
[2024年更新]合格できるSSCP日本語試験にはリアルな問題解答
SSCP日本語試験問題ゲット最新[2024]と正解回答
質問 # 230
Bell-LaPadula セキュリティ モデルの主な焦点は何ですか?
- A. 可用性
- B. 守秘義務
- C. 整合性
- D. 説明責任
正解:B
解説:
The Bell-LaPadula model is a formal model dealing with confidentiality.
The Bell-LaPadula Model (abbreviated BLP) is a state machine model used for enforcing access control in government and military applications. It was developed by David Elliott Bell and Leonard J. LaPadula, subsequent to strong guidance from Roger R. Schell to formalize the U.S.
Department of Defense (DoD) multilevel security (MLS) policy. The model is a formal state transition model of computer security policy that describes a set of access control rules which use security labels on objects and clearances for subjects. Security labels range from the most sensitive (e.g."Top Secret"), down to the least sensitive (e.g., "Unclassified" or "Public").
The Bell-LaPadula model focuses on data confidentiality and controlled access to classified information, in contrast to the Biba Integrity Model which describes rules for the protection of data integrity. In this formal model, the entities in an information system are divided into subjects and objects.
The notion of a "secure state" is defined, and it is proven that each state transition preserves security by moving from secure state to secure state, thereby inductively proving that the system satisfies the security objectives of the model. The Bell-LaPadula model is built on the concept of a state machine with a set of allowable states in a computer network system. The transition from one state to another state is defined by transition functions.
A system state is defined to be "secure" if the only permitted access modes of subjects to objects are in accordance with a security policy. To determine whether a specific access mode is allowed, the clearance of a subject is compared to the classification of the object (more precisely, to the combination of classification and set of compartments, making up the security level) to determine if the subject is authorized for the specific access mode.
The clearance/classification scheme is expressed in terms of a lattice. The model defines two mandatory access control (MAC) rules and one discretionary access control (DAC) rule with three security properties:
The Simple Security Property - a subject at a given security level may not read an object at a higher security level (no read-up).
The -property (read "star"-property) - a subject at a given security level must not write to any object at a lower security level (no write-down). The -property is also known as the Confinement property.
The Discretionary Security Property - use of an access matrix to specify the discretionary access control.
The following are incorrect answers:
Accountability is incorrect. Accountability requires that actions be traceable to the user that performed them and is not addressed by the Bell-LaPadula model.
Integrity is incorrect. Integrity is addressed in the Biba model rather than Bell-Lapadula.
Availability is incorrect. Availability is concerned with assuring that data/services are available to authorized users as specified in service level objectives and is not addressed by the Bell- Lapadula model.
質問 # 231
____________ は設計が不十分で、多数のセキュリティ上の欠陥があるファイル システムです。
- A. NFS
- B. RPC
- C. TCP
- D. NTS
- E. 上記のどれでもない
正解:A
質問 # 232
財産保険に実際の現金評価 (ACV) 条項がある場合、損害を受けた財産は以下に基づいて補償されます。
- A. 紛失の 1 か月前のアイテムの値
- B. 紛失時の商品の価格
- C. 紛失日の商品の価格に 10% を加えた金額
- D. 紛失の状態に関わらず新品と交換
正解:C
解説:
A momentary power outage is a fault.
Power Excess
Spike --> Too much voltage for a short period of time.
Surge --> Too much voltage for a long period of time.
Power Loss
Fault --> A momentary power outage.
Blackout --> A long power interruption.
Power Degradation
Sag or Dip --> A momentary low voltage.
Brownout --> A prolonged power supply that is below normal voltage.
質問 # 233
光ファイバーは ISO/OSI のどの層で機能しますか?
- A. データリンク層
- B. 物理層
- C. ネットワーク層
- D. トランスポート層
正解:C
解説:
The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates information from domain names with each of the assigned entities. Most prominently, it translates easily memorized domain names to the numerical IP addresses needed for locating computer services and devices worldwide. The Domain Name System is an essential component of the functionality of the Internet. This article presents a functional description of the Domain Name System.
For your exam you should know below information general Internet terminology:
Network access point - Internet service providers access internet using net access point.A Network Access Point (NAP) was a public network exchange facility where Internet service providers (ISPs) connected with one another in peering arrangements. The NAPs were a key component in the transition from the 1990s NSFNET era (when many networks were government sponsored and commercial traffic was prohibited) to the commercial Internet providers of today.
They were often points of considerable Internet congestion.
Internet Service Provider (ISP) - An Internet service provider (ISP) is an organization that provides services for accessing, using, or participating in the Internet. Internet service providers may be organized in various forms, such as commercial, community-owned, non-profit, or otherwise privately owned. Internet services typically provided by ISPs include Internet access, Internet transit, domain name registration, web hosting, co-location.
Telnet or Remote Terminal Control Protocol -A terminal emulation program for TCP/IP networks such as the Internet. The Telnet program runs on your computer and connects your PC to a server on the network. You can then enter commands through the Telnet program and they will be executed as if you were entering them directly on the server console. This enables you to control the server and communicate with other servers on the network. To start a Telnet session, you must log in to a server by entering a valid username and password. Telnet is a common way to remotely control Web servers.
Internet Link- Internet link is a connection between Internet users and the Internet service provider.
Secure Shell or Secure Socket Shell (SSH) - Secure Shell (SSH), sometimes known as Secure Socket Shell, is a UNIX-based command interface and protocol for securely getting access to a remote computer. It is widely used by network administrators to control Web and other kinds of servers remotely. SSH is actually a suite of three utilities - slogin, ssh, and scp - that are secure versions of the earlier UNIX utilities, rlogin, rsh, and rcp. SSH commands are encrypted and secure in several ways. Both ends of the client/server connection are authenticated using a digital certificate, and passwords are protected by being encrypted.
Domain Name System (DNS) - The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates information from domain names with each of the assigned entities. Most prominently, it translates easily memorized domain names to the numerical IP addresses needed for locating computer services and devices worldwide. The Domain Name System is an essential component of the functionality of the Internet. This article presents a functional description of the Domain Name System.
File Transfer Protocol (FTP) - The File Transfer Protocol or FTP is a client/server application that is used to move files from one system to another. The client connects to the FTP server, authenticates and is given access that the server is configured to permit. FTP servers can also be configured to allow anonymous access by logging in with an email address but no password.
Once connected, the client may move around between directories with commands available Simple Mail Transport Protocol (SMTP) - SMTP (Simple Mail Transfer Protocol) is a TCP/IP protocol used in sending and receiving e-mail. However, since it is limited in its ability to queue messages at the receiving end, it is usually used with one of two other protocols, POP3 or IMAP, that let the user save messages in a server mailbox and download them periodically from the server. In other words, users typically use a program that uses SMTP for sending e-mail and either POP3 or IMAP for receiving e-mail. On Unix-based systems, send mail is the most widely- used SMTP server for e-mail. A commercial package, Send mail, includes a POP3 server.
Microsoft Exchange includes an SMTP server and can also be set up to include POP3 support.
The following answers are incorrect:
SMTP - Simple Mail Transport Protocol (SMTP) - SMTP (Simple Mail Transfer Protocol) is a TCP/IP protocol used in sending and receiving e-mail. However, since it is limited in its ability to queue messages at the receiving end, it is usually used with one of two other protocols, POP3 or IMAP, that let the user save messages in a server mailbox and download them periodically from the server. In other words, users typically use a program that uses SMTP for sending e-mail and either POP3 or IMAP for receiving e-mail. On Unix-based systems, send mail is the most widely- used SMTP server for e-mail. A commercial package, Send mail, includes a POP3 server.
Microsoft Exchange includes an SMTP server and can also be set up to include POP3 support.
FTP - The File Transfer Protocol or FTP is a client/server application that is used to move files from one system to another. The client connects to the FTP server, authenticates and is given access that the server is configured to permit. FTP servers can also be configured to allow anonymous access by logging in with an email address but no password. Once connected, the client may move around between directories with commands available SSH - Secure Shell (SSH), sometimes known as Secure Socket Shell, is a UNIX-based command interface and protocol for securely getting access to a remote computer. It is widely used by network administrators to control Web and other kinds of servers remotely. SSH is actually a suite of three utilities - slogin, ssh, and scp - that are secure versions of the earlier UNIX utilities, rlogin, rsh, and rcp. SSH commands are encrypted and secure in several ways.
Both ends of the client/server connection are authenticated using a digital certificate, and passwords are protected by being encrypted.
質問 # 234
次のうち、IANA によって割り当てられた WELL KNOWN PORTS はどれですか?
- A. ポート 0 ~ 1023
- B. ポート 0 ~ 127
- C. ポート 0 ~ 255
- D. ポート 0 ~ 1024
正解:D
解説:
Knowlege of modem numbers is a poor access control method as an attacker can discover modem numbers by dialing all numbers in a range. Requiring user authentication before remote access is granted will help in avoiding unauthorized access over a modem line.
"Monitoring and auditing for such activity" is incorrect. While monitoring and auditing can assist in detecting a wardialing attack, they do not defend against a successful wardialing attack.
"Making sure that only necessary phone numbers are made public" is incorrect. Since a wardialing attack blindly calls all numbers in a range, whether certain numbers in the range are public or not is irrelevant.
"Using completely different numbers for voice and data accesses" is incorrect. Using different number ranges for voice and data access might help prevent an attacker from stumbling across the data lines while wardialing the public voice number range but this is not an adequate countermeaure.
質問 # 235
ホストへの攻撃を検出し、攻撃が成功したかどうかを判断するために、システム ログとイベント ログを確認するのは次のうちどれですか?
- A. ファイアウォール ベースの IDS
- B. ホストベースの IDS
- C. サーバーベースの IDS
- D. 要塞ベースの IDS
正解:B
解説:
A host-based IDS can review the system and event logs in order to detect an attack on the host and to determine if the attack was successful.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 48.
質問 # 236
物理的なセキュリティの意味で最後の防衛線はどれですか?
- A. 内部障壁
- B. 境界バリア
- C. 人
- D. 外部障壁
正解:C
解説:
"Ultimately, people are the last line of defense for your company's assets" (Pastore & Dulaney, 2006, p. 529).
Pastore, M. and Dulaney, E. (2006). CompTIA Security+ study guide: Exam SY0-101.
Indianapolis, IN: Sybex.
質問 # 237
SSL はどのような暗号化技術を利用していますか?
- A. 秘密鍵または対称鍵
- B. 秘密鍵
- C. ハイブリッド (対称と非対称の両方)
- D. 公開鍵
正解:B
解説:
Data Encryption Standard (DES) is a symmetric key algorithm. Originally developed by IBM, under project name Lucifer, this 128-bit algorithm was accepted by the NIST in 1974, but the key size was reduced to 56 bits, plus 8 bits for parity. It somehow became a national cryptographic standard in 1977, and an American National Standard Institute (ANSI) standard in 1978. DES was later replaced by the Advanced Encryption Standard (AES) by the NIST. All other options are asymmetric algorithms.
質問 # 238
デジタル署名に関する次の記述のうち、最も正確なものはどれですか?
- A. データの受信者がデータのソースと完全性を証明できるようにします。
- B. 機密データを暗号化するために使用される方法です。
- C. 手書きの署名を電子媒体に転写する技術です。
- D. 署名システムおよび暗号システムとして使用できます。
正解:A
解説:
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
質問 # 239
1023 より大きいポート番号で発信要求が行われると、このタイプのファイアウォールは ACL を作成して、そのポートで着信応答を通過できるようにします。
- A. パケットフィルタリング
- B. CIrcuit レベルのプロキシ
- C. 動的パケット フィルタリング
- D. アプリケーション レベルのプロキシ
正解:C
解説:
The dynamic packet filtering firewall is able to create ACL's on the fly to allow replies on dynamic ports (higher than 1023).
Packet filtering is incorrect. The packet filtering firewall usually requires that the dynamic ports be left open as a group in order to handle this situiation.
Circuit level proxy is incorrect. The circuit level proxy builds a conduit between the trusted and untrusted hosts and does not work by dynamically creating ACL's.
Application level proxy is incorrect. The application level proxy "proxies" for the trusted host in its communications with the untrusted host. It does not dynamically create ACL's to control traffic.
質問 # 240
IT システムとデータの整合性、機密性、および可用性に対処するための適切な管理が実施されていることを確認する責任を負っているのは、次のうち誰ですか?
- A. システムおよび情報の所有者
- B. 最高情報責任者
- C. IT セキュリティ担当者
- D. ビジネスおよび機能マネージャー
正解:C
解説:
An effective information security policy should be designed with a long-term focus.
All other characteristics apply.
質問 # 241
次のうち、データをデジタルからアナログ形式に変換し、デジタルに戻す通信デバイスはどれですか?
- A. コンセントレーター
- B. マルチプレクサ
- C. モデム
- D. プロトコルコンバーター
正解:C
解説:
Although it may cause a denial of service to the victim's system, this type of attack is a Smurf attack. A SYN Flood attack uses up all of a system's resources by setting up a number of bogus communication sockets on the victim's system. A Ping of Death attack is done by sending IP packets that exceed the maximum legal length (65535 octets).
質問 # 242
クライアント ワークステーションがサーバー ホスト上のメールボックスに動的にアクセスして、サーバーが受信し、クライアントのために保持しているメール メッセージを操作および取得できるインターネット プロトコルとして定義できるものは、次のうちどれですか?
- A. PEM
- B. IMAP4
- C. SMTP
- D. MIME
正解:A
解説:
In many organizations, the HTTP proxy is used as a means to implement content filtering, for instance, by logging or blocking traffic that has been defined as, or is assumed to be nonbusiness related for some reason.
Although filtering on a proxy server or firewall as part of a layered defense can be quite effective to prevent, for instance, virus infections (though it should never be the only protection against viruses), it will be only moderately effective in preventing access to unauthorized services (such as certain remote-access services or file sharing), as well as preventing the download of unwanted content. HTTP Tunneling.
HTTP tunneling is technically a misuse of the protocol on the part of the designer of such tunneling applications. It has become a popular feature with the rise of the first streaming video and audio applications and has been implemented into many applications that have a market need to bypass user policy restrictions.
Usually, HTTP tunneling is applied by encapsulating outgoing traffic from an application in an HTTP request and incoming traffic in a response. This is usually not done to circumvent security, but rather, to be compatible with existing firewall rules and allow an application to function through a firewall without the need to apply special rules, or additional configurations.
The following are incorrect choices:
Virus Detection A proxy is not best at detection malware and viruses within content. A antivirus product would be use for that purpose.
URL blocking This would be a subset of Proxying, based on the content some URL's may be blocked by the proxy but it is not doing filtering based on URL addresses only. This is not the BEST answer.
Route blocking This is a function that would be done by Intrusion Detection and Intrusion prevention system and not the proxy. This could be done by filtering devices such as Firewalls and Routers as well. Again, not the best choice.
質問 # 243
RSA アルゴリズムは、どのタイプの暗号化の例ですか?
- A. 対称キー。
- B. 秘密鍵。
- C. 非対称キー。
- D. 秘密鍵。
正解:C
解説:
DES is also known as a Symmetric Key or Secret Key algorithm. DES is a Symmetric Key algorithm, meaning the same key is used for encryption and decryption.
For the exam remember that:
DES key Sequence is 8 Bytes or 64 bits (8 x 8 = 64 bits) DES has an Effective key length of only
56 Bits. 8 of the Bits are used for parity purpose only.
DES has a total key length of 64 Bits.
The following answers are incorrect:
Two-key This is incorrect because DES uses the same key for encryption and decryption.
Asymmetric Key This is incorrect because DES is a Symmetric Key algorithm using the same key for encryption and decryption and an Asymmetric Key algorithm uses both a Public Key and a Private Key.
Public Key. This is incorrect because Public Key or algorithm Asymmetric Key does not use the same key is used for encryption and decryption.
質問 # 244
SSO タイプを 3 つ挙げてください。(3つお選びください)
- A. ゴマ
- B. ケルベロス
- C. OF
- D. クリプトナイト
- E. クリッパー
正解:A、B、D
質問 # 245
ベスト エフォート型配信の概念に最も関連するのはどれですか?
- A. HTTP
- B. TCP
- C. 出欠確認
- D. IP
正解:B
解説:
The OSI/ISO Data Link layer is made up of two sub-layers; (1) the Media Access Control layer refers downward to lower layer hardware functions and (2) the Logical Link Control refers upward to higher layer software functions. Other choices are distracters.
質問 # 246
ネットワーク ケーブルには次の 3 種類があります。
- A. ツイストペア、同軸、光ファイバー。
- B. タグ付きペア、同軸、光ファイバー。
- C. ツイストペア、コントロール、光ファイバー。
- D. 信頼できるペア、同軸、光ファイバー。
正解:A
解説:
TIA/EIA-568 is a set of telecommunications standards from the Telecommunications Industry Association, an offshoot of the EIA. The standards address commercial building cabling for telecom products and services.
The standard is currently (2009) at revision C, replacing the 2001 revision B, the 1995 revision A, and the initial issue of 1991, which are now obsolete.
Perhaps the best known features of TIA/EIA-568 are the pin/pair assignments for eight-conductor
100-ohm balanced twisted pair cabling. These assignments are named T568A and T568B, and are frequently referred to (erroneously) as TIA/EIA-568A and TIA/EIA-568B. An IEC standard ISO/IEC 11801 provides similar standards for network cables.
The standard defines categories of unshielded twisted pair cable systems, with different levels of performance in signal bandwidth, attenuation, and cross-talk. Generally increasing category numbers correspond with a cable system suitable for higher rates of data transmission. Category
3 cable was suitable for telephone circuits and data rates up to 16 million bits per second.
Category 5 cable, with more restrictions on attenuation and cross talk, has a bandwidth of 100 MHz. The 1995 edition of the standard defined categories 3, 4, and 5. Categories 1 and 2 were excluded from the standard since these categories were only used for voice circuits, not for data.
Twisted pair cabling is a type of wiring in which two conductors of a single circuit are twisted together for the purposes of canceling out electromagnetic interference (EMI) from external sources; for instance, electromagnetic radiation from unshielded twisted pair (UTP) cables, and crosstalk between neighboring pairs. It was invented by Alexander Graham Bell.
SOME OF THE LIMITATION OF UTP
UTP has several drawbacks. Because it does not have shielding like shielded twisted-pair cables, UTP is susceptible to interference from external electrical sources, which could reduce the integrity of the signal. Also, to intercept transmitted data, an intruder can install a tap on the cable or monitor the radiation from the wire. Thus, UTP may not be a good choice when transmitting very sensitive data or when installed in an environment with much electromagnetic interference (EMI) or radio frequency interference (RFI). Despite its drawbacks, UTP is the most common cable type. UTP is inexpensive, can be easily bent during installation, and, in most cases, the risk from the above drawbacks is not enough to justify more expensive cables.
質問 # 247
プロセスが別のプロセスのデータにアクセスするのを妨げているのは何ですか?
- A. データの隠蔽
- B. 参照モニター
- C. プロセス分離
- D. メモリ分割
正解:C
解説:
Process isolation is where each process has its own distinct address space for its application code and data. In this way, it is possible to prevent each process from accessing another process' data. This prevents data leakage, or modification to the data while it is in memory.
Memory segmentation is a virtual memory management mechanism. The reference monitor is an abstract machine that mediates all accesses to objects by subjects. Data hiding, also known as information hiding, is a mechanism that makes information available at one processing level is not available at another level.
質問 # 248
......
練習できるSSCP日本語問題で認証試験問題集ガイド解答は練習専門Fast2test:https://jp.fast2test.com/SSCP-JPN-premium-file.html