Unit 4 - Module 9

Question 1

Caesar cipher

Answer 1

Earliest encryption method; Julius Caesar is said to have used it to send coded messages to his generals in the field.

Question 2

key

Answer 2

Mathematical value that the sender selects for the purpose of encrypting or decoding data.

Question 3

algorithm

Answer 3

Procedure of shifting each letter in the cleartext message by the number of positions that the key value indicates.

Question 4

Advanced encryption standard (AES)

Answer 4

Also known as Rijndael, a private key (or symmetric key) encryption technique.

Question 5

private key

Answer 5

Both the sender and the receiver use the same encryption key.

Question 6

symmetric key

Answer 6

Single key used in an encryption algorithm to both code and decode a message.

Question 7

public key encryption

Answer 7

Technique that uses two encryption keys: one for encoding the message, the other for decoding it.

Question 8

Public Key Encryption

Answer 8

Question 9

Rivest-Shamir-Adleman (RSA)

Answer 9

One of the most trusted public key encryption methods. This method, however, is computationally intensive and much slower than private key encryption.

Question 10

digital envelope

Answer 10

.

Question 11

digital signature

Answer 11

Electronic authentication technique that ensures the transmitted message originated with the authorized sender and that it was not tampered with after the signature was applied.

Question 12

digital certificate

Answer 12

Sender’s public key that has been digitally signed by trusted third parties.

Question 13

certification authorities (CAs)

Answer 13

A trusted third party that issues a digital certificate.

Question 14

Public key infrastructure (PKI)

Answer 14

Constitutes the policies and procedures for administering this activity.

Question 15

firewall

Answer 15

Software and hardware that provide a focal point for security by channeling all network connections through a control gateway.

Question 16

network-level firewall

Answer 16

System that provides basic screening of low-security messages (e.g., e-mail) and routes them to their destinations based on the source and destination addresses attached.

Question 17

application-level firewall

Answer 17

Provide high-level network security.

Question 18

To qualify for the TRUSTe seal, an organization must:

Answer 18

• Agree to follow TRUSTe privacy policies and disclosure standards.
• Post a privacy statement on the website disclosing the type of information being collected, the purpose for collecting information, and with whom it is shared.
• Promptly respond to customer complaints.
• Agree to site compliance reviews by TRUSTe or an independent third party.

Question 19

Verisign, Inc.

Answer 19

It provides assurance regarding the security of transmitted data. The organization does not verify security of stored data or address concerns related to business policies, business processes, or privacy.

Question 20

International Computer Security Association

Answer 20

ICSA certification addresses data security and privacy concerns.

Question 21

AICPA/CICA WebTrust

Answer 21

To display the AICPA/CICA WebTrust seal, the organization undergoes an examination according to the AICPA’s Standards for Attestation Engagements, No. 1, by a specially web-certified CPA or CA. The examination focuses on the areas of business practices (policies), transaction integrity (business process), and information protection (data security). The seal must be renewed every 90 days.

Question 22

Safe Harbor Agreement

Answer 22

Two-way agreement between the United States and the European Union establishing standards for information transmittal.

Question 23

intelligent control agents

Answer 23

Computer programs that embody auditor-defined heuristics that search electronic transactions for anomalies.

Question 24

value-added network (VAN)

Answer 24

Hosted service offering that acts as an intermediary between business partners sharing standards-based or proprietary data via shared business processes.

Question 25

Verisign is - a for-profit organization that provides assurance regarding the security of transmitted data. - a nonprofit organization dedicated to improving consumer privacy practices among Internet businesses and websites. - an organization that established the Web Trust program. - a way to verify the security of stored data.

Answer 25

a for-profit organization that provides assurance regarding the security of transmitted data. The correct answer is "a for-profit organization that provides assurance regarding the security of transmitted data." Verisign is a for-profit organization that provides assurance regarding the security of transmitted data. Its mission is to provide digital certificate solutions that enable trusted commerce and communications. Its products allow customers to transmit encrypted data and verify the source and destination of transmissions.

Question 26

A VAN is the same as a VPN. the same as a WAN. the same as a LAN. a network that is used for EDI.

Answer 26

a network that is used for EDI. The correct answer is "a network that is used for EDI." In an EDI environment, a client’s trading partner’s computer automatically generates electronic transactions, which are relayed across a value-added network (VAN), and the client’s computer processes the transactions without human intervention.

Question 27

Encryption is - a modern invention, exclusive to the 21st century. - the conversion of data into a secret code for storage in databases and transmission over networks. - a social engineering approach which involves manipulation and deceptive practices. - another name for malware and ransomware.

Answer 27

the conversion of data into a secret code for storage in databases and transmission over networks. The correct answer is "the conversion of data into a secret code for storage in databases and transmission over networks." Encryption is the conversion of data into a secret code for storage in databases and transmission over networks. The sender uses an encryption algorithm to convert the original message (called cleartext) into a coded equivalent (called ciphertext). At the receiving end, the ciphertext is decoded (decrypted) back into cleartext.

Question 28

A firewall is - a system used to insulate an organization’s intranet from the Internet. - turns the target victims’ computers into zombies that are unable to access the Internet. - unnecessary in today’s technological environment. - so named because its effects keep the hardware cool.

Answer 28

- a system used to insulate an organization’s intranet from the Internet. The correct answer is "a system used to insulate an organization’s intranet from the Internet." A firewall is a system used to insulate an organization’s intranet from the Internet. It can be used to authenticate an outside user of the network, verify his or her level of access authority, and then direct the user to the program, data, or service requested. In addition to insulating the organization’s network from external networks, firewalls can also be used to protect LANs from unauthorized internal access

Question 29

Seals of assurance - are evidence that a web-based business is trustworthy. - are assigned by the ISP to internet users so they can transact business over the internet. - is software used by malicious websites to sniff data from cookies stored on the user’s hard drive. - have no requirements for an internet-based business.

Answer 29

are evidence that a web-based business is trustworthy. The correct answer is "are evidence that a web-based business is trustworthy." In response to consumer demand for evidence that a web-based business is trustworthy, a number of trusted third-party organizations are offering seals of assurance that businesses can display on their website home pages. To legitimately bear the seal, the company must show that it complies with certain business practices, capabilities, and controls. This best known six seal-granting organizations are - Better Business Bureau (BBB), TRUSTe, Verisign, Inc., International Computer Security Association (ICSA), AICPA/CICA WebTrust, and AICPA/CICA SysTrust.

Question 30

A digital signature is - a tool that allows digital messages to be sent over analog telephone lines. - the computed digest of the sender’s digital certificate. - derived from the digest of a document that has been encrypted with the sender’s private key. - the encrypted mathematical value of the message sender’s name.

Answer 30

derived from the digest of a document that has been encrypted with the sender’s private key. The correct answer is "derived from the digest of a document that has been encrypted with the sender’s private key." A digital signature is derived from the digest of a document that has been encrypted with the sender’s private key. A digital signature is an electronic authentication technique that ensures the transmitted message originated with the authorized sender and that it was not tampered with after the signature was applied.

Question 31

Which of the following statements about continuous auditing is true? - Continuous auditing does not involve electronic audit trails. - Continuous auditing is usually considered less effective than traditional auditing. - Continuous auditing only pertains to access controls. - Continuous auditing enables the auditor to review transactions at frequent intervals or as they occur.

Answer 31

Continuous auditing enables the auditor to review transactions at frequent intervals or as they occur. The correct answer is "Continuous auditing enables the auditor to review transactions at frequent intervals or as they occur." Continuous auditing enables the auditor to review transactions at frequent intervals or as they occur. The growth of electronic commerce requires the auditors to rethink their traditional practices. Using intelligent electronic agents, transactions can be continuously monitored, and alarms can sound when an anomaly occurs.

Question 32

Authentication - requires accountants to develop a new skill set in the electronic environment. - is simpler in the electronic environment than the old paper-based environment. - is paper intensive process. - not subject to audit rules and processes.

Answer 32

requires accountants to develop a new skill set in the electronic environment. The correct answer is "requires accountants to develop a new skill set in the electronic environment." Authentication requires accountants to develop a new skill set in the electronic environment. In traditional systems, the business paper on which it was written determines the authenticity of a sales order from a trading partner or customer.