CISA/CISM认证学习讨论区

sdlwfangzl

最初由 lixian49 发布
26. The purpose of a follow-up review after an audit is to:

A. Ensure corrective action is achieving desired results
B. Ensure that an auditor gets performance evaluation after each audit
C. Determine if inaccuracies exist in the auditor's assessment
D. Perform compliance testing of selected controls

which one is correct , and Why?

A

pwc102752

最初由 sdlwfangzl 发布
[B]最初由 lixian49 发布
26. The purpose of a follow-up review after an audit is to:

A. Ensure corrective action is achieving desired results
B. Ensure that an auditor gets performance evaluation after each audit
C. Determine if inaccuracies exist in the auditor's assessment
D. Perform compliance testing of selected controls

which one is correct , and Why?

A [/B]

没有W HY的.其他三个是在前面阶段就要决定的.corrective action是个key word

rosinashi

An IS auditor should be concerned when a telecommunication analyst:
A. monitors systems performance and tracks problems resulting from program changes.
B. reviews network load requirements in terms of current and future transaction volumes.
C. assesses the impact of the network load on terminal response times and network data transfer rates.
D. recommends network balancing procedures and improvement

answer is B, but why?

johnsee731

要向大家学习

tdoflying

cyberforensic investigator啥意思呢？

tdoflying

DHCP对于非授权访问的风险的增大和减小有关系么？
题目说可以减小．我咋觉得没关系呢

sonyorsjtu

请教各位老师一道题目
In a public key infrastructure(PKI), which of the following may be relied upon to prove that an online transaction was authorized by a specific customer?
A Nonrepudiation
B Encryption
C Authentication
D Integrity
答案是 A
C为什么不可以呢

yb_yang

最初由 sonyorsjtu 发布
[B]请教各位老师一道题目
In a public key infrastructure(PKI), which of the following may be relied upon to prove that an online transaction was authorized by a specific customer?
A Nonrepudiation
B Encryption
C Authentication
D Integrity
答案是 A
C为什么不可以呢 [/B]

nonrepudiation更确切。authentication是交易过程中的动作，比方说网上银行，Client和Server双方都有对对方的authentication。authentication的重点在于验证对方的合法身份，重点不是秋后算账，题目中说到prove，所以选nonrepudiation.

tdoflying

To ensure message integrity, confidentiality and nonrepudiation between two parties, the MOST effective method would be to create a message digest by applying a cryptographic hashing algorithm against:

    A. the entire message, enciphering the message digest using the sender's private key, enciphering the message with a symmetric key and enciphering the key by using the receiver's public key.
    B. any part of the message, enciphering the message digest using the sender's private key, enciphering the message with a symmetric key and enciphering the key using the receiver's public key.
    C. the entire message, enciphering the message digest using the sender's private key, enciphering the message with a symmetric key and enciphering the symetric key using the receiver's public key.
    D. the entire message, enciphering the message digest using the sender's private key and enciphering the message using the receiver's public key.

    The correct answer is:
    A

这个AC有啥区别呢

pwc102752

最初由 tdoflying 发布
[B]cyberforensic investigator啥意思呢？ [/B]

司法调查