PrepAway - Latest Free Exam Questions & Answers

Which of the following would an IS auditor consider a weakness when performing an audit of an organizationR

Which of the following would an IS auditor consider a weakness when performing an audit of an
organization that uses a public key infrastructure with digital certificates for its business-toconsumer transactions via the internet?

PrepAway - Latest Free Exam Questions & Answers

A.
Customers are widely dispersed geographically, but the certificate authorities are not.

B.
Customers can make their transactions from any computer or mobile device.

C.
The certificate authority has several data processing subcenters to administer certificates.

D.
The organization is the owner of the certificate authority.

Explanation:

If the certificate authority belongs to the same organization, this would generate a conflict of
interest. That is, if a customer wanted to repudiate a transaction, they could allege that because of
the shared interests, an unlawful agreement exists between the parties generating the certificates,
if a customer wanted to repudiate a transaction, they could argue that there exists a bribery
between the parties to generate the certificates, as shared interests exist. The other options are
not weaknesses.


Leave a Reply