
[2023年11月27日] Cybersecurity-Audit-Certificate PDF問題集にはあなたに不可欠なCybersecurity-Audit-Certificate試験解答を合格に繋ぐ!
Cybersecurity-Audit-CertificatePDF解答で完璧な予見Cybersecurity-Audit-Certificate練習試験問題
質問 # 30
Which of the following devices is at GREATEST risk from activity monitoring and data retrieval?
- A. Printing devices
- B. Mobile devices
- C. Cloud storage devices
- D. Desktop workstation
正解:B
解説:
Explanation
The device that is at GREATEST risk from activity monitoring and data retrieval is mobile devices. This is because mobile devices are devices that are portable, wireless, and connected to the Internet or other networks, such as smartphones, tablets, laptops, etc. Mobile devices are at greatest risk from activity monitoring and data retrieval, because they can be easily lost, stolen, or compromised by attackers who can access or extract the data stored or transmitted on the devices. Mobile devices can also be subject to activity monitoring and data retrieval by third-party applications or services that may collect or share the user's personal or sensitive information without their consent or knowledge. The other options are not devices that are at greatest risk from activity monitoring and data retrieval, but rather different types of devices that may have different levels of risk or protection from activity monitoring and data retrieval, such as cloud storage devices (B), desktop workstations C, or printing devices (D).
質問 # 31
Which process converts extracted information to a format understood by investigators?
- A. imaging
- B. Ingestion
- C. Reporting
- D. Filtering
正解:C
解説:
Explanation
The process that converts extracted information to a format understood by investigators is reporting. This is because reporting is a technique that involves presenting and communicating the results and findings of an investigation in a clear, concise, and accurate manner, using appropriate formats, such as tables, charts, graphs, etc. Reporting helps to convey the meaning and significance of the extracted information to the investigators, as well as other stakeholders, such as management, auditors, regulators, etc. The other options are not processes that convert extracted information to a format understood by investigators, but rather different techniques that are related to information extraction or analysis, such as ingestion (B), imaging C, or filtering (D).
質問 # 32
Which intrusion detection system component is responsible for collecting data in the form of network packets, log files, or system call traces?
- A. Analyzers
- B. Administration modules
- C. Sensors
- D. Packet filters
正解:C
解説:
Explanation
The intrusion detection system component that is responsible for collecting data in the form of network packets, log files, or system call traces is sensors. This is because sensors are components of an intrusion detection system that are deployed on various locations or points of the network or system, such as routers, switches, servers, etc., and that capture and collect data from the network traffic or system activities. Sensors then forward the collected data to another component of the intrusion detection system, such as analyzers, for further processing and analysis. The other options are not components of an intrusion detection system that are responsible for collecting data in the form of network packets, log files, or system call traces, but rather different components or techniques that are related to intrusion detection or prevention, such as packet filters (A), analyzers (B), or administration modules C.
質問 # 33
Which of the following is MOST critical to guiding and managing security activities throughout an organization to ensure objectives are met?
- A. Establishing metrics to measure and monitor security performance
- B. Adopting industry security standards and frameworks
- C. Allocating a significant amount of budget to security investments
- D. Conducting annual security awareness training for all employees
正解:A
解説:
Explanation
The MOST critical thing to guiding and managing security activities throughout an organization to ensure objectives are met is establishing metrics to measure and monitor security performance. This is because metrics provide quantifiable and objective data that can be used to evaluate the effectiveness and efficiency of security activities, as well as identify gaps and areas for improvement. Metrics also enable communication and reporting of security performance to stakeholders, such as senior management, board members, auditors, regulators, customers, etc. The other options are not as critical as establishing metrics, because they either involve spending money without knowing the return on investment (A), adopting standards without customizing them to fit the organization's context and needs (B), or conducting training without assessing its impact on behavior change (D).
質問 # 34
Which of the following is an example of an application security control?
- A. User security awareness training
- B. Intrusion detection
- C. Secure coding
- D. Security operations center
正解:C
解説:
Explanation
An example of an application security control is secure coding. Secure coding is the practice of developing software applications that follow security principles and standards to prevent or mitigate common vulnerabilities and risks. Secure coding involves applying techniques such as input validation, output encoding, error handling, encryption, and testing.
質問 # 35
Which of the following is a more efficient form of public key cryptography as it demands less computational power and offers more security per bit?
- A. Diffie-Hellman Key Agreement
- B. Secret Key Cryptography
- C. Digital Signature Standard
- D. Elliptic Curve Cryptography
正解:D
解説:
Explanation
Elliptic curve cryptography (ECC) is a more efficient form of public key cryptography as it demands less computational power and offers more security per bit. ECC is based on the mathematical properties of elliptic curves, which are curves that have a special shape that makes them suitable for cryptography. ECC can achieve the same level of security as other public key algorithms with much smaller key sizes, which reduces storage and bandwidth requirements.
質問 # 36
The protection of information from unauthorized access or disclosure is known as:
- A. confidentiality.
- B. cryptograph
- C. access control.
- D. media protect on.
正解:A
解説:
Explanation
The protection of information from unauthorized access or disclosure is known as confidentiality. This is because confidentiality is one of the three main objectives of information security, along with integrity and availability. Confidentiality ensures that information is accessible and readable only by those who are authorized and intended to do so, and prevents unauthorized or accidental exposure of information to unauthorized parties. The other options are not the protection of information from unauthorized access or disclosure, but rather different concepts or techniques that are related to information security, such as access control (A), cryptography (B), or media protection C.
質問 # 37
Which of the following is a client-server program that opens a secure, encrypted command-line shell session from the Internet for remote logon?
- A. SFTP
- B. SSH
- C. IPsec
- D. VPN
正解:B
解説:
Explanation
The correct answer is C. SSH.
SSH stands for Secure Shell, a client-server program that opens a secure, encrypted command-line shell session from the Internet for remote logon. SSH allows users to remotely access and execute commands on a server without exposing their credentials or data to eavesdropping, tampering or replay attacks. SSH also supports secure file transfer protocols such as SFTP and SCP1.
VPN stands for Virtual Private Network, a technology that creates a secure, encrypted tunnel between two or more devices over a public network such as the Internet. VPN allows users to access resources on a remote network as if they were physically connected to it, while protecting their privacy and identity2.
IPsec stands for Internet Protocol Security, a set of protocols that provides security at the network layer of the Internet. IPsec supports two modes: transport mode and tunnel mode. Transport mode encrypts only the payload of each packet, while tunnel mode encrypts the entire packet, including the header. IPsec can be used to secure VPN connections, as well as other applications that require data confidentiality, integrity and authentication3.
SFTP stands for Secure File Transfer Protocol, a protocol that uses SSH to securely transfer files between a client and a server over a network. SFTP provides encryption, authentication and compression features to ensure the security and reliability of file transfers.
1: SSH (Secure Shell) 2: What is a VPN? How It Works, Types of VPN | Kaspersky 3: IPsec - Wikipedia :
[SFTP - Wikipedia]
質問 # 38
Which of the following is the MOST cost-effective technique for implementing network security for human resources (HR) desktops and internal laptop users in an organization?
- A. Software defined perimeter
- B. Layer 3 virtual private network
- C. Virtual local area network
- D. Fortified demilitarized zone
正解:C
解説:
Explanation
The MOST cost-effective technique for implementing network security for human resources (HR) desktops and internal laptop users in an organization is using a virtual local area network (VLAN). A VLAN is a logical grouping of network devices that share the same broadcast domain regardless of their physical location or connection. A VLAN can enhance network security by isolating different types of traffic or users from each other and applying different security policies or rules based on the VLAN membership. For example, an organization can create a VLAN for HR desktops and internal laptop users that restricts their access to only HR-related systems or resources. A VLAN can also reduce network costs by saving bandwidth, improving performance, and simplifying management.
質問 # 39
Which of the following is a feature of a stateful inspection firewall?
- A. It prevents any attack initiated and originated by an insider.
- B. It tracks the destination IP address of each packet that leaves the organization's internal network.
- C. It translates the MAC address to the destination IP address of each packet that enters the organization's internal network.
- D. It is capable of detecting and blocking sophisticated attacks
正解:D
解説:
Explanation
A feature of a stateful inspection firewall is that it is capable of detecting and blocking sophisticated attacks. A stateful inspection firewall is a type of firewall that monitors and analyzes the state and context of network traffic. It keeps track of the source, destination, protocol, port, and session information of each packet and compares it with a set of predefined rules. A stateful inspection firewall can detect and block attacks that exploit the logic or behavior of network protocols or applications, such as fragmentation attacks, session hijacking, or application-layer attacks.
質問 # 40
Availability can be protected through the use of:
- A. logging, digital signatures, and write protection.
- B. access controls. We permissions, and encryption.
- C. user awareness training and related end-user training.
- D. redundancy, backups, and business continuity management
正解:D
解説:
Explanation
Availability can be protected through the use of redundancy, backups, and business continuity management.
This is because these measures help to ensure that systems, data, and services are accessible and functional at all times, even in the event of a disruption or disaster. The other options are not directly related to protecting availability, but rather focus on enhancing confidentiality (A), integrity C, or awareness (D).
質問 # 41
Which of the following is the BEST indication of mature third-party vendor risk management for an organization?
- A. The third party's security program Mows the organization s security program.
- B. The organization's security program follows the thud party's security program.
- C. The organization maintains vendor security assessment checklists.
- D. The third party maintains annual assessments of control effectiveness.
正解:C
解説:
Explanation
The BEST indication of mature third-party vendor risk management for an organization is that the organization maintains vendor security assessment checklists. This is because vendor security assessment checklists help the organization to evaluate and monitor the security posture and performance of their third-party vendors, based on predefined criteria and standards. Vendor security assessment checklists also help the organization to identify and mitigate any gaps or issues in the vendor's security controls or processes.
The other options are not as indicative of mature third-party vendor risk management for an organization, because they either involve following or mimicking the security program of either party without considering their own needs or risks (A, D), or relying on the vendor's self-assessment without independent verification or validation C.
質問 # 42
Which of the following is MOST important to ensure the successful implementation of continuous auditing?
- A. Budget for additional technical resources
- B. Surplus processing capacity
- C. Top management support
- D. Budget for additional storage hardware
正解:C
解説:
Explanation
The MOST important factor to ensure the successful implementation of continuous auditing is top management support. This is because top management support helps to provide the vision, direction, and resources for implementing continuous auditing within the organization. Top management support also helps to overcome any resistance or challenges that may arise from implementing continuous auditing, such as cultural change, stakeholder buy-in, process reengineering, etc. Top management support also helps to ensure that the results and findings of continuous auditing are communicated and acted upon by the relevant decision-makers and stakeholders. The other options are not factors that are more important than top management support for ensuring the successful implementation of continuous auditing, but rather different aspects or benefits of continuous auditing, such as storage hardware (A), technical resources (B), or processing capacity (D).
質問 # 43
Which of the following is the GREATEST drawback when using the AICPA/CICA Trust Sen/ices to evaluate a cloud service provider?
- A. Lack of specificity m the principles
- B. Omission of confidentiality in the criteria
- C. Inability to issue SOC 2 or SOC 3 reports
- D. Incompatibility with cloud service business model
正解:A
解説:
Explanation
The GREATEST drawback when using the AICPA/CICA Trust Services to evaluate a cloud service provider is the lack of specificity in the principles. This is because the AICPA/CICA Trust Services are a set of principles and criteria that provide guidance for evaluating and reporting on controls over information systems and services. However, the principles and criteria are very broad and generic, and do not address the specific risks and challenges that are associated with cloud services, such as data sovereignty, multi-tenancy, portability, etc. The other options are not drawbacks when using the AICPA/CICA Trust Services to evaluate a cloud service provider, but rather different aspects or benefits of using the AICPA/CICA Trust Services to evaluate a cloud service provider, such as compatibility (A), confidentiality C, or reporting (D).
質問 # 44
Which of the following backup procedure would only copy files that have changed since the last backup was made?
- A. Differential backup
- B. Full backup
- C. Daily backup
- D. Incremental backup
正解:D
解説:
Explanation
The backup procedure that would only copy files that have changed since the last backup was made is an incremental backup. This is because an incremental backup is a type of backup that only copies the files that have been created or modified since the previous backup, whether it was a full or an incremental backup. An incremental backup helps to reduce the backup time and storage space, as well as the recovery time, as only the changed files need to be restored. The other options are not backup procedures that would only copy files that have changed since the last backup was made, but rather different types of backup procedures that copy files based on different criteria, such as daily backup (B), differential backup C, or full backup (D).
質問 # 45
What is the FIRST activity associated with a successful cyber attack?
- A. Creating attack tools
- B. Exploitation
- C. Reconnaissance
- D. Maintaining a presence
正解:C
解説:
Explanation
The FIRST activity associated with a successful cyber attack is reconnaissance. This is because reconnaissance is a phase of the cyber attack lifecycle that involves gathering information about the target organization or system, such as its network topology, IP addresses, open ports, services, vulnerabilities, etc. Reconnaissance helps to identify potential entry points and weaknesses that can be exploited by the attackers in later phases of the attack. The other options are not the first activity associated with a successful cyber attack, but rather follow after reconnaissance in the cyber attack lifecycle, such as exploitation (A), maintaining a presence C, or creating attack tools (D).
質問 # 46
The risk of an evil twin attack on mobile devices is PRIMARILY due to:
- A. tokens stored as plain text in many mobile device applications.
- B. weak authentication protocols in wireless networks.
- C. generic names that mobile devices will accept without verification.
- D. use of data transmission that is not always encrypted.
正解:C
解説:
Explanation
The risk of an evil twin attack on mobile devices is PRIMARILY due to the use of generic names that mobile devices will accept without verification. An evil twin attack is a type of wireless network attack where an attacker sets up a rogue access point that mimics a legitimate one. The attacker can then lure unsuspecting users to connect to the rogue access point and intercept their data or launch further attacks. Mobile devices are vulnerable to evil twin attacks because they often use generic names for their wireless networks, such as "Free WiFi" or "Public Hotspot". These names can be easily spoofed by an attacker and accepted by mobile devices without verifying the identity or security of the access point.
質問 # 47
An information security procedure indicates a requirement to sandbox emails. What does this requirement mean?
- A. Provide a backup of emails in the event of a disaster
- B. isolate the emails and test for malicious content
- C. Guarantee rapid email delivery through firewalls.
- D. Ensure the emails are encrypted and provide nonrepudiation.
正解:B
解説:
Explanation
An information security procedure that indicates a requirement to sandbox emails means that the emails need to be isolated and tested for malicious content. This is because sandboxing is a technique that creates a virtual or isolated environment, where suspicious or untrusted emails can be executed or analyzed without affecting the rest of the system or network. Sandboxing helps to detect and prevent malware, phishing, or spam attacks that may be embedded in emails, and protect the users and the organization from potential harm. The other options are not what sandboxing emails means, but rather different concepts or techniques that are related to information security, such as encryption and nonrepudiation (A), backup and recovery (B), or firewall and delivery (D).
質問 # 48
Which of the following is a feature of an intrusion detection system (IDS)?
- A. Automated response
- B. Intrusion prevention
- C. Interface with firewalls
- D. Back doors into applications
正解:A
解説:
Explanation
A feature of an intrusion detection system (IDS) is automated response. This is because an IDS is a system that monitors network or system activities for malicious or anomalous behavior, and alerts or reports on any detected incidents. An IDS can also perform automated response actions, such as blocking traffic, terminating sessions, or sending notifications, to contain or mitigate the incidents. The other options are not features of an IDS, but rather different concepts or techniques that are related to intrusion detection or prevention, such as intrusion prevention (A), interface with firewalls C, or back doors into applications (D).
質問 # 49
The second line of defense in cybersecurity includes:
- A. conducting organization-wide control self-assessments.
- B. separate reporting to the audit committee within the organization.
- C. performing attack and breach penetration testing.
- D. risk management monitoring, and measurement of controls.
正解:D
解説:
Explanation
The second line of defense in cybersecurity includes risk management monitoring, and measurement of controls. This is because the second line of defense is responsible for ensuring that the first line of defense (the operational managers and staff who own and manage risks) is effectively designed and operating as intended.
The second line of defense also provides guidance, oversight, and challenge to the first line of defense. The other options are not part of the second line of defense, but rather belong to the first line of defense (A), the third line of defense C, or an external service provider (D).
質問 # 50
......
Cybersecurity-Audit-Certificateリアル試験問題と正確なISACA Cybersecurity Audit Certificate ExamPDF解答:https://jp.fast2test.com/Cybersecurity-Audit-Certificate-premium-file.html