Explanation/Reference: Explanation: As per FDA data should be attributable, original, accurate, contemporaneous and legible. In an automated system attributability could be achieved by a computer system designed to identify individuals responsible for any input. References: U.S. Department of Health and Human Services, Food and Drug Administration, Guidance for Industry - Computerized Systems Used in Clinical Trials, April 1999, page 1.
Question 427
Which SERVICE usually runs on port 25?
Correct Answer: C
FTP - Port 21 Telnet - Port 23 SMTP - Port 25 DNS - Port 53 The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports. The Well Known Ports are those from 0 through 1023. The Registered Ports are those from 1024 through 49151. The Dynamic and/or Private Ports are those from 49152 through 65535. Reference : http://www.iana.org/assignments/port-numbers For the purpose of the exam you DO NOT need to know all of the 65,535 ports but you must know the one that are very commonly used.
Question 428
To what does 10Base-5 refer?
Correct Answer: C
The correct answer is "10 Mbps thicknet coax cabling rated to 500 meters maximum length". Answer "10 Mbps thinnet coax cabling rated to 185 meters maximum length" refers to 10Base-2. 10 Mbps baseband optical fiber refers to 10Base-F. 100 Mbps unshielded twisted pair cabling to 100Base-T.
Question 429
Which of the following binds a subject name to a public key value?
Correct Answer: B
Remember the term Public-Key Certificate is synonymous with Digital Certificate or Identity certificate. The certificate itself provides the binding but it is the certificate authority who will go through the Certificate Practice Statements (CPS) actually validating the bindings and vouch for the identity of the owner of the key within the certificate. As explained in Wikipedia: In cryptography, a public key certificate (also known as a digital certificate or identity certificate) is an electronic document which uses a digital signature to bind together a public key with an identity - information such as the name of a person or an organization, their address, and so forth. The certificate can be used to verify that a public key belongs to an individual. In a typical public key infrastructure (PKI) scheme, the signature will be of a certificate authority (CA). In a web of trust scheme such as PGP or GPG, the signature is of either the user (a self-signed certificate) or other users ("endorsements") by getting people to sign each other keys. In either case, the signatures on a certificate are attestations by the certificate signer that the identity information and the public key belong together. RFC 2828 defines the certification authority (CA) as: An entity that issues digital certificates (especially X.509 certificates) and vouches for the binding between the data items in a certificate. An authority trusted by one or more users to create and assign certificates. Optionally, the certification authority may create the user's keys. X509 Certificate users depend on the validity of information provided by a certificate. Thus, a CA should be someone that certificate users trust, and usually holds an official position created and granted power by a government, a corporation, or some other organization. A CA is responsible for managing the life cycle of certificates and, depending on the type of certificate and the CPS that applies, may be responsible for the life cycle of key pairs associated with the certificates Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000. and http://en.wikipedia.org/wiki/Public_key_certificate
Question 430
Which of the following questions is less likely to help in assessing controls over hardware and software maintenance?
Correct Answer: B
Hardware and software maintenance access controls are used to monitor the installation of, and updates to, hardware and software to ensure that the system functions as expected and that a historical record of changes is maintained. Integrity verification programs are more integrity controls than software maintenance controls. Source: SWANSON, Marianne, NIST Special Publication 800-26, Security Self-Assessment Guide for Information Technology Systems, November 2001 (Pages A-30 to A-32).