
[2023年最新] 高合格率な最新CISSPテストノートとCISSP高合格率な試験ガイドを試そう
CISSP実際の問題アンサーPDFには100%カバーリアル試験問題
ISC CISSP(Certified Information Systems Security Professional)認定試験は、情報セキュリティ専門家のためのグローバルに認められた認定です。この認定は、リスク管理、セキュリティ分析、セキュリティアーキテクチャなどセキュリティ分野における専門家のスキルと知識を検証することを目的としています。この認定は、国際情報システムセキュリティ認定コンソーシアム(ISC)によって提供され、サイバーセキュリティ分野で最も権威ある認定の1つと考えられています。
質問 # 830
Which of the following can be best defined as computing techniques for inseparably embedding unobtrusive marks or labels as bits in digital data and for detecting or extracting the marks later?
- A. Digital signature
- B. Digital watermarking
- C. Steganography
- D. Digital enveloping
正解:B
解説:
RFC 2828 (Internet Security Glossary) defines digital watermarking as computing techniques for inseparably embedding unobtrusive marks or labels as bits in digital data-text, graphics, images, video, or audio#and for detecting or extracting the marks later. The set of embedded bits (the digital watermark) is sometimes hidden, usually imperceptible, and always intended to be unobtrusive. It is used as a measure to protect intellectual property rights. Steganography involves hiding the very existence of a message. A digital signature is a value computed with a cryptographic algorithm and appended to a data object in such a way that any recipient of the data can use the signature to verify the data's origin and integrity. A digital envelope is a combination of encrypted data and its encryption key in an encrypted form that has been prepared for use of the recipient. Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
質問 # 831
Why would a memory dump be admissible as evidence in court?
- A. Because it is used to demonstrate the truth of the contents.
- B. Because it is used to identify the state of the system.
- C. Because of the exclusionary rule.
- D. Because the state of the memory cannot be used as evidence.
正解:B
解説:
Explanation/Reference:
Explanation:
A memory dump identifies the state of the system.
Computer-generated evidence that is in the form of routine operational business data or reports and binary disk or memory dumps now constitute exceptions to the rule that computer-generated evidence is hearsay, and is therefore admissible in court.
Incorrect Answers:
A: A memory dump does not identify the truth, it is identification of the state of the system.
C: The state of the memory, the system state, can be admissible as evidence in court.
D: The exclusionary rule refers to evidence that is inadmissible. The exclusionary rule is a legal principle in the United States, under constitutional law, which holds that evidence collected or analyzed in violation of the defendant's constitutional rights is sometimes inadmissible for a criminal prosecution in a court of law.
References:
Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 504
質問 # 832
Which of the following backup methods makes a complete backup of every file on the server every time it is run?
- A. The differential backup method.
- B. The full backup method.
- C. The incremental backup method.
- D. The tape backup method.
正解:B
解説:
Explanation/Reference:
Explanation:
The Full Backup Method makes a complete backup of every file on the server every time it is run. The method is primarily run when time and tape space permits, and is used for system archive or baselined tape sets.
Incorrect Answers:
B: The incremental backup method backs up only the files that have changed since the previous full or incremental backup. This backup method does not back up all files every time it is run.
C: The differential backup method backs up only the files that have changed since the previous full backup.
This backup method does not back up all files every time it is run.
D: The tape backup method is not a method that determines what files are backed up; it just specifies that the files are backed up to tape.
References:
Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams, 2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 148
質問 # 833
In Synchronous dynamic password tokens: A. The token generates a new password value at fixed time intervals (this password could be based on the time of day encrypted with a secret key).
B. The token generates a new non-unique password value at fixed time intervals (this password could be based on the time of day encrypted with a secret key).
C. The unique password is not entered into a system or workstation along with an owner's PIN.
D. The authentication entity in a system or workstation knows an owner's secret key and PIN, and the entity verifies that the entered password is invalid and that it was entered during the invalid time window.
正解:
解説:
B
Explanation:
Synchronous dynamic password tokens:
The token generates a new password value at fixed time intervals (this password could be the
time of day encrypted with a secret key).
The unique password is entered into a system or workstation along with an owner's PIN.
The authentication entity in a system or workstation knows an owner's secret key and PIN, and the
entity verifies that the entered password is valid and that it was entered during the valid time
window.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, 2001, John Wiley & Sons, Page 37
質問 # 834
Which choice below refers to a business asset?
- A. Events or situations that could cause a financial or operational impact to the organization
- B. Competitive advantage, credibility, or good will
- C. Protection devices or procedures in place that reduce the effects of threats
- D. Personnel compensation and retirement programs
正解:B
解説:
Assets are considered the physical and financial assets that are owned by the company. Examples of business assets that could be lost or damaged during a disaster are: Revenues lost during the incident On-going recovery costs Fines and penalties incurred by the event. Competitive advantage, credibility, or good will damaged by the incident *Answer "Events or situations that could cause a financial or operational impact to the organization" is a definition for a threat. *Answer "Protection devices or procedures in place that reduce the effects of threats" is a description of mitigating factors that reduce the effect of a threat, such as a UPS, sprinkler systems, or generators. *Answer "Personnel compensation and retirement programs" is a distracter. Source: Contingency Planning and Management, Contingency Planning 101 by Kelley Goggins, March, 1999.
質問 # 835
An organization has developed a major application that has undergone accreditation testing. After receiving the results of the evaluation, what is the final step before the application can be accredited?
- A. Approval of the System Security Plan (SSP)
- B. Adoption of standardized policies and procedures
- C. Remediation of vulnerabilities
- D. Acceptance of risk by the authorizing official
正解:D
質問 # 836
Which of the following is the BEST mitigation from phishing attacks?
- A. Security awareness training
- B. Strong file and directory permissions
- C. Network activity monitoring
- D. Corporate policy and procedures
正解:A
質問 # 837
Which of the following provides for the STRONGEST protection of data confidentiality in a Wi-Fi environment?
- A. Wi-Fi Protected Access (WPA) + Temporal Key Integrity Protocol (TKIP)
- B. Wi-Fi Protected Access 2 (WPA2) + Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)
- C. Wi-Fi Protected Access 2 (WPA2) + Advanced Encryption Standard (AES)
- D. Wired Equivalent Privacy (WEP) + Advanced Encryption Standard (AES)
正解:C
質問 # 838
A group of independent servers, which are managed as a single system, that provides higher availability, easier manageability, and greater scalability is:
- A. host cluster.
- B. guest cluster.
- C. client cluster.
- D. server cluster.
正解:D
解説:
A server cluster is a group of independent servers, which are managed as a single system, that provides higher availability, easier manageability, and greater scalability.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 67.
質問 # 839
A company is attempting to enhance the security of its user authentication processes. After evaluating several options, the company has decided to utilize Identity as a Service (IDaaS).
Which of the following factors leads the company to choose an IDaaS as their solution?
- A. In-house team lacks resources to support an on-premise solution.
- B. In-house development provides more control.
- C. Third-party solutions are known for transferring the risk to the vendor.
- D. Third-party solutions are inherently more secure.
正解:A
質問 # 840
Which of the following components are considered part of the Trusted Computing Base?
- A. trusted hardware and firmware
- B. trusted computer operators and system managers
- C. trusted hardware, software and firmware
- D. trusted hardware and software
正解:C
解説:
The trusted computing base (TCB) is a collection of all the hardware, software, and firmware components within a system that provide some type of security and enforce the system's security policy. The TCB does not address only operating system components, because a computer system is not made up of only an operating system. Hardware, software components, and firmware components can affect the system in a negative or positive manner, and each has a responsibility to support and enforce the security policy of that particular system. Some components and mechanisms have direct responsibilities in supporting the security policy, such as firmware that will not let a user boot a computer from a USB drive, or the memory manager that will not let processes overwrite other processes' data. Then there are components that do not enforce the security policy but must behave properly and not violate the trust of a system. Examples of the ways in which a component could violate the system's security policy include an application that is allowed to make a direct call to a piece of hardware instead of using the proper system calls through the operating system, a process that is allowed to read data outside of its approved memory space, or a piece of software that does not properly release resources after use.
To assist with the evaluation of secure products, TCSEC introduced the idea of the Trusted Computing Base (TCB) into product evaluation. In essence, TCSEC starts with the principle that there are some functions that simply must be working correctly for security to be possible and consistently enforced in a computing system. For example, the ability to define subjects and objects and the ability to distinguish between them is so fundamental that no system could be secure without it. The TCB then are these fundamental controls implemented in a given system, whether that is in hardware, software, or firmware. Each of the TCSEC levels describes a different set of fundamental functions that must be in place to be certified to that level.
The link below will take you to a one page document that describes the high-level requirements that any TCB would need to meet to achieve each division or class (essentially a subdivision) of the TCSEC rating. See details at:
https://www.freepracticetests.org/documents/TCB.pdf
Reference(s) used for this question:
Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (pp. 359-360). McGraw-Hill.
Kindle Edition.
and
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition
((ISC)2 Press) (Kindle Locations 17936-17943). Auerbach Publications. Kindle Edition.
質問 # 841
What type of encryption is used to protect sensitive data in transit over a network?
- A. Keyed-Hashing for Message Authentication
- B. Authentication Headers (AH)
- C. Point-to-Point Encryption (P2PE)
- D. Payload encryption and transport encryption
正解:D
質問 # 842
The strength of RSApublic key encryption is based on the:
- A. Difficulty of multiplying two large prime numbers.
- B. Fact that only one key is used.
- C. Difficulty in finding the prime factors of very large numbers.
- D. Difficulty in finding logarithms in a finite field.
正解:C
解説:
The correct answer is "Difficulty in finding the prime factors of very large numbers".
Answer "Difficulty in finding the prime factors of very large numbers" applies to public key algorithms such as Diffie-Hellman and Elliptic Curve.
Answer "Difficulty of multiplying two large prime numbers" is incorrect because it is easy to multiply two large prime numbers.
Answer "Fact that only one key is used" refers to symmetric key encryption.
質問 # 843
Aprocessor in which a single instruction specifies more than one CONCURRENT
operation is called:
- A. Scalar processor.
- B. Very Long Instruction Word processor.
- C. Pipelined processor.
- D. Superscalar processor.
正解:B
解説:
The correct answer is Very Long Instruction Word processor.
*A pipelined processor overlaps the steps of different instructions.
*Answer a superscalar processor performs a concurrent execution of multiple instructions in the same pipeline stage.
*A scalar processor executes one instruction at a time.
質問 # 844
Risk mitigation and risk reduction controls for providing information security are classified within three main categories, which of the following are being used?
- A. detective, corrective, and physical
- B. Administrative, operational, and logical
- C. preventive, corrective, and administrative
- D. Physical, technical, and administrative
正解:D
解説:
Security is generally defined as the freedom from danger or as the condition of safety. Computer security, specifically, is the protection of data in a system against unauthorized disclosure, modification, or destruction and protection of the computer system itself against unauthorized use, modification, or denial of service. Because certain computer security controls inhibit productivity, security is typically a compromise toward which security practitioners, system users, and system operations and administrative personnel work to achieve a satisfactory balance between security and productivity.
Controls for providing information security can be physical, technical, or administrative. These three categories of controls can be further classified as either preventive or detective. Preventive controls attempt to avoid the occurrence of unwanted events, whereas detective controls attempt to identify unwanted events after they have occurred. Preventive controls inhibit the free use of computing resources and therefore can be applied only to the degree that the users are willing to accept. Effective security awareness programs can help increase users' level of tolerance for preventive controls by helping them understand how such controls enable them to trust their computing systems. Common detective controls include audit trails, intrusion detection methods, and checksums.
Three other types of controls supplement preventive and detective controls. They are usually described as deterrent, corrective, and recovery. Deterrent controls are intended to discourage individuals from intentionally violating information security policies or procedures. These usually take the form of constraints that make it difficult or undesirable to perform unauthorized activities or threats of consequences that influence a potential intruder to not violate security (e.g., threats ranging from embarrassment to severe punishment).
Corrective controls either remedy the circumstances that allowed the unauthorized activity or return conditions to what they were before the violation. Execution of corrective controls could result in changes to existing physical, technical, and administrative controls. Recovery controls restore lost computing resources or capabilities and help the organization recover monetary losses caused by a security violation.
Deterrent, corrective, and recovery controls are considered to be special cases within the major categories of physical, technical, and administrative controls; they do not clearly belong in either preventive or detective categories. For example, it could be argued that deterrence is a form of prevention because it can cause an intruder to turn away; however, deterrence also involves detecting violations, which may be what the intruder fears most. Corrective controls, on the other hand, are not preventive or detective, but they are clearly linked with technical controls when antiviral software eradicates a virus or with administrative controls when backup procedures enable restoring a damaged data base. Finally, recovery controls are neither preventive nor detective but are included in administrative controls as disaster recovery or contingency plans.
Reference(s) used for this question
Handbook of Information Security Management, Hal Tipton,
質問 # 845
What sort of attack is described by the following: An attacker has a list of broadcast addresses which it stores into an array, the attacker sends a spoofed icmp echo request to each of those addresses in series and starts again. The spoofed IP address used by the attacker as the source of the packets is the target/victim IP address.
- A. Fraggle Attack
- B. Replay Attack
- C. LAND Attack
- D. Smurf Attack
正解:D
解説:
The Smurf Attack is a denial-of-service attack in which large numbers of Internet Control Message Protocol (ICMP) packets with the intended victim's spoofed source IP are broadcast to a computer network using an IP Broadcast address.
Most devices on a network will, in their default settings, respond to this by sending a reply to the source IP address. If the number of machines on the network that receive and respond to these packets is very large, the victim's computer will be flooded with traffic. This can slow down the victim's computer to the point where it becomes impossible to work on.
The name Smurf comes from the file "smurf.c", the source code of the attack program, which was
released in 1997 by TFreak.
The author describes the attack as:
The `smurf' attack is quite simple. It has a list of broadcast addresses which it stores into an array,
and sends a spoofed icmp echo request to each of those addresses in series and starts again.
The result is a devistating attack upon the spoofed ip with, depending on the amount of broadcast
addresses used, many, many computers responding to the echo request.
Mitigation:
-Best method for mitigating this threat is to control access to the physical network infrastructure. If
the attacker can't send the attack, this attack will obviously not work.
- Currently the preferred method for controlling access to the network is by using 802.1X -
Certificate security.
-Also, modern operating systems don't usually permit a PING to a broadcast address and just
returns an error message if you try.
The following answers are incorrect:
-Fraggle Attack: Close but not quite right. A Fraggle attack uses UDP rather than the ICMP that Smurf Attack uses.
-LAND Attack: Sorry, not correct. A LAND attack is simply a series of packets sent to the target where the source and destination IP Addresses are the same as the victim.
-Replay Attack: This isn't an attack that takes advantage of a system vulnerability so it isn't the correct answer.
The following reference(s) was used to create this question: http://en.wikipedia.org/wiki/Smurf_attack and http://searchsecurity.techtarget.com/answer/What-is-a-land-attack and http://www.phreak.org/archives/exploits/denial/smurf.c
質問 # 846
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
- A. Availability versus auditability
- B. Performance versus user satisfaction
- C. Risk versus benefit
- D. Confidentiality versus integrity
正解:C
解説:
Section: Software Development Security
質問 # 847
Which of the following BEST describes the responsibilities of a data owner?
- A. Ensuring accessibility to appropriate users, maintaining appropriate levels of data security
- B. Determining the impact the information has on the mission of the organization
- C. Ensuring quality and validation through periodic audits for ongoing data integrity
- D. Maintaining fundamental data availability, including data storage and archiving
正解:B
質問 # 848
Why is lexical obfuscation in software development discouraged by many organizations?
- A. Problems writing test cases
- B. Problems maintaining data connections
- C. Problems recovering systems after disaster
- D. Problems compiling the code
正解:D
質問 # 849
......
ISC CISSP(Certified Information Systems Security Professional)試験は、情報セキュリティの分野での専門知識とスキルを検証するために設計された、世界的に認められた認定試験です。この試験は、潜在的なサイバー脅威から組織を保護するためにセキュリティプログラムの設計、実装、管理を担当する個人の能力を評価する基準として考えられています。CISSP認定は業界で高く評価され、多くの組織で世界的に認められています。
CISSP試験問題とアンサー:https://jp.fast2test.com/CISSP-premium-file.html
合格できるCISSP試験情報と無料練習テスト:https://drive.google.com/open?id=16GSr3L8gT64DNlRmunUEbgWMaaQAhnXp