Created by - Mary Smith
Comptia Linux + 2023 Questions and answer - Part 1
Questions 2. Which of the following files holds the configuration for journald when running systemd?A) A. /etc/systemd/journalctl.confB) B. /etc/systemd/journald.confC) C. /etc/systemd/systemd-journald.confD) D. /etc/systemd/systemd-journalctl.confE) E. /usr/lib/systemd/journalctl.conf3. Which of the following are commonly used Mail Transfer Agent (MTA) applications? (Choose THREE correct answers.)(Select 3answers)A) A. PostfixB) B. ProcmailC) C. SendmailD) D. EximE) E. SMTPd4. Which of the following is observed and corrected by a NTP client?A) A. The skew in time between the system clock and the hardware clock.B) B. The skew in time between the system clock and the reference clock.C) C. Changes in the time zone of the current computer's location.D) D. Adjustments needed to support Daylight Saving Time.5. Which of the following is a legacy program provided by CUPS for sending files to the printer queues on the command line?A) A. lpdB) B. lppC) C. lpqD) D. lpr Right Answer and Explanation: 2. Right Answer: BExplanation: 3. Right Answer: A,C,DExplanation: 4. Right Answer: BExplanation: 5. Right Answer: DExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }
More detailsPublished - Fri, 03 Mar 2023
Created by - Mary Smith
ComptiA Security+ Certification Exam Questions and answer - Part 27
Questions 1. A new security policy in an organization requires that all file transfers within the organization be completed using applications that provide secure transfer. Currently,the organization uses FTP and HTTP to transfer files. Which of the following should the organization implement in order to be compliant with the new policy?A) Replace FTP with SFTP and replace HTTP with TLSB) Replace FTP with FTPS and replaces HTTP with TFTPC) Replace FTP with SFTP and replace HTTP with TelnetD) Replace FTP with FTPS and replaces HTTP with IPSec2. An external attacker can modify the ARP cache of an internal computer. Which of the following types of attacks is described?A) ReplayB) SpoofingC) DNS poisoningD) Client-side attack3. An external contractor,who has not been given information about the software or network architecture,is conducting a penetration test. Which of the following BEST describes the test being performed?A) Black boxB) White boxC) Passive reconnaissanceD) Vulnerability scan4. An incident involving a workstation that is potentially infected with a virus has occurred. The workstation may have sent confidential data to an unknown internet server. Which of the following should a security analyst do FIRST?A) Make a copy of everything in memory on the workstation.B) Turn off the workstation.C) Consult information security policy.D) Run a virus scan.5. An incident responder receives a call from a user who reports a computer is exhibiting symptoms consistent with a malware infection. Which of the following steps should the responder perform NEXT?A) Capture and document necessary information to assist in the response.B) Request the user capture and provide a screenshot or recording of the symptoms.C) Use a remote desktop client to collect and analyze the malware in real time.D) Ask the user to back up files for later recovery. Right Answer and Explanation: 1. Right Answer: AExplanation: 2. Right Answer: BExplanation: 3. Right Answer: AExplanation: 4. Right Answer: AExplanation: 5. Right Answer: AExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }
More detailsPublished - Fri, 03 Mar 2023
Created by - Mary Smith
APICS Certified Supply Chain Professional CSCPPractice Questions 2023 - Part 38
Questions 1. Inventory parameters established using analytic inventory techniques typically are based on balancing:A) supply and dependent demand.B) customer service and inventory costs.C) transportation and warehousing costs.D) inventory levels and decision-making costs.2. A firm is undertaking a revision of its financial metrics to make them more comprehensive and has decided to use metrics such as return on investment (ROI), return on assets (ROA), and economic value added (EVA). This is an example of utilizing which of the following types of metrics?A) Activity basedB) Stakeholder focusedC) Financial sustainabilityD) Value chain3. Which of the following ISO standards is used to assist organizations with sustainable development?A) ISO 31000B) ISO 14001C) ISO 26000D) ISO 90014. The mission of the global reporting initiative (GRI) is to provide a:A) comparison of key metrics for companies in the same industries across the globe.B) feasible business plan that can be shown to global potential investors.C) trusted and credible framework for reports regarding sustainability practices.D) transparent collaboration between non-profit organizations and governments.5. An effective procurement strategy for commodity products should focus on:A) driving down cost and reducing risk.B) spreading purchases equally across suppliers.C) selecting primary and alternate sources.D) selecting suppliers with value-added products. Right Answer and Explanation: 1. Right Answer: BExplanation: 2. Right Answer: CExplanation: 3. Right Answer: CExplanation: 4. Right Answer: CExplanation: 5. Right Answer: AExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }
More detailsPublished - Fri, 03 Mar 2023
Created by - Mary Smith
Automating Data Center Solutions PracticeTest Questions 2023 - Part 8
Questions 1. Which two commands create a new local source code branch? (Choose two.)(Select 2answers)A) git checkout -b new_branchB) git checkout -f new_branchC) git branch new_branchD) git branch -b new_branch2. Which curl command lists all tags (host groups) that are associated with a tenant using the Cisco Stealthwatch Enterprise API?A) curl -X GET -H'Cookie:{Cookie Data}'https://{stealthwatch_host}/smc-configuration/rest/v1/tenants/{tenant_id}/tagsB) curl -X PUT'Cookie:{Cookie Data}'https://{stealthwatch_host}/smc-configuration/rest/v1/tenants/{tenant_id}/tagsC) curl -X GET -H'Cookie:{Cookie Data}'https://{stealthwatch_host}/smcconfiguration/rest/v1/tenants/tagsD) curl -X POST -H'Cookie:{Cookie Data}'https://{stealthwatch_host}/smc-configuration/rest/v1/tenants/tags3. Which two statements describe the characteristics of API styles for REST and RPC? (Choose two.)(Select 2answers)A) REST and RPC API styles are the same.B) REST-based APIs are used primarily for CRUD operationsC) RPC-based APIs function in a similar way to proceduresD) REST-based APIs function in a similar way to procedures.4. Which two APIs are available from Cisco ThreatGRID? (Choose two.)(Select 2answers)A) User ScopeB) Curated FeedsC) DataD) Access5. Which two components are required from the Cisco Intersight REST API Authentication? (Choose two.)(Select 2answers)A) RSA private key with a key size of 1024B) SHA256 hash of the message body, including empty message bodiesC) RSA private key with a key size of 2048D) SHA256 hash of the message body and message headers Right Answer and Explanation: 1. Right Answer: A,CExplanation: 2. Right Answer: AExplanation: 3. Right Answer: B,CExplanation: 4. Right Answer: B,CExplanation: 5. Right Answer: C,DExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }
More detailsPublished - Fri, 03 Mar 2023
Created by - Mary Smith
AWS ANS-C00 Certified Advanced Networking Practice Questions 2023 - Part 18
Questions 1. Your company has created an AWS(Amazon Web Service) Direct Connect connection. A virtual private gateway is attached to a VPC. Around 111 routes are being advertised on from On-premise. A private VIF Is being created to the VPGW. But the Virtual Interface Is always showing as down. What needs to be done to ensure the Interface comes back up.A) Ensure that a VPN connection Is also in place for the tunnel to become active.B) Ensure less routes are being advertised.C) Ensure that static routes are put in placeD) Ensure that the P sec configuration is correct2. Your company has many remote branch offices that need to connect with your AWS(Amazon Web Service) VPC. Which of the following can help achieve this connectivity in an easy manner?A) VPC PeeringB) AWS Direct Connect with a Public VIFC) VPN Cloud hubD) AWS Direct Connect with a Private VIF3. A company has an application that needs to be moved to an AWS(Amazon Web Service) VPC network. This application is based on multicast and needs to be moved with the least amount of effort. What can be done to fulfill this requirement?A) Consider creating an overlay network between EC2 Instances and then port the application.B) Create EC2 Instances in the subnet and then migrate the application on to the EC2 Instance.C) The application needs to be changed to support uni cast before moving it to AWS.D) Consider enabling encryption on the underlying EBS volumes which will be used to support the EC24. When creating an AWS(Amazon Web Service) workspace , which of the following is required for the creation of the workspace?A) A User directoryB) A VPC with a private and public subnetC) A NAT Instance on the customer sideD) An AWS(Amazon Web Service) Direct Connect connection5. Your company has the following setup in AWS(Amazon Web Service) a. A set of EC2 Instances hosting a web application b. An application load balancer placed in front of the EC2 Instances There seems to be a set of malicious requests coming from a set of IP addresses. Which of the following can be used to protect against these requests?A) Use Security Groups to block the IP addressesB) Use AWS(Amazon Web Service) Inspector to block the IP addressesC) Use AWS(Amazon Web Service) WAF to block the PP addressesD) Use VPC Flow Logs to block the lP addresses Right Answer and Explanation: 1. Right Answer: BExplanation: 2. Right Answer: CExplanation: 3. Right Answer: AExplanation: 4. Right Answer: AExplanation: 5. Right Answer: CExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }
More detailsPublished - Fri, 03 Mar 2023
Created by - Mary Smith
AWS Certified Cloud Practitioner Certification - Part 35
Questions 1. How can a customer increase security to AWS account logons? (Choose two.)(Select 2answers)A) A. Configure AWS Certificate Manager B) B. Enable Multi-Factor Authentication (MFA)C) C. Use Amazon Cognito to manage accessD) D. Configure a strong password policyE) E. Enable AWS Organizations2. What AWS service would be used to centrally manage AWS access across multiple accounts?A) A. AWS Service Catalog B) B. AWS ConfigC) C. AWS Trusted AdvisorD) D. AWS Organizations3. Which AWS service can a customer use to set up an alert notification when the account is approaching a particular dollar amount?A) A. AWS Cost and Usage reports B) B. AWS BudgetsC) C. AWS Cost ExplorerD) D. AWS Trusted Advisor4. What can users access from AWS Artifact?A) A. AWS security and compliance documents B) B. A download of configuration management details for all AWS resourcesC) C. Training materials for AWS servicesD) D. A security assessment of the applications deployed in the AWS Cloud5. What is the MINIMUM AWS Support plan that provides designated Technical Account Managers? A) A. EnterpriseB) B. BusinessC) C. DeveloperD) D. Basic Right Answer and Explanation: 1. Right Answer: B,CExplanation: Your root account should always be protected by Multi-Factor Authentication (MFA). This additional layer of security helps protect against unauthorized logins to your account by requiring two factors: something you know (a password) and something you have (for example, an MFA device). AWS supports virtual and hardware MFA devices and U2F security keys.Cognito can be used as an Identity Provider (IdP), where it stores and maintains users and credentials securely for your applications, or it can be integrated with OpenID Connect, SAML, and other popular web identity providers like Amazon.com. Using Amazon Cognito, you can generate temporary access credentials for your clients to access AWS services, eliminating the need to store long-term credentials in client applications.https://aws.amazon.com/blogs/security/guidelines-for-protecting-your-aws-account-while-usingprogrammatic-access/2. Right Answer: DExplanation: To improve control over your AWS environment, you can use AWS Organizations to create groups of accounts, and then attach policies to a group to ensure the correct policies are applied across the accounts without requiring custom scripts and manual processes.https://aws.amazon.com/organizations/3. Right Answer: BExplanation: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/ monitor_estimated_charges_with_cloudwatch.html4. Right Answer: AExplanation: You can use AWS Artifact Reports to download AWS security and compliance documents, such as AWS ISO certifications, Payment Card Industry (PCI), and System and Organization Control (SOC) reports.https://aws.amazon.com/artifact/faq/5. Right Answer: AExplanation: https://aws.amazon.com/premiumsupport/plans/ .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }
More detailsPublished - Fri, 03 Mar 2023
Created by - Mary Smith
AWS Certified Security - Specialty - Part 38
Questions 1. A new application will be deployed on EC2 instances in private subnets. The application will transfer sensitive data to and from an S3 bucket. Compliance requirements state that the data must not traverse the public internet.Which solution meets the compliance requirement?A) Access the S3 bucket through the SSL protected S3 endpoint (Incorrect)B) Access the S3 bucket through a VPC endpoint for S3C) Access the S3 bucket through a proxy serverD) Access the S3 bucket through a NAT gateway.2. You need to ensure that objects in an S3 bucket are available in another region. This is because of the criticality of the data that is hosted in the S3 bucket. How can you achieve this in the easiest way possible?A) Enable cross region replication for the bucketB) Write a script to copy the objects to another bucket in the destination regionC) Create an S3 snapshot in the destination regionD) Enable versioning which will copy the objects to the destination region (Incorrect)3. A company has external vendors that must deliver files to the company. These vendors have cross-account that gives them permission to upload objects to one of the company's S3 buckets.What combination of steps must the vendor follow to successfully deliver a file to the company? Select 2 answers from the options given below(Select 2answers)A) Add a bucket policy to the bucket that grants the bucket owner full permissions to the object (Incorrect)B) Add a grant to the object's ACL giving full permissions to bucket owner.C) Attach an IAM role to the bucket that grants the bucket owner full permissions to the objectD) Upload the file to the company's S3 bucket as an objectE) Encrypt the object with a KMS key controlled by the company.4. A company had developed an incident response plan 18 months ago. Regular implementations of the response plan are carried out. No changes have been made to the response plan have been made since its creation. Which of the following is a right statement with regards to the plan?A) The response plan is complete in its entirety (Incorrect)B) The response plan does not cater to new servicesC) It places too much emphasis on already implemented security controls.D) The response plan is not implemented on a regular basis5. An application running on EC2 instances must use a username and password to access a database. The developer has stored those secrets in the SSM Parameter Store with type Secure String using the default KMS CMK. Which combination of configuration steps will allow the application to access the secrets via the API? Select 2 answers from the options below Please select:(Select 2answers)A) Add the SSM service role as a trusted service to the EC2 instance role.B) Add the EC2 instance role as a trusted service to the SSM service role.C) Add permission to use the KMS key to decrypt to the EC2 instance roleD) Add permission to use the KMS key to decrypt to the SSM service role.E) Add permission to read the SSM parameter to the EC2 instance role Right Answer and Explanation: 1. Right Answer: BExplanation: The AWS(Amazon Web Service) Documentation mentions the following A VPC endpoint enables you to privately connect your VPC to supported AWS(Amazon Web Service) services and VPC endpoint services powered by PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS(Amazon Web Service) Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other service does not leave the Amazon network. Option A is invalid because using a proxy server is not sufficient enough Option B and D are invalid because you need secure communication which should not traverse the internet For more information on VPC endpoints please see the below link https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-endpoints.html2. Right Answer: AExplanation: Option B is partially correct but a big maintenance over head to create and maintain a script when the functionality is already available in S3 Option C is invalid because snapshots are not available in S3 Option D is invalid because versioning will not replicate objects The AWS(Amazon Web Service) Documentation mentions the following Cross-region replication is a bucket-level configuration that enables automatic, asynchronous copying of objects across buckets in different AWS(Amazon Web Service) Regions. For more information on Cross region replication in the Simple Storage Service, please visit the below URL https://docs.aws.amazon.com/AmazonS3/latest/dev/crr.html3. Right Answer: B,DExplanation: This scenario is given in the AWS(Amazon Web Service) Documentation Option A and D are invalid because bucket ACL's are used to give grants to bucket owners. Option C is not required since encryption is not part of the requirement For more information on this scenario please see the below link https://docs.aws.amazon.com/AmazonS3/latest/dev/example-walkthroughs-managing-access-example3.html4. Right Answer: BExplanation: So definitely the case here is that the incident response plan is not catering to newly created services. AWS(Amazon Web Service) keeps on changing and adding new services and hence the response plan must cater to these new services. Option A and B are invalid because we don't know this for a fact. Option D is invalid because we know that the response plan is not complete , because it does not cater to new features of AWS For more information on incident response plan please visit the following url https://aws.amazon.com/blogs/publicsector/building-a-cloud-specific-incident-response-plan/5. Right Answer: C,EExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }
More detailsPublished - Fri, 03 Mar 2023
Created by - Mary Smith
CISA—Certified Information Systems Auditor - Part 118
Questions 1. Which of the following cryptography demands less computational power and offers more security per bit?A) Quantum cryptographyB) Elliptic Curve Cryptography (ECC)C) Symmetric Key CryptographyD) Asymmetric Key Cryptography2. Which of the following is a form of Hybrid Cryptography where the sender encrypts the bulk of the data using Symmetric Key cryptography and then communicates securely a copy of the session key to the receiver?A) Digital EnvelopeB) Digital SignatureC) Symmetric key encryptionD) Asymmetric3. How does the digital envelop work? What are the correct steps to follow?A) You encrypt the data using a session key and then encrypt session key using private key of a senderB) You encrypt the data using the session key and then you encrypt the session key using sender's public keyC) You encrypt the data using the session key and then you encrypt the session key using the receiver's public keyD) You encrypt the data using the session key and then you encrypt the session key using the receiver's private key4. Which of the following is NOT a true statement about public key infrastructure (PKI)?A) The Registration authority role is to validate and issue digital certificates to end usersB) The Certificate authority role is to issue digital certificates to end usersC) The Registration authority (RA) acts as a verifier for Certificate Authority (CA)D) Root certificate authority's certificate is always self-signed5. Which of the following functionality is NOT supported by SSL protocol?A) ConfidentialityB) IntegrityC) AuthenticationD) Availability Right Answer and Explanation: 1. Right Answer: BExplanation: ECC demands less computational power and, therefore offers more security per bit. For example, an ECC with a 160-bit key offer the same security as an RSA based system with a 1024-bit key.ECC is a variant and more efficient form of a public key cryptography (how tom manage more security out of minimum resources) gaining prominence is the ECC.ECC works well on a network computer requires strong cryptography but have some limitation such as bandwidth and processing power. This is even more important with devices such as smart cards, wireless phones and other mobile devices.The following were incorrect answers:Quantum Cryptography - Quantum cryptography is based on a practical application of the characteristics of the smallest 'grain' of light, photons and on physical laws governing their generation, propagation and detection. Quantum cryptography is the next generation of cryptography that may solve some of the existing problem associated with current cryptographic systems, specifically the random generation and secure distribution of symmetric cryptographic keys. Initial commercial usage has already started now that the laboratory research phase has been completed.Symmetric Encryption - Symmetric encryption is the oldest and best-known technique. A secret key, which can be a number, a word, or just a string of random letters, is applied to the text of a message to change the content in a particular way. This might be as simple as shifting each letter by a number of places in the alphabet. As long as both sender and recipient know the secret key, they can encrypt and decrypt all messages that use this key.Asymmetric Encryption - The problem with secret keys is exchanging them over the Internet or a large network while preventing them from falling into the wrong hands. Anyone who knows the secret key can decrypt the message. One answer is asymmetric encryption, in which there are two related keys--a key pair. A public key is made freely available to anyone who might want to send you a message. A second, private key is kept secret, so that only you know it. Any message(text, binary files, or documents) that are encrypted by using the public key can only be decrypted by applying the same algorithm, but by using the matching private key. Any message that is encrypted by using the private key can only be decrypted by using the matching public key. This means that you do not have to worry about passing public keys over the Internet (the keys are supposed to be public). A problem with asymmetric encryption, however, is that it is slower than symmetric encryption. It requires far more processing power to both encrypt and decrypt the content of the message.The following reference(s) were/was used to create this question:CISA review manual 2014 Page number 349 and 350http://support.microsoft.com/kb/2460712. Right Answer: AExplanation: A Digital Envelope is used to send encrypted information using symmetric keys, and the relevant session key along with it. It is a secure method to send electronic document without compromising the data integrity, authentication and non-repudiation, which were obtained with the use of symmetric keys.A Digital envelope mechanism works as follows:The symmetric key, which is used to encrypt the bulk of the date or message can be referred to as session key. It is simply a symmetric key picked randomly in the key space.In order for the receiver to have the ability to decrypt the message, the session key must be sent to the receiver.This session key cannot be sent in clear text to the receiver, it must be protected while in transit, else anyone who have access to the network could have access to the key and confidentiality can easily be compromised.Therefore, it is critical to encrypt and protect the session key before sending it to the receiver. The session key is encrypted using receiver's public key. Thus providing confidentiality of the key.The encrypted message and the encrypted session key are bundled together and then sent to the receiver who, in turn opens the session key with the receiver matching private key.The session key is then applied to the message to get it in plain text.The process of encrypting bulk data using symmetric key cryptography and encrypting the session key with a public key algorithm is referred as a digital envelope.Sometimes people refer to it as Hybrid Cryptography as well.The following were incorrect answers:Digital-signature '' A digital signature is an electronic identification of a person or entity created by using public key algorithm and intended to verify to recipient the integrity of the data and the identity of the sender. Applying a digital signature consist of two simple steps, first you create a message digest, then you encrypt the message digest with the sender's private key. Encrypting the message digest with the private key is the act of signing the message.Symmetric Key Encryption - Symmetric encryption is the oldest and best-known technique. A secret key, which can be a number, a word, or just a string of random letters, is applied to the text of a message to change the content in a particular way. This might be as simple as shifting each letter by a number of places in the alphabet. As long as both sender and recipient know the secret key, they can encrypt and decrypt all messages that use this key.Asymmetric Key Encryption - The term 'asymmetric' stems from the use of different keys to perform these opposite functions, each the inverse of the other '' as contrasted with conventional ('symmetric') cryptography which relies on the same key to perform both. Public-key algorithms are based on mathematical problems which currently admit no efficient solution that are inherent in certain integer factorization, discrete logarithm, and elliptic curve relationships. It is computationally easy for a user to generate their own public and private key-pair and to use them for encryption and decryption. The strength lies in the fact that it is 'impossible' (computationally unfeasible) for a properly generated private key to be determined from its corresponding public key. Thus the public key may be published without compromising security, whereas the private key must not be revealed to anyone not authorized to read messages or perform digital signatures.Public key algorithms, unlike symmetric key algorithms, do not require a secure initial exchange of one (or more) secret keys between the parties.The following reference(s) were/was used to create this question:CISA review manual 2014 Page number 350 and 351http://en.wikipedia.org/wiki/Public-key_cryptography3. Right Answer: CExplanation: The process of encrypting bulk data using symmetric key cryptography and then encrypting the session key using public key algorithm is referred as a digital envelope.A Digital Envelope is used to send encrypted information using symmetric crypto cipher and then key session along with it. It is secure method to send electronic document without compromising the data integrity, authentication and non-repudiation, which were obtained with the use of symmetric keys.A Digital envelope mechanism works as follows:The symmetric key used to encrypt the message can be referred to as session key. The bulk of the message would take advantage of the high speed provided bySymmetric Cipher.The session key must then be communicated to the receiver in a secure way to allow the receiver to decrypt the message.If the session key is sent to receiver in the plain text, it could be captured in clear text over the network and anyone could access the session key which would lead to confidentiality being compromised.Therefore it is critical to encrypt the session key with the receiver public key before sending it to the receiver. The receiver's will use their matching private key to decrypt the session key which then allow them to decrypt the message using the session key.The encrypted message and the encrypted session key are sent to the receiver who, in turn decrypts the session key with the receiver's private key. The session key is then applied to the message cipher text to get the plain text.The following were incorrect answers:You encrypt the data using a session key and then encrypt session key using private key of a sender - If the session key is encrypted using sender's private key, it can be decrypted only using sender's public key. The sender's public key is known to everyone so anyone can decrypt session key and message.You encrypt the data using the session key and then you encrypt the session key using sender's public key - If the session key is encrypted by using sender's public key then only sender can decrypt the session key using his/her own private key and receiver will not be able to decrypt the same.You encrypt the data using the session key and then you encrypt the session key using the receiver's private key - Sender should not have access to receiver's private key. This is not a valid option.The following reference(s) were/was used to create this question:CISA review manual 2014 Page number 350 and 3514. Right Answer: AExplanation: The word NOT is the keyword used in the question. We need to find out the invalid statement from the options.A PKI (public key infrastructure) enables users of a basically unsecure public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority. The public key infrastructure provides for a digital certificate that can identify an individual or an organization and directory services that can store and, when necessary, revoke the certificates. Although the components of a PKI are generally understood, a number of different vendor approaches and services are emerging. Meanwhile, an Internet standard for PKI is being worked on.The public key infrastructure assumes the use of public key cryptography, which is the most common method on the Internet for authenticating a message sender or encrypting a message. Traditional cryptography has usually involved the creation and sharing of a secret key for the encryption and decryption of messages.This secret or private key system has the significant flaw that if the key is discovered or intercepted by someone else, messages can easily be decrypted. For this reason, public key cryptography and the public key infrastructure is the preferred approach on the Internet. (The private key system is sometimes known as symmetric cryptography and the public key system as asymmetric cryptography.)A public key infrastructure consists of:A certificate authority (CA) that issues and verifies digital certificate. A certificate includes the public key or information about the public keyA registration authority (RA) that acts as the verifier for the certificate authority before a digital certificate is issued to a requesterA Subscriber is the end user who wish to get digital certificate from certificate authority.The following were incorrect answers:The Certificate authority role is to issue digital certificates to end users - This is a valid statement as the job of a certificate authority is to issue a digital certificate to end user.The Registration authority (RA) acts as a verifier for Certificate Authority (CA) - This is a valid statement as registration authority acts as a verifier for certificate authorityRoot certificate authority's certificate is always self-signed - This is a valid statement as the root certificate authority's certificate is always self-signed.The following reference(s) were/was used to create this question: http://searchsecurity.techtarget.com/definition/PKI5. Right Answer: DExplanation: The NOT is a keyword used in this question. You need to find out the functionality which is NOT provided by SSL protocol. The SSL protocol provides:Confidentiality -Integrity -Authentication, e.g. between client and serverNon-repudiation -For CISA exam you should know the information below about Secure Socket Layer (SSL) and Transport Layer Security (TLS)These are cryptographic protocols which provide secure communication on Internet. There are only slight difference between SSL 3.0 and TLS 1.0. For general concept both are called SSL.SSL is session-connection layer protocol widely used on Internet for communication between browser and web servers, where any amount of data is securely transmitted while a session is established. SSL provides end point authentication and communication privacy over the Internet using cryptography. In typical use, only the server is authenticated while client remains unauthenticated. Mutual authentication requires PKI development to clients. The protocol allows application to communicate in a way designed to prevent eavesdropping, tampering and message forging.SSL involves a number of basic phasesPeer negotiation for algorithm supportPublic-key, encryption based key exchange and certificate based authenticationSymmetric cipher based traffic encryption.SSL runs on a layer beneath application protocol such as HTTP, SMTP and Network News Transport Protocol (NNTP) and above the TCP transport protocol, which forms part of TCP/IP suite.SSL uses a hybrid hashed, private and public key cryptographic processes to secure transmission over the INTERNET through a PKI.The SSL handshake protocol is based on the application layer but provides for the security of the communication session too. It negotiates the security parameter for each communication section. Multiple session can belong to one SSL session and the participating in one session can take part in multiple simultaneous sessions.The following were incorrect answers:Confidentiality - It is supported by the SSL ProtocolIntegrity -It is supported by the SSL ProtocolAuthentication - It is supported by the SSL protocolThe following reference(s) were/was used to create this question:CISA review manual 2014 Page number 352 .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }
More detailsPublished - Fri, 03 Mar 2023
Created by - Mary Smith
CISA—Certified Information Systems Auditor - Part 374
Questions 1. Which of the following would be the BEST way to address segregation of duties issues in an organization with budget constraints?A) Perform an independent audit.B) Rotate job duties periodically.C) Implement compensating controls.D) Hire temporary staff.2. In a large organization, IT deadlines on important projects have been missed because IT resources are not prioritized properly. Which of the following is the BEST recommendation to address this problem?A) Implement project portfolio management.B) Implement an integrated resource management system.C) Implement a comprehensive project scorecard.D) Revisit the IT strategic plan.3. Which of the following would be MOST useful when analyzing computer performance?A) Report of off-peak utilization and response timeB) Tuning of system software to optimize resource usageC) Operations report of user dissatisfaction with response timeD) Statistical metrics measuring capacity utilization4. When migrating critical systems to a cloud provider, the GREATEST data security concern for an organization would be that data from different clients may be:A) subject to different SLAs for disaster recovery.B) subject to varying government compliance regulations.C) improperly separated from each other.D) requested during a legal discovery process.5. As part of a post-implementation review, the BEST way to assess the realization of outcomes is by:A) obtaining feedback from the user community.B) performing a comprehensive risk analysis.C) evaluating the actual performance of the system.D) comparing the business case benefits to the archived benefits. Right Answer and Explanation: 1. Right Answer: CExplanation: 2. Right Answer: AExplanation: 3. Right Answer: BExplanation: 4. Right Answer: CExplanation: 5. Right Answer: AExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }
More detailsPublished - Fri, 03 Mar 2023
Search
Popular categories
Latest blogs
CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Write a public review