
[2023年03月07日]SSCP試験問題集PDF正確率保証と更新された問題
合格させるSSCP試験にはリアルテストエンジンPDFには1074問題あります
ISC SSCP 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
| トピック 7 |
|
| トピック 8 |
|
質問 158
Related to information security, availability is the opposite of which of the following?
- A. documentation
- B. delegation
- C. distribution
- D. destruction
正解: D
解説:
Section: Security Operation Adimnistration
Explanation/Reference:
Availability is the opposite of "destruction."
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 59.
質問 159
It is difficult to prosecute a computer criminal if warning banners are not deployed?
- A. True
- B. False
正解: A
質問 160
Which of the following steps is NOT one of the eight detailed steps of a Business Impact Assessment (BIA):
- A. Identifying critical business functions.
- B. Calculating the risk for each different business function.
- C. Notifying senior management of the start of the assessment.
- D. Creating data gathering techniques.
正解: C
解説:
Source: HARRIS, S., CISSP All- In-One Exam Guide, 3rd. Edition, 2005, Chapter 9, Page 701.
There have been much discussion about the steps of the BIA and I struggled with this before deciding to scrape the question about "the four steps," and re-write the question using the AIO for a reference. This question should be easy.... if you know all eight steps.
The eight detailed and granular steps of the BIA are:
1.Select Individuals to interview for the data gathering.
2.Create data gathering techniques (surveys, questionnaires, qualitative and quantitative approaches).
3.Identify the company's critical business functions.
4.Identify the resources that these functions depend upon.
5.Calculate how long these functions can survive without these resources.
6.Identify vulnerabilities and the threats to these functions.
7.Calculate risk for each of the different business functions.
8.Document findings and report them to management.
Shon goes on to cover each step in Chapter 9.
質問 161
Which of the following rules pertaining to a Business Continuity Plan/Disaster Recovery Plan is incorrect?
- A. In its procedures and tasks, the plan should refer to functions, not specific individuals.
- B. Critical vendors should be contacted ahead of time to validate equipment can be obtained in a timely manner.
- C. In order to facilitate recovery, a single plan should cover all locations.
- D. There should be requirements to form a committee to decide a course of action. These decisions should be made ahead of time and incorporated into the plan.
正解: C
解説:
Section: Risk, Response and Recovery
Explanation/Reference:
The first documentation rule when it comes to a BCP/DRP is "one plan, one building". Much of the plan revolves around reconstructing a facility and replenishing it with production contents. If more than one facility is involved, then the reader of the plan will find it difficult to identify quantities and specifications of replacement resource items. It is possible to have multiple plans for a single building, but those plans must be linked so that the identification and ordering of resource items is centralized. All other statements are correct.
Source: BARNES, James C. & ROTHSTEIN, Philip J., A Guide to Business Continuity Planning, John Wiley & Sons, 2001 (page 162).
質問 162
What is it called when a computer uses more than one CPU in parallel to execute
instructions?
- A. Multithreading
- B. Parallel running
- C. Multitasking
- D. Multiprocessing
正解: D
解説:
A system with multiple processors is called a multiprocessing system.
Multitasking is incorrect. Multitasking involves sharing the processor amoung all ready processes. Though it appears to the user that multiple processes are executing at the same time, only one process is running at any point in time.
Multithreading is incorrect. The developer can structure a program as a collection of independent threads to achieve better concurrency. For example, one thread of a program might be performing a calculation while another is waiting for additional input from the user.
"Parallel running" is incorrect. This is not a real term and is just a distraction.
References:
CBK, pp. 315-316 AIO3, pp. 234 - 239
質問 163
Which of the following would best describe a Concealment cipher?
- A. Every X number of words within a text, is a part of the real message.
- B. Replaces bits, characters, or blocks of characters with different bits, characters or blocks.
- C. Hiding data in another message so that the very existence of the data is concealed.
- D. Permutation is used, meaning that letters are scrambled.
正解: A
解説:
When a concealment cipher is used, every X number of words within a text,
is a part of the real message. The message is within another message.
A concealment cipher is a message within a message. If my other super-secret spy buddy
and I decide our key value is every third word, then when I get a message from him, I will
pick out every third word and write it down. Suppose he sends me a message that reads,
"The saying, 'The time is right' is not cow language, so is now a dead subject." Because my
key is every third word, I come up with "The right cow is dead." This again means nothing
to me, and I am now turning in my decoder ring.
Concealment ciphers include the plaintext within the ciphertext. It is up to the recipient to
know which letters or symbols to exclude from the ciphertext in order to yield the plaintext.
Here is an example of a concealment cipher:
i2l32i5321k34e1245ch456oc12ol234at567e
Remove all the numbers, and you'll have i like chocolate. How about this one?
Larry even appears very excited. No one worries.
The first letter from each word reveals the message leave now. Both are easy, indeed, but
many people have crafted more ingenious ways of concealing the messages. By the way,
this type of cipher doesn't even need ciphertext, such as that in the above examples.
Consider the invisible drying ink that kids use to send secret messages. In a more extreme
example, a man named Histiaeus, during 5th century B.C., shaved the head of a trusted
slave, then tattooed the message onto his bald head. When the slave's hair grew back,
Histiaeus sent the slave to the message's intended recipient, Aristagoros, who shaved the
slave's head and read the message instructing him to revolt.
The following answers are incorrect:
A transposition cipher uses permutations.
A substitution cipher replaces bits, characters, or blocks of characters with different bits,
characters or blocks.
Steganography refers to hiding the very existence of the message.
Source: WALLHOFF, John, CBK#5 Cryptography (CISSP Study Guide), April 2002 (page
1).
and also see:
http://www.go4expert.com/forums/showthread.php?t=415
質問 164
Who is responsible for initiating corrective measures and capabilities used when there are security violations?
- A. Data owners
- B. Information systems auditor
- C. Management
- D. Security administrator
正解: C
解説:
Management is responsible for protecting all assets that are directly or
indirectly under their control.
They must ensure that employees understand their obligations to protect the company's
assets, and implement security in accordance with the company policy. Finally,
management is responsible for initiating corrective actions when there are security
violations.
Source: HARE, Chris, Security management Practices CISSP Open Study Guide, version
1.0, april 1999.
質問 165
What is also known as 10Base5?
- A. UTP
- B. ARCnet
- C. Thinnet
- D. Thicknet
正解: D
解説:
Explanation/Reference:
Thicknet is a coaxial cable with segments of up to 500 meters, also known as 10Base5. Thinnet is a coaxial cable with segments of up to 185 meters. Unshielded twisted pair (UTP) has three variations: 10 Mbps (10BaseT), 100 Mbps (100BaseT) or 1 Gbps (1000BaseT). ARCnet is a LAN media access method.
Source: KRUTZ, Ronald L & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page
108).
質問 166
Which of the following are suitable protocols for securing VPN connections at the lower layers of the OSI model?
- A. PKCS#10 and X.509
- B. S/MIME and SSH
- C. TLS and SSL
- D. IPsec and L2TP
正解: D
解説:
Section: Network and Telecommunications
Explanation/Reference: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, 2001, McGraw-Hill/Osborne, page
467; SMITH, Richard E., Internet Cryptography, 1997, Addison-Wesley Pub Co.
質問 167
Which of the following best defines add-on security?
- A. Physical security complementing logical security measures.
- B. Protection mechanisms implemented after an information system has become operational.
- C. Protection mechanisms implemented as an integral part of an information system.
- D. Layer security.
正解: B
解説:
Explanation/Reference:
The Internet Security Glossary (RFC2828) defines add-on security as "The retrofitting of protection mechanisms, implemented by hardware or software, after the [automatic data processing] system has become operational."
Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
質問 168
What mechanism does a system use to compare the security labels of a subject and an object?
- A. Clearance Check.
- B. Security Module.
- C. Validation Module.
- D. Reference Monitor.
正解: D
解説:
Because the Reference Monitor is responsible for access control to the
objects by the subjects it compares the security labels of a subject and an object.
According to the OIG: The reference monitor is an access control concept referring to an
abstract machine that mediates all accesses to objects by subjects based on information in
an access control database. The reference monitor must mediate all access, be protected
from modification, be verifiable as correct, and must always be invoked. The reference
monitor, in accordance with the security policy, controls the checks that are made in the
access control database.
The following are incorrect:
Validation Module. A Validation Module is typically found in application source code and is
used to validate data being inputted.
Clearance Check. Is a distractor, there is no such thing other than what someone would do
when checking if someone is authorized to access a secure facility.
Security Module. Is typically a general purpose module that prerforms a variety of security
related functions.
References:
OIG CBK, Security Architecture and Design (page 324)
AIO, 4th Edition, Security Architecture and Design, pp 328-328.
Wikipedia - http://en.wikipedia.org/wiki/Reference_monitor
質問 169
Why is traffic across a packet switched network difficult to monitor?
- A. The network factor is too high
- B. Government regulations forbids monitoring
- C. Packets can take multiple paths when transmitted
- D. Packets are link encrypted by the carrier
正解: C
解説:
Explanation/Reference:
With a packet switched network, packets are difficult to monitor because they can be transmitted using different paths.
A packet-switched network is a digital communications network that groups all transmitted data, irrespective of content, type, or structure into suitably sized blocks, called packets. The network over which packets are transmitted is a shared network which routes each packet independently from all others and allocates transmission resources as needed.
The principal goals of packet switching are to optimize utilization of available link capacity, minimize response times and increase the robustness of communication. When traversing network adapters, switches and other network nodes, packets are buffered and queued, resulting in variable delay and throughput, depending on the traffic load in the network.
Most modern Wide Area Network (WAN) protocols, including TCP/IP, X.25, and Frame Relay, are based on packet-switching technologies. In contrast, normal telephone service is based on a circuit-switching technology, in which a dedicated line is allocated for transmission between two parties. Circuit-switching is ideal when data must be transmitted quickly and must arrive in the same order in which it's sent. This is the case with most real-time data, such as live audio and video. Packet switching is more efficient and robust for data that can withstand some delays in transmission, such as e-mail messages and Web pages.
All of the other answer are wrong
Reference(s) used for this question:
TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
and
https://en.wikipedia.org/wiki/Packet-switched_network
and
http://www.webopedia.com/TERM/P/packet_switching.html
質問 170
The major objective of system configuration management is which of the following?
- A. system maintenance.
- B. system stability.
- C. system tracking.
- D. system operations.
正解: B
解説:
Explanation/Reference:
A major objective with Configuration Management is stability. The changes to the system are controlled so that they don't lead to weaknesses or faults in th system.
The following answers are incorrect:
system maintenance. Is incorrect because it is not the best answer. Configuration Management does control the changes to the system but it is not as important as the overall stability of the system.
system operations. Is incorrect because it is not the best answer, the overall stability of the system is much more important.
system tracking. Is incorrect because while tracking changes is important, it is not the best answer. The overall stability of the system is much more important.
質問 171
Which of the following access control models introduces user security clearance and data classification?
- A. Discretionary access control
- B. Mandatory access control
- C. Role-based access control
- D. Non-discretionary access control
正解: B
解説:
The mandatory access control model is based on a security label system. Users are given a security clearance and data is classified. The classification is stored in the security labels of the resources. Classification labels specify the level of trust a user must have to access a certain file.
Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, Chapter 4: Access Control (Page 154).
質問 172
Which of the following is NOT a technical control?
- A. Password and resource management
- B. Monitoring for physical intrusion
- C. Identification and authentication methods
- D. Intrusion Detection Systems
正解: B
解説:
It is considered to be a 'Physical Control'
There are three broad categories of access control: administrative, technical, and physical. Each category has different access control mechanisms that can be carried out manually or automatically. All of these access control mechanisms should work in concert with each other to protect an infrastructure and its data.
Each category of access control has several components that fall within it, a partial list is shown here. Not all controls fall into a single category, many of the controls will be in two or more categories. Below you have an example with backups where it is in all three categories:
Administrative Controls Policy and procedures
-A backup policy would be in place
Personnel controls Supervisory structure Security-awareness training Testing Physical Controls Network segregation Perimeter security Computer controls Work area separation
Data backups (actual storage of the media, i:e Offsite Storage Facility)
Cabling Technical Controls System access Network architecture Network access Encryption and protocols Control zone Auditing Backup (Actual software doing the backups)
The following answers are incorrect :
Password and resource management is considered to be a logical or technical control.
Identification and authentication methods is considered to be a logical or technical control.
Intrusion Detection Systems is considered to be a logical or technical control.
Reference : Shon Harris , AIO v3 , Chapter - 4 : Access Control , Page : 180 - 185
質問 173
Which of the following technologies has been developed to support TCP/IP networking over low-speed serial interfaces?
- A. T1
- B. ISDN
- C. xDSL
- D. SLIP
正解: D
解説:
Section: Network and Telecommunications
Explanation/Reference:
Serial Line IP (SLIP) was developed in 1984 to support TCP/IP networking over low-speed serial interfaces.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page
114).
質問 174
Attributes that characterize an attack are stored for reference using which of the following Intrusion Detection System (IDS) ?
- A. inferent-based IDS
- B. statistical anomaly-based IDS
- C. event-based IDS
- D. signature-based IDS
正解: D
解説:
Explanation/Reference:
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 49.
質問 175
Which of the following access control models requires security clearance for subjects?
- A. Discretionary access control
- B. Mandatory access control
- C. Role-based access control
- D. Identity-based access control
正解: B
解説:
Section: Access Control
Explanation/Reference:
With mandatory access control (MAC), the authorization of a subject's access to an object is dependant upon labels, which indicate the subject's clearance. Identity-based access control is a type of discretionary access control. A role-based access control is a type of non-discretionary access control.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control systems (page 33).
質問 176
Which of the following would MOST likely ensure that a system development project meets business objectives?
- A. User involvement in system specification and acceptance
- B. Strict deadlines and budgets
- C. Development and tests are run by different individuals
- D. Development of a project plan identifying all development activities
正解: A
解説:
Explanation/Reference:
Effective user involvement is the most critical factor in ensuring that the application meets business objectives.
A great way of getting early input from the user community is by using Prototyping. The prototyping method was formally introduced in the early 1980s to combat the perceived weaknesses of the waterfall model with regard to the speed of development. The objective is to build a simplified version (prototype) of the application, release it for review, and use the feedback from the users' review to build a second, better version.
This is repeated until the users are satisfied with the product. t is a four-step process:
initial concept,
design and implement initial prototype,
refine prototype until acceptable, and
complete and release final version.
There is also the Modified Prototype Model (MPM. This is a form of prototyping that is ideal for Web application development. It allows for the basic functionality of a desired system or component to be formally deployed in a quick time frame. The maintenance phase is set to begin after the deployment. The goal is to have the process be flexible enough so the application is not based on the state of the organization at any given time. As the organization grows and the environment changes, the application evolves with it, rather than being frozen in time.
Reference(s) used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 12101-12108 and 12099-12101). Auerbach Publications. Kindle Edition.
and
Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, chapter 6: Business Application System Development, Acquisition, Implementation and Maintenance (page 296).
質問 177
Which of the following questions is less likely to help in assessing physical and environmental protection?
- A. Are there processes to ensure that unauthorized individuals cannot read, copy, alter, or steal printed or electronic information?
- B. Are entry codes changed periodically?
- C. Is physical access to data transmission lines controlled?
- D. Are appropriate fire suppression and prevention devices installed and working?
正解: A
解説:
Section: Access Control
Explanation/Reference:
Physical security and environmental security are part of operational controls, and are measures taken to protect systems, buildings, and related supporting infrastructures against threats associated with their physical environment. All the questions above are useful in assessing physical and environmental protection except for the one regarding processes that ensuring that unauthorized individuals cannot access information, which is more a production control.
Source: SWANSON, Marianne, NIST Special Publication 800-26, Security Self-Assessment Guide for Information Technology Systems, November 2001 (Pages A-21 to A-24).
質問 178
When referring to a computer crime investigation, which of the following would be the MOST important step required in order to preserve and maintain a proper chain of custody of evidence:
- A. Verifiable documentation indicating the who, what, when, where, and how the evidence was handled should be available.
- B. Log files containing information regarding an intrusion are retained for at least as long as normal business records, and longer in the case of an ongoing investigation.
- C. Evidence has to be collected in accordance with all laws and all legal regulations.
- D. Law enforcement officials should be contacted for advice on how and when to collect critical information.
正解: A
解説:
Section: Risk, Response and Recovery
Explanation/Reference:
Two concepts that are at the heart of dealing effectively with digital/electronic evidence, or any evidence for that matter, are the chain of custody and authenticity/integrity.
The chain of custody refers to the who, what, when, where, and how the evidence was handled-from its identification through its entire life cycle, which ends with destruction or permanent archiving.
Any break in this chain can cast doubt on the integrity of the evidence and on the professionalism of those directly involved in either the investigation or the collection and handling of the evidence. The chain of custody requires following a formal process that is well documented and forms part of a standard operating procedure that is used in all cases, no exceptions.
The following are incorrect answers:
Evidence has to be collected in accordance with all laws and legal regulations. Evidence would have to be collected in accordance with applicable laws and regulations but not necessarily with ALL laws and regulations.
Only laws and regulations that applies would be followed.
Law enforcement officials should be contacted for advice on how and when to collect critical information. It seems you failed to do your homework, once you have an incident it is a bit late to do this. Proper crime investigation as well as incident response is all about being prepared ahead of time. Obviously, you are improvising if you need to call law enforcement to find out what to do. It is a great way of contaminating your evidence by mistake if you don't have a well documented processs with clear procedures that needs to be followed.
Log files containing information regarding an intrusion are retained for at least as long as normal business records, and longer in the case of an ongoing investigation. Specific legal requirements exists for log retention and they are not the same as normal business records. Laws such as Basel, HIPPAA, SOX, and others has specific requirements.
Reference(s) used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 23465-23470). Auerbach Publications. Kindle Edition.
and
ALLEN, Julia H., The CERT Guide to System and Network Security Practices, Addison-Wesley, 2001, Chapter
7: Responding to Intrusions (pages 282-285).
質問 179
......
最新をゲットせよ!SSCP認定練習テスト問題試験問題集:https://jp.fast2test.com/SSCP-premium-file.html