable MFA for the bucketB) Enable CRR for the bucketC) Enable versioning for the bucketD) Enable CORS for the bucket4. Your company hosts a large section of EC2 instances in AWS. There are strict security rules governing the EC2 Instances. During a potential security breach , you need to ensure quick investigation of the underlying EC2 Instance. Which of the following service can help you quickly provision a test environment to look Into the breached instance?A) AWS Cloud trailB) AWS ConfigC) AWS Cloud formationD) AWS Cloud watch5. A company is hosting a website that must be accessible to users for HTTPS traffic. Also port 22 should be open for administrative purposes. Which of the following security group configurations are the MOST secure but still functional to support these requirements? Choose 2 answers from the options given below(Select 2answers)A) Port 443 coming from 10.0.0.0/16B) Port 22 coming from 0.0.0.0/0C) Port 22 coming from 10.0.0.0/16D) Port 443 coming from 0.0.0.0/0 Right Answer and Explanation: 1. Right Answer: CExplanation: 2. Right Answer: A,BExplanation: Since here the traffic needs to flow outbound from the Instance to a web service on Port 443 , the outbound rules on both the Network and Security Groups need to allow outbound traffic. The Incoming traffic should be allowed on ephermal ports for the Operating System on the Instance to allow a connection to be established on any desired or available port. Option A is invalid because this rule alone is not enough. You also need to ensure incoming traffic on ephemeral ports Option C is invalid because need to ensure incoming traffic on ephemeral ports and not only port 443 Option E and F are invalid since here you are allowing additional ports on Security groups which are not required For more information on VPC Security Groups, please visit the below URL https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html3. Right Answer: DExplanation: 4. Right Answer: CExplanation: 5. Right Answer: C,DExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }
More detailsPublished - Fri, 03 Mar 2023
Created by - Mary Smith
CISA—Certified Information Systems Auditor - Part 117
Questions 1. Which of the following comparisons are used for identification and authentication in a biometric system?A) One-to-many for identification and authenticationB) One-to-one for identification and authenticationC) One-to-many for identification and one-to-one for authenticationD) One-to-one for identification and one-to-many for authentication2. The goal of an information system is to achieve integrity, authenticity and non-repudiation of information's sent across the network. Which of the following statement correctly describe the steps to address all three?A) Encrypt the message digest using symmetric key and then send the encrypted digest to receiver along with original message.B) Encrypt the message digest using receiver's public key and then send the encrypted digest to receiver along with original message. The receiver can decrypt the message digest using his own private key.C) Encrypt the message digest using sender's public key and then send the encrypted digest to the receiver along with original message. The receiver can decrypt using his own private key.D) Encrypt message digest using sender's private key and then send the encrypted digest to the receiver along with original message. Receiver can decrypt the same using sender's public key.3. Which of the following is an advantage of asymmetric crypto system over symmetric key crypto system?A) Performance and SpeedB) Key Management is built inC) Adequate for Bulk encryptionD) Number of keys grows very quickly4. Which key is used by the sender of a message to create a digital signature for the message being sent?A) Sender's public keyB) Sender's private keyC) Receiver's public keyD) Receiver's private key5. Which of the following cryptography is based on practical application of the characteristics of the smallest 'grains' of light, the photon, the physical laws governing their generation and propagation and detection?A) Quantum CryptographyB) Elliptical Curve Cryptography (ECC)C) Symmetric Key CryptographyD) Asymmetric Key Cryptography Right Answer and Explanation: 1. Right Answer: CExplanation: In identification mode the system performs a one-to-many comparison against a biometric database in attempt to establish the identity of an unknown individual.The system will succeed in identifying the individual if the comparison of the biometric sample to a template in the database falls within a previously set threshold.Identification mode can be used either for 'positive recognition' (so that the user does not have to provide any information about the template to be used) or for'negative recognition' of the person 'where the system establishes whether the person is who she (implicitly or explicitly) denies to be'In verification (or authentication) mode the system performs a one-to-one comparison of a captured biometric with a specific template stored in a biometric database in order to verify the individual is the person they claim to be.Management of Biometrics -Management of biometrics should address effective security for the collection, distribution and processing of biometrics data encompassing:Data integrity, authenticity and non-repudiationManagement of biometric data across its life cycle '' compromised of the enrollment, transmission and storage, verification, identification, and termination processUsage of biometric technology, including one-to-one and one-to-many matching, for identification and authenticationApplication of biometric technology for internal and external, as well as logical and physical access controlEncapsulation of biometric data -Security of the physical hardware used throughout the biometric data life cycleTechniques for integrity and privacy protection of biometric data.The following were incorrect answers:All other choices presented were incorrectly describing identification and authentication mapping.The following reference(s) were/was used to create this question:CISA review manual 2014 Page number 331http://en.wikipedia.org/wiki/Biometrics2. Right Answer: DExplanation: The digital signature is used to achieve integrity, authenticity and non-repudiation. In a digital signature, the sender's private key is used to encrypt the message digest of the message. Encrypting the message digest is the act of Signing the message. The receiver will use the matching public key of the sender to decrypt theDigital Signature using the sender's public key.A digital signature (not to be confused with a digital certificate) is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and possibly to ensure that the original content of the message or document that has been sent is unchanged. Digital signatures cannot be forged by someone else who does not possess the private key, it can also be automatically time-stamped. The ability to ensure that the original signed message arrived means that the sender cannot easily repudiate it later.A digital signature can be used with any kind of message, whether it is encrypted or not, simply so that the receiver can be sure of the sender's identity and that the message arrived intact. A digital certificate contains the digital signature of the certificate-issuing authority so that anyone can verify that the certificate is real and has not been modified since the day it was issued.How Digital Signature Works -Assume you were going to send the draft of a contract to your lawyer in another town. You want to give your lawyer the assurance that it was unchanged from what you sent and that it is really from you.You copy-and-paste the contract (it's a short one!) into an e-mail note.Using special software, you obtain a message hash (mathematical summary) of the contract.You then use a private key that you have previously obtained from a public-private key authority to encrypt the hash.The encrypted hash becomes your digital signature of the message. (Note that it will be different each time you send a message.)At the other end, your lawyer receives the message.To make sure it's intact and from you, your lawyer makes a hash of the received message.Your lawyer then uses your public key to decrypt the message hash or summary.If the hashes match, the received message is valid.Below are some common reasons for applying a digital signature to communications:Authentication -Although messages may often include information about the entity sending a message, that information may not be accurate. Digital signatures can be used to authenticate the source of messages. The importance of high assurance in the sender authenticity is especially obvious in a financial context. For example, suppose a bank's branch office sends instructions to the central office requesting a change in the balance of an account. If the central office is not convinced that such a message is truly sent from an authorized source, acting on such a request could be a serious mistake.Integrity -In many scenarios, the sender and receiver of a message may have a need for confidence that the message has not been altered during transmission. Although encryption hides the contents of a message, it may be possible to change an encrypted message without understanding it.(Some encryption algorithms, known as nonmalleable ones, prevent this, but others do not.) However, if a message is digitally signed, any change in the message after the signature has been applied would invalidates the signature. Furthermore, there is no efficient way to modify a message and its signature to produce a new message with a valid signature, because this is still considered to be computationally infeasible by most cryptographic hash functions (see collision resistance).Non-repudiation -Non-repudiation, or more specifically non-repudiation of origin, is an important aspect of digital signatures. By this property, an entity that has signed some information cannot at a later time deny having signed it. Similarly, access to the public key only does not enable a fraudulent party to fake a valid signature.Note that authentication, non-repudiation, and other properties rely on the secret key not having been revoked prior to its usage. Public revocation of a key-pair is a required ability, else leaked secret keys would continue to implicate the claimed owner of the key-pair. Checking revocation status requires an 'online' check, e.g. checking a 'Certificate Revocation List' or via the 'Online Certificate Status Protocol'. This is analogous to a vendor who receives credit-cards first checking online with the credit-card issuer to find if a given card has been reported lost or stolen.Tip for the exam -Digital Signature does not provide confidentiality. It provides only authenticity and integrity. The sender's private key is used to encrypt the message digest to calculate the digital signatureEncryption provides only confidentiality. The receiver's public key or symmetric key is used for encryptionThe following were incorrect answers:Encrypt the message digest using symmetric key and then send the encrypted digest to receiver along with original message - Symmetric key encryption does not provide non-repudiation as symmetric key is shared between usersEncrypt the message digest using receiver's public key and then send the encrypted digest to receiver along with original message. The receiver can decrypt the message digest using his own private key - Receiver's public key is known to everyone. This will not address non-repudiationEncrypt the message digest using sender's public key and then send the encrypted digest to the receiver along with original message. The receiver can decrypt using his own private key -The sender public key is known to everyone. If sender's key is used for encryption, then sender's private key is required to decrypt data.The receiver will not be able to decrypt the digest as receiver will not have sender's private key.The following reference(s) were/was used to create this question:CISA review manual 2014 Page number 331http://upload.wikimedia.org/wikipedia/commons/2/2b/Digital_Signature_diagram.svg http://en.wikipedia.org/wiki/Digital_signature http://searchsecurity.techtarget.com/definition/digital-signature3. Right Answer: BExplanation: Key management is better in asymmetric key encryption as compare to symmetric key encryption. In fact, there is no key management built within SymmetricCrypto systems. You must use the sneaker net or a trusted courier to exchange the key securely with the person you wish to communicate with.Key management is the major issue and challenge in symmetric key encryption.In symmetric key encryption, a symmetric key is shared between two users who wish to communicate together. As the number of users grows, the number of keys required also increases very rapidly.For example, if a user wants to communicate with 5 different users then total number of different keys required by the user are 10. The formula for calculating total number of key required is n(n-1)/2Or total number of users times total of users minus one divided by 2.Where n is number of users communicating with each others securely.In an asymmetric key encryption, every user will have only two keys, also referred to as a Key Pair.Private Key '' Only known to the user who initially generated the key pairPublic key '' Known to everyone, can be distributed at largeThe following were incorrect answers:Performance '' Symmetric key encryption performance is better than asymmetric key encryptionBulk encryption '' As symmetric key encryption gives better performance, symmetric key should be used for bulk data encryptionNumber of keys grows very quickly - The number of keys under asymmetric grows very nicely.1000 users would need a total of only 2000 keys, or a private and a public key for each user. Under symmetric encryption, one thousand users would need 495,000 keys to communicate securely with each others.The following reference(s) were/was used to create this question:CISA review manual 2014 Page number 3484. Right Answer: BExplanation: The sender private key is used to calculate the digital signatureThe digital signature is used to achieve integrity, authenticity and non-repudiation. In a digital signature, the sender's private key is used to encrypt the message digest (signing) of the message and receiver need to decrypt the same using sender's public key to validate the signature.A digital signature (not to be confused with a digital certificate) is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and possibly to ensure that the original content of the message or document that has been sent is unchanged. Digital signatures are easily transportable, cannot be imitated by someone else, and can be automatically time-stamped. The ability to ensure that the original signed message arrived means that the sender cannot easily repudiate it later.A digital signature can be used with any kind of message, whether it is encrypted or not, simply so that the receiver can be sure of the sender's identity and that the message arrived intact. A digital certificate contains the digital signature of the certificate-issuing authority so that anyone can verify that the certificate is real.How It Works -Assume you were going to send the draft of a contract to your lawyer in another town. You want to give your lawyer the assurance that it was unchanged from what you sent and that it is really from you.You copy-and-paste the contract (it's a short one!) into an e-mail note.Using special software, you obtain a message hash (mathematical summary) of the contract.You then use a private key that you have previously obtained from a public-private key authority to encrypt the hash.The encrypted hash becomes your digital signature of the message. (Note that it will be different each time you send a message.)At the other end, your lawyer receives the message:To make sure it's intact and from you, your lawyer makes a hash of the received message.Your lawyer then uses your public key to decrypt the message hash or summary.If the hashes match, the received message is valid.Below are some common reasons for applying a digital signature to communications:Authentication -Although messages may often include information about the entity sending a message, that information may not be accurate. Digital signatures can be used to authenticate the source of messages. When ownership of a digital signature secret key is bound to a specific user, a valid signature shows that the message was sent by that user. The importance of high confidence in sender authenticity is especially obvious in a financial context. For example, suppose a bank's branch office sends instructions to the central office requesting a change in the balance of an account. If the central office is not convinced that such a message is truly sent from an authorized source, acting on such a request could be a grave mistake.Integrity -In many scenarios, the sender and receiver of a message may have a need for confidence that the message has not been altered during transmission. Although encryption hides the contents of a message, it may be possible to change an encrypted message without understanding it. (Some encryption algorithms, known as nonmalleable ones, prevent this, but others do not.) However, if a message is digitally signed, any change in the message after signature invalidates the signature.Furthermore, there is no efficient way to modify a message and its signature to produce a new message with a valid signature, because this is still considered to be computationally infeasible by most cryptographic hash functions (see collision resistance).Non-repudiation -Non-repudiation, or more specifically non-repudiation of origin, is an important aspect of digital signatures. By this property, an entity that has signed some information cannot at a later time deny having signed it. Similarly, access to the public key only does not enable a fraudulent party to fake a valid signature.Note that these authentication, non-repudiation etc. properties rely on the secret key not having been revoked prior to its usage. Public revocation of a key-pair is a required ability, else leaked secret keys would continue to implicate the claimed owner of the key-pair. Checking revocation status requires an 'online' check, e.g. checking a 'Certificate Revocation List' or via the 'Online Certificate Status Protocol'. Very roughly this is analogous to a vendor who receives credit-cards first checking online with the credit-card issuer to find if a given card has been reported lost or stolen. Of course, with stolen key pairs, the theft is often discovered only after the secret key's use, e.g., to sign a bogus certificate for espionage purposes.Tip for the exam:Digital Signature does not provide confidentiality. The sender's private key is used for calculating digital signatureEncryption provides only confidentiality. The receiver's public key or symmetric key is used for encryptionThe following were incorrect answers:Sender's Public key '' This is incorrect as receiver will require sender's private key to verify digital signature.Receiver's Public Key '' The digital signature provides non-repudiation. The receiver's public key is known to every one. So it can not be used for digital-signature.Receiver's public key can be used for encryption.Receiver's Private Key '' The sender does not know the receiver's private key. So this option is incorrect.The following reference(s) were/was used to create this question:CISA review manual 2014 Page number 348http://upload.wikimedia.org/wikipedia/commons/2/2b/Digital_Signature_diagram.svg http://en.wikipedia.org/wiki/Digital_signature http://searchsecurity.techtarget.com/definition/digital-signature5. Right Answer: AExplanation: Quantum cryptography is based on a practical application of the characteristics of the smallest 'grain' of light, photons and on physical laws governing their generation, propagation and detection.Quantum cryptography is the next generation of cryptography that may solve some of the existing problem associated with current cryptographic systems, specifically the random generation and secure distribution of symmetric cryptographic keys. Initial commercial usage has already started now that the laboratory research phase has been completed.Quantum cryptography is based on a practical application of the characteristics of the smallest 'grain' of light, photons and on physical laws governing their generation, propagation and detection.Quantum cryptography is the next generation of cryptography that may solve some of the existing problem associated with current cryptographic systems, specifically the random generation and secure distribution of symmetric cryptographic keys. Initial commercial usage has already started now that the laboratory research phase has been completed.The following were incorrect answers: Elliptic Key Cryptography(ECC) - A variant and more efficient form of a public key cryptography (how to manage more security out of minimum resources) gaining prominence is the ECC. ECC works well on a network computer requires strong cryptography but have some limitation such as bandwidth and processing power. This is even more important with devices such as smart cards, wireless phones and other mobile devices. It is believed that ECC demands less computational power and, therefore offers more security per bit. For example, an ECC with a 160-bit key offer the same security as anRSA based system with a 1024-bit key.Symmetric Encryption- Symmetric encryption is the oldest and best-known technique. A secret key, which can be a number, a word, or just a string of random letters, is applied to the text of a message to change the content in a particular way. This might be as simple as shifting each letter by a number of places in the alphabet. As long as both sender and recipient know the secret key, they can encrypt and decrypt all messages that use this key.The problem with secret keys is exchanging them over the Internet or a large network while preventing them from falling into the wrong hands. Anyone who knows the secret key can decrypt the message.Asymmetric encryption -In which there are two related keys--a key pair. A public key is made freely available to anyone who might want to send you a message. A second, private key is kept secret, so that only you know it.Any message (text, binary files, or documents) that are encrypted by using the public key can only be decrypted by applying the same algorithm, but by using the matching private key. Any message that is encrypted by using the private key can only be decrypted by using the matching public key.This means that you do not have to worry about passing public keys over the Internet (the keys are supposed to be public). A problem with asymmetric encryption, however, is that it is slower than symmetric encryption. It requires far more processing power to both encrypt and decrypt the content of the message.The following reference(s) were/was used to create this question:CISA review manual 2014 Page number 349 and 350http://support.microsoft.com/kb/246071 .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }
More detailsPublished - Fri, 03 Mar 2023
Created by - Mary Smith
CISA—Certified Information Systems Auditor - Part 373
Questions 1. Which of the following controls BEST ensures appropriate segregation of duties within an accounts payable department?A) Ensuring that audit trails exist for transactionsB) Restricting access to update programs to accounts payable staff onlyC) Restricting program functionality according to user security profilesD) Including the creator's user ID as a field in every transaction record created2. When reviewing the process by which a contract for the outsourcing of various IT functions was completed, an IS auditor would ensure that the successful contractor:A) has eliminated the risks of outsourcing.B) maintains an internal audit function.C) requires a confidentiality agreement to be signed by all employees.D) was selected according to established business criteria.3. Which of the following would be the PRIMARY benefit of replacing physical keys with an electronic entry system for a data center?A) Creates an audit trailB) Enables data miningC) Ensures complianceD) Reduces cost4. Which of the following is the BEST way to determine if IT is delivering value to the business?A) Distribute surveys to various end users of IT services.B) Interview key IT managers and service providers.C) Review IT service level agreement (SLA) metrics.D) Analyze downtime frequency and duration.5. Following an IS audit recommendation, all Telnet and File Transfer Protocol (FTP) connections have been replaced by Secure Socket Shell (SSH) and Secure FileTransfer Protocol (SFTP). Which risk treatment approach has the organization adopted?A) AcceptanceB) MitigationC) AvoidanceD) Transfer Right Answer and Explanation: 1. Right Answer: CExplanation: 2. Right Answer: BExplanation: 3. Right Answer: AExplanation: 4. Right Answer: CExplanation: A service level agreement (SLA) is a written document, which officially describe the details of services, in non-technical terms, provided by the IT department(internal or external) to its customers. The aim of SLA is to maintain and improve the customer satisfaction to an agreed level.5. Right Answer: BExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }
More detailsPublished - Fri, 03 Mar 2023
Created by - Mary Smith
CISM—Certified Information Security Manager - Part 233
Questions 1. The BEST way to isolate corporate data stored on employee-owned mobile devices would be to implement:A) a sandbox environment.B) device encryption.C) two-factor authentication.D) a strong password policy.2. Which of the following is the MOST important outcome from vulnerability scanning?A) Prioritization of risksB) Information about steps necessary to hack the systemC) Identification of back doorsD) Verification that systems are properly configured3. Which of the following should be the PRIMARY expectation of management when an organization introduces an information security governance framework?A) Optimized information security resourcesB) Consistent execution of information security strategyC) Improved accountability to shareholdersD) Increased influence of security management4. For a user of commercial software downloaded from the Internet, which of the following is the MOST effective means of ensuring authenticity?A) Digital signaturesB) Digital certificatesC) Digital code signingD) Steganography5. When developing a new application, which of the following is the BEST approach to ensure compliance with security requirements?A) Provide security training for developers.B) Prepare detailed acceptance criteria.C) Adhere to change management processes.D) Perform a security gap analysis. Right Answer and Explanation: 1. Right Answer: BExplanation: 2. Right Answer: DExplanation: 3. Right Answer: BExplanation: 4. Right Answer: CExplanation: 5. Right Answer: BExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }
More detailsPublished - Fri, 03 Mar 2023
Created by - Mary Smith
Comptia A+ 1002 2023 Questions and answer - Part 51
Questions 1. A user leaves the workstation frequently and does not want sensitive material to be accessed. In addition, the user does not want to turn off the computer every time in the evening. Which of the following is the BEST solution for securing the workstation?A) A. Set a strong password that requires a renewal every 30 days.B) B. Run a screensaver after one minute of non-use and fingerprint lock for after hours.C) C. Apply a screen lock after five minutes of non-use and login time restrictions for after hours.D) D. Require a password and fingerprint lock after hours.2. Joe, a technician, would like to map a network drive when he starts up his computer in the morning. Which of the following commands would he use to accomplish this task?A) A. NSLOOKUPB) B. NETSTATC) C. NBTSTATD) D. NET3. Which of the following best practices is used to fix a zero-day vulnerability on Linux?A) A. Scheduled backupB) B. Scheduled disk maintenanceC) C. Patch managementD) D. Antivirus update4. A user states that when they logon to their computer sometimes they get an IP conflict error. The user computer is configured with a static IP. Which of the following is the problem?A) A. Duplicate IP exist on the networkB) B. DHCP server needs to be rebootedC) C. Network adapter driver needs to be updatedD) D. Bad network adapter5. A user advises that a computer is displaying pop-ups when connected to the Internet. After updating and running anti-malware software, the problem persists and the technician finds that two rogue processes cannot be killed. Which of the following should be done NEXT to continue troubleshooting the problem?A) A. Run msconfig to clean boot the computerB) B. Run Event Viewer to identify the causeC) C. Run System Restore to revert to previous stateD) D. Run Recovery Console to kill the processes Right Answer and Explanation: 1. Right Answer: CExplanation: 2. Right Answer: DExplanation: 3. Right Answer: CExplanation: 4. Right Answer: AExplanation: 5. Right Answer: AExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }
More detailsPublished - Fri, 03 Mar 2023
Search
Popular categories
Latest blogs
CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Write a public review