2024年最新の実際に出ると確認されたSSCP日本語試験問題集と解答でSSCP日本語無料更新 [Q247-Q269]

Share

2024年最新の実際に出ると確認されたSSCP日本語試験問題集と解答でSSCP日本語無料更新

実際問題を使ってSSCP日本語問題集で100%無料SSCP日本語試験問題集

質問 # 247
次のうち、IANA によって定義された登録済みポートはどれですか?

  • A. ポート 1024 ~ 49151
  • B. ポート 1025 ~ 65535
  • C. ポート 128 ~ 255
  • D. ポート 1024 ~ 32767

正解:A

解説:
As a signal travels though a medium, it attenuates (loses strength) and at some point will become indistinguishable from noise. To assure trouble-free communication, maximum cable lengths are set between nodes to assure that attenuation will not cause a problem. The maximum CAT-5 UTP cable length between two nodes for 10BASE-T is 100M.
The following answers are incorrect:
80 meters. It is only a distracter.
185 meters. Is incorrect because it is the maximum length for 10Base-2500 meters. Is incorrect because it is the maximum length for 10Base-5


質問 # 248
_________ は、コンピュータ システム内の通信に通常は使用されない情報パスです。システムのセキュリティ メカニズムによっては保護されません。

  • A. トロイの木馬プログラム
  • B. バックパス
  • C. バックドア
  • D. ハイジャックされたセッション
  • E. 秘密チャネル

正解:E


質問 # 249
DoD TCP モデルのリンク層でイーサネット データの単一ユニットを参照する適切な用語は何ですか?

  • A. イーサネット フレーム。
  • B. イーサネット データグラム。
  • C. イーサネット パケット。
  • D. イーサネット セグメント。

正解:C

解説:
A series of the same control characters, hexadecimal code, imbedded in the string is usually an indicator of a buffer overflow attack.
The Intel x86 processors use the hexadecimal number 90 to represent NOP (no operation). Many buffer overflow attacks use long strings of control characters and this is representative of that type of attack.
A buffer overflow takes place when too much data are accepted as input to a specific process. A buffer is an allocated segment of memory. A buffer can be overflowed arbitrarily with too much data, but for it to be of any use to an attacker, the code inserted into the buffer must be of a specific length, followed up by commands the attacker wants executed. So, the purpose of a buffer overflow may be either to make a mess, by shoving arbitrary data into various memory segments, or to accomplish a specific task, by pushing into the memory segment a carefully crafted set of data that will accomplish a specific task. This task could be to open a command shell with administrative privilege or execute malicious code.
Common threats to system availability, integrity, and confidentiality include hardware failure, misuse of system privileges, buffer overflows and other memory attacks, denial of service, reverse engineering, and system hacking.
Since many vulnerabilities result from insecure design and most threats are well known, it is the responsibility of the security architect to ensure that their designs are addressing security requirements appropriately while also ensuring that the system can continue to perform its intended function.
The following answers are incorrect:
Over-subscription of the traffic on a backbone. Is incorrect because if there was Over-subscription of the traffic on a backbone, that would typically result in not being able to send or receive any packets, more commonly known as Denial of Service or DoS.
A source quench packet. This is incorrect because a source quench packet is an ICMP message that contains the internet header plus 64 bits of the original datagram.
A FIN scan. This is incorrect because a FIN scan is when a packet with the FIN flag set is sent to a specific port and the results are then analyzed.


質問 # 250
ソフトウェア開発ライフ サイクルの次のフェーズのうち、通常、デュー ケアとデュー デリジェンスに取り組むのはどれですか?

  • A. 実装
  • B. ソフトウェアの計画と要件
  • C. 製品設計
  • D. システムの実現可能性

正解:C

解説:
The Product design phase deals with incorporating security specifications, adjusting test plans and data, determining access controls, design documentation, evaluating encryption options, and verification.
Implementation is incorrect because it deals with Installing security software, running the system, acceptance testing, security software testing, and complete documentation certification and accreditation (where necessary).
Detailed design is incorrect because it deals with information security policy, standards, legal issues, and the early validation of concepts.
software plans and requirements is incorrect because it deals with addressesing threats, vulnerabilities, security requirements, reasonable care, due diligence, legal liabilities, cost/benefit analysis, level of protection desired, test plans.
During the Functional Requirements Definition the project management and systems development teams will conduct a comprehensive analysis of current and possible future functional requirements to ensure that the new system will meet end-user needs. The teams also review the documents from the project initiation phase and make any revisions or updates as needed. For smaller projects, this phase is often subsumed in the project initiation phase. At this point security requirements should be formalized.
The Development Life Cycle is a project management tool that can be used to plan, execute, and control a software development project usually called the Systems Development Life Cycle (SDLC).
The SDLC is a process that includes systems analysts, software engineers, programmers, and end users in the project design and development. Because there is no industry-wide SDLC, an organization can use any one, or a combination of SDLC methods.
The SDLC simply provides a framework for the phases of a software development project from defining the functional requirements to implementation. Regardless of the method used, the SDLC outlines the essential phases, which can be shown together or as separate elements. The model chosen should be based on the project.
For example, some models work better with long-term, complex projects, while others are more suited for short-term projects. The key element is that a formalized SDLC is utilized.
The number of phases can range from three basic phases (concept, design, and implement) on up.
The basic phases of SDLC are:
Project initiation and planning
Functional requirements definition
System design specifications
Development and implementation
Documentation and common program controls
Testing and evaluation control, (certification and accreditation) Transition to production (implementation) The system life cycle (SLC) extends beyond the SDLC to include two additional phases:
Operations and maintenance support (post-installation) Revisions and system replacement System Design Specifications This phase includes all activities related to designing the system and software. In this phase, the system architecture, system outputs, and system interfaces are designed. Data input, data flow, and output requirements are established and security features are designed, generally based on the overall security architecture for the company.
Development and Implementation
During this phase, the source code is generated, test scenarios and test cases are developed, unit and integration testing is conducted, and the program and system are documented for maintenance and for turnover to acceptance testing and production. As well as general care for software quality, reliability, and consistency of operation, particular care should be taken to ensure that the code is analyzed to eliminate common vulnerabilities that might lead to security exploits and other risks.
Documentation and Common Program Controls
These are controls used when editing the data within the program, the types of logging the program should be doing, and how the program versions should be stored. A large number of such controls may be needed, see the reference below for a full list of controls.
Acceptance
In the acceptance phase, preferably an independent group develops test data and tests the code to ensure that it will function within the organization's environment and that it meets all the functional and security requirements. It is essential that an independent group test the code during all applicable stages of development to prevent a separation of duties issue. The goal of security testing is to ensure that the application meets its security requirements and specifications. The security testing should uncover all design and implementation flaws that would allow a user to violate the software security policy and requirements. To ensure test validity, the application should be tested in an environment that simulates the production environment. This should include a security certification package and any user documentation.
Certification and Accreditation (Security Authorization) Certification is the process of evaluating the security stance of the software or system against a predetermined set of security standards or policies. Certification also examines how well the system performs its intended functional requirements. The certification or evaluation document should contain an analysis of the technical and nontechnical security features and countermeasures and the extent to which the software or system meets the security requirements for its mission and operational environment.
Transition to Production (Implementation)
During this phase, the new system is transitioned from the acceptance phase into the live production environment. Activities during this phase include obtaining security accreditation; training the new users according to the implementation and training schedules; implementing the system, including installation and data conversions; and, if necessary, conducting any parallel operations.
Revisions and System Replacement
As systems are in production mode, the hardware and software baselines should be subject to periodic evaluations and audits. In some instances, problems with the application may not be defects or flaws, but rather additional functions not currently developed in the application. Any changes to the application must follow the same SDLC and be recorded in a change management system. Revision reviews should include security planning and procedures to avoid future problems. Periodic application audits should be conducted and include documenting security incidents when problems occur. Documenting system failures is a valuable resource for justifying future system enhancements.
Below you have the phases used by NIST in it's 800-63 Revision 2 document As noted above, the phases will vary from one document to another one. For the purpose of the exam use the list provided in the official ISC2 Study book which is presented in short form above.
Refer to the book for a more detailed description of activities at each of the phases of the SDLC.
However, all references have very similar steps being used. As mentioned in the official book, it could be as simple as three phases in it's most basic version (concept, design, and implement) or a lot more in more detailed versions of the SDLC.
The key thing is to make use of an SDLC.

SDLC phases


質問 # 251
セキュア シェル (SSH) は、以下を実行するための強力な方法です。

  • A. サーバー認証
  • B. ゲスト認証
  • C. クライアント認証
  • D. ホスト認証

正解:C

解説:
Secure shell (SSH) was designed as an alternative to some of the insecure protocols and allows users to securely access resources on remote computers over an encrypted tunnel. The Secure Shell Protocol (SSH) is a protocol for secure remote login and other secure network services over an insecure network. The SSH authentication protocol runs on top of the SSH transport layer protocol and provides a single authenticated tunnel for the SSH connection protocol.
SSH's services include remote log-on, file transfer, and command execution. It also supports port forwarding, which redirects other protocols through an encrypted SSH tunnel. Many users protect less secure traffic of protocols, such as X Windows and VNC (virtual network computing), by forwarding them through a SSH tunnel.
The SSH tunnel protects the integrity of communication, preventing session hijacking and other man-in-the-middle attacks. Another advantage of SSH over its predecessors is that it supports strong authentication. There are several alternatives for SSH clients to authenticate to a SSH server, including passwords and digital certificates.
Keep in mind that authenticating with a password is still a significant improvement over the other protocols because the password is transmitted encrypted.
There are two incompatible versions of the protocol, SSH-1 and SSH-2, though many servers support both. SSH-2 has improved integrity checks (SSH-1 is vulnerable to an insertion attack due to weak CRC-32 integrity checking) and supports local extensions and additional types of digital certificates such as Open PGP. SSH was originally designed for UNIX, but there are now implementations for other operating systems, including Windows, Macintosh, and OpenVMS.
Is SSH 3.0 the same as SSH3? The short answer is: NO SSH 3.0 refers to version 3 of SSH Communications SSH2 protocol implementation and it could also refer to OpenSSH Version 3.0 of its SSH2 software. The "3" refers to the software release version not the protocol version. As of this writing (July 2013), there is no SSH3 protocol.
"Server authentication" is incorrect. Though many SSH clients allow pre-caching of server/host keys, this is a minimal form of server/host authentication.
"Host authentication" is incorrect. Though many SSH clients allow pre-caching of server/host keys, this is a minimal form of server/host authentication.
"Guest authentication" is incorrect. The general idea of "guest" is that it is unauthenticated access.
Reference(s) used for this question:
http://www.ietf.org/rfc/rfc4252.txt Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 7080-7088). Auerbach Publications. Kindle Edition.


質問 # 252
情報システムおよび関連するネットワークへのアクセスを制御することは、以下を維持するために必要です。

  • A. 真正性、機密性、完全性、および可用性。
  • B. 機密性、完全性、および可用性。
  • C. 完全性と可用性。
  • D. 真正性、機密性、可用性

正解:B

解説:
Controlling access to information systems and associated networks is necessary for the preservation of their confidentiality, integrity and availability.


質問 # 253
セーフガードの欠如、または悪用される可能性のあるシステムの弱点は、a(n) と呼ばれますか?

  • A. 脅威
  • B. 露出
  • C. リスク
  • D. 脆弱性

正解:D

解説:
A vulnerability is a weakness in a system that can be exploited by a threat. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 237.


質問 # 254
イーサネットで使用されるアクセス方法は次のうちどれですか?

  • A. CSMA/CD。
  • B. CSU/DSU。
  • C. FIFO。
  • D. TCP/IP。

正解:A

解説:
Ethernet uses Carrier Sense Multiple Access with Collision Detection (CSMA/CD) to minimize the effect of broadcast collisions.
The following answers are incorrect:
CSU/DSU Is incorrect because Channel Service Unit/Digital Service Unit(CSU/DSU) is a digital interface normally used to connect a router to a digital circuit.
TCP/IP Is incorrect because Transmission Control Protocol/Internet Protocol(TCP/IP) is a network protocol not an access method. FIFO Is incorrect as it is a distractor. First In, First Out (FIFO) is typically a processing methodology in which first come, first served.
Ethernet is a frame based network technology.
References:
OIG CBK Telecommunications and Network Security (pages 437 - 438)
Wikipedia http://en.wikipedia.org/wiki/FIFO


質問 # 255
パケットスニファとは何ですか?

  • A. ネットワーク セグメントをスキャンしてケーブル障害を検出します。
  • B. オフサイトの場所へのネットワーク接続を追跡します。
  • C. 後で分析するためにネットワーク トラフィックをキャプチャします。
  • D. ネットワーク トラフィックの不正なパケットを監視します。

正解:C

解説:
The Answer: Physical layer The Physical layer is responsible for the transmission of the data through the physical medium. This includes such things as cables. Fiber optics is a cabling mechanism which works at Physical layer of OSI model All of the other answers are incorrect.


質問 # 256
公開鍵インフラストラクチャでは、公開鍵はどのように公開されますか?

  • A. メールでお送りします。
  • B. 公開されていません。
  • C. 所有者から送信されます。
  • D. デジタル証明書を介して。

正解:D

解説:
Public keys are published through digital certificates, signed by certification authority (CA), binding the certificate to the identity of its bearer.
A bit more details:
Although "Digital Certificates" is the best (or least wrong!) in the list of answers presented, for the past decade public keys have been published (ie: made known to the World) by the means of a LDAP server or a key distribution server (ex.: http://pgp.mit.edu/). An indirect publishing method is through OCSP servers (to validate digital signatures' CRL) Reference used for this question:
TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. and http://technet.microsoft.com/en-us/library/dd361898.aspx


質問 # 257
次のうち、企業リソースではなく外部侵入サービス会社を使用する正当な理由ではないものはどれですか?

  • A. 企業の偏見がない
  • B. より完全なレポートを保証します
  • C. 彼らは非常に才能のある元ハッカーを使用しています
  • D. 費用対効果が高い

正解:C

解説:
Two points are important to consider when it comes to ethical hacking: integrity and independence.
By not using an ethical hacking firm that hires or subcontracts to ex-hackers of others who have criminal records, an entire subset of risks can be avoided by an organization. Also, it is not cost-effective for a single firm to fund the effort of the ongoing research and development, systems development, and maintenance that is needed to operate state-ofthe-art proprietary and open source testing tools and techniques.
External penetration firms are more effective than internal penetration testers because they are not influenced by any previous system security decisions, knowledge of the current system environment, or future system security plans. Moreover, an employee performing penetration testing might be reluctant to fully report security gaps.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Appendix F: The Case for Ethical Hacking (page 517).


質問 # 258
最小特権の原則を実装することの最終結果は、次のうちどれを意味しますか?

  • A. ユーザーは、知る必要がある情報のみにアクセスできます。
  • B. ユーザーはすべてのシステムにアクセスできます。
  • C. 認可クリープ。
  • D. ユーザーがポジションを変更すると、新しい権限が追加されます。

正解:A

解説:
The principle of least privilege refers to allowing users to have only the access they need and not anything more. Thus, certain users may have no need to access any of the files on specific systems.
The following answers are incorrect: Users can access all systems. Although the principle of least privilege limits what access and systems users have authorization to, not all users would have a need to know to access all of the systems. The best answer is still Users would get access to only the info for which they have a need to know as some of the users may not have a need to access a system.
Users get new privileges when they change positions. Although true that a user may indeed require new privileges, this is not a given fact and in actuality a user may require less privileges for a new position. The principle of least privilege would require that the rights required for the position be closely evaluated and where possible rights revoked.
Authorization creep. Authorization creep occurs when users are given additional rights with new positions and responsibilities. The principle of least privilege should actually prevent authorization creep.
The following reference(s) were/was used to create this question:
ISC2 OIG 2007 p.101,123 Shon Harris AIO v3 p148, 902-903


質問 # 259
次のメディアのうち、タッピングに対して最も耐性があるのはどれですか?

  • A. 光ファイバー。
  • B. ツイストペア。
  • C. 同軸ケーブル。
  • D. 電子レンジ。

正解:A

解説:
Fiber Optic is the most resistant to tapping because Fiber Optic uses a light to transmit the signal. While there are some technologies that will allow to monitor the line passively, it is very difficult to tap into without detection sot this technology would be the MOST resistent to tapping.
The following answers are in correct:
microwave. Is incorrect because microwave transmissions can be intercepted if in the path of the broadcast without detection.
twisted pair. Is incorrect because it is easy to tap into a twisted pair line. coaxial cable. Is incorrect because it is easy to tap into a coaxial cable line.


質問 # 260
論理リンク制御サブレイヤーは、次のうちどれの一部ですか?

  • A. TCP/IP スタック モデルのトランスポート層
  • B. ISO/OSI データ リンク層
  • C. 参照モニター
  • D. 変更管理コントロール

正解:B

解説:
The OSI/ISO Data Link layer is made up of two sub-layers; (1) the Media Access Control layer refers downward to lower layer hardware functions and (2) the Logical Link Control refers upward to higher layer software functions. Other choices are distracters.
Source: ROTHKE, Ben, CISSP CBK Review presentation on domain 2, August 1999.


質問 # 261
ポリモーフィック コードの属性は次のうちどれですか?

  • A. 元のアルゴリズムをそのまま維持したまま変異します。
  • B. 特定の条件に基づいて動作します。
  • C. すべてのコードに暗号化を使用します
  • D. コンピュータの構成を変更して自己複製するように記述されています

正解:A


質問 # 262
サブジェクトとオブジェクトのセキュリティ ラベルを比較するために、システムはどのようなメカニズムを使用しますか?

  • A. クリアランスチェック。
  • B. セキュリティ モジュール。
  • C. 参照モニター。
  • D. 検証モジュール。

正解:C

解説:
Because the Reference Monitor is responsible for access control to the objects by the subjects it compares the security labels of a subject and an object.
According to the OIG: The reference monitor is an access control concept referring to an abstract machine that mediates all accesses to objects by subjects based on information in an access control database. The reference monitor must mediate all access, be protected from modification, be verifiable as correct, and must always be invoked. The reference monitor, in accordance with the security policy, controls the checks that are made in the access control database.
The following are incorrect:
Validation Module. A Validation Module is typically found in application source code and is used to validate data being inputted.
Clearance Check. Is a distractor, there is no such thing other than what someone would do when checking if someone is authorized to access a secure facility.
Security Module. Is typically a general purpose module that prerforms a variety of security related functions.


質問 # 263
次のすべては、1 つを除いて、ビジネス インパクト分析 (BIA) を作成するときに特定する必要がある重要なビジネス機能と見なすことができます。次のうち、BIA の必須要素ではないが、BCP 計画に含める重要なトピックと見なされるものはどれですか。

  • A. 購入
  • B. 広報活動
  • C. 経理
  • D. IT ネットワークのサポート

正解:B

解説:
Public Relations, although important to a company, is not listed as an
essential business function that should be identified and have loss criteria developed for.
All other entries are considered essential and should be identified and have loss criteria developed.
Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw- Hill/Osborne, 2002, chapter 9: Disaster Recovery and Business continuity (page 598).


質問 # 264
NOP の長い文字列とそれに続くコマンドを含むパケットは、通常、何を示していますか?

  • A. バッファ オーバーフロー攻撃。
  • B. ハーフ ポート スキャン。
  • C. ネットワークのブロードキャスト アドレス宛てのパケット。
  • D. syn スキャン。

正解:A

解説:
A series of the same control, hexidecimal, characters imbedded in the string is usually an indicator of a buffer overflow attack. A NOP is a instruction which does nothing (No Operation - the hexadecimal equivalent is 0x90) The following answers are incorrect:
A syn scan. This is incorrect because a SYN scan is when a SYN packet is sent to a specific port and the results are then analyzed.
A half-port scan. This is incorrect because the port scanner generates a SYN packet. If the target port is open, it will respond with a SYN-ACK packet. The scanner host responds with a RST packet, closing the connection before the handshake is completed. Also known as a Half Open Port scan.
A packet destined for the network's broadcast address. This is incorrect because this type of packet would not contain a long string of NOP characters.


質問 # 265
生体認証システムでは、当初、真に確実な識別は次の要素にのみ基づいていることがすぐに明らかになりました。

  • A. 人の身体的属性
  • B. 人の年齢
  • C. 人の声
  • D. 人の性別

正解:A

解説:
Today implementation of fast, accurate reliable and user-acceptable
biometric identification systems is already under way.
From: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 1, Page 7.


質問 # 266
コンピュータ ウイルス デマの特徴ではないものは次のうちどれですか?

  • A. 警告するために全員に送信するよう依頼します
  • B. 通常、ユーザーに知られていない隠れた関数が実行されます。
  • C. 技術的にナンセンスに聞こえる内容が含まれています
  • D. 偽の権威を参照します

正解:B


質問 # 267
セキュリティ カーネルは、セキュリティ ポリシーの施行を担当するリファレンス モニタ メカニズムの厳密な実装として定義されます。安全であるために、カーネルは 3 つの基本的な条件を満たさなければなりません。それらは何ですか?

  • A. ポリシー、メカニズム、保証
  • B. 機密性、完全性、および可用性
  • C. 分離、階層化、および抽象化
  • D. 完全性、分離性、および検証可能性

正解:D

解説:
A security kernel is responsible for enforcing a security policy. It is a strict implementation of a reference monitor mechanism. The architecture of a kernel operating system is typically layered, and the kernel should be at the lowest and most primitive level.
It is a small portion of the operating system through which all references to information and all changes to authorizations must pass. In theory, the kernel implements access control and information flow control between implemented objects according to the security policy.
To be secure, the kernel must meet three basic conditions:
completeness (all accesses to information must go through the kernel),
isolation (the kernel itself must be protected from any type of unauthorized access), and verifiability (the kernel must be proven to meet design specifications).
The reference monitor, as noted previously, is an abstraction, but there may be a reference validator, which usually runs inside the security kernel and is responsible for performing security access checks on objects, manipulating privileges, and generating any resulting security audit messages.
A term associated with security kernels and the reference monitor is the trusted computing base (TCB). The TCB is the portion of a computer system that contains all elements of the system responsible for supporting the security policy and the isolation of objects. The security capabilities of products for use in the TCB can be verified through various evaluation criteria, such as the earlier Trusted Computer System Evaluation Criteria (TCSEC) and the current Common Criteria standard.
Many of these security terms-reference monitor, security kernel, TCB-are defined loosely by vendors for purposes of marketing literature. Thus, it is necessary for security professionals to read the small print and between the lines to fully understand what the vendor is offering in regard to security features.
TIP FOR THE EXAM:
The terms Security Kernel and Reference monitor are synonymous but at different levels.
As it was explained by Diego:
While the Reference monitor is the concept, the Security kernel is the implementation of such concept (via hardware, software and firmware means).
The two terms are the same thing, but on different levels: one is conceptual, one is
"technical"
The following are incorrect answers:
Confidentiality, Integrity, and Availability
Policy, mechanism, and assurance
Isolation, layering, and abstraction
Reference(s) used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 13858-13875). Auerbach Publications. Kindle Edition.


質問 # 268
次の標準のうち、デジタル証明書に関するものはどれですか?

  • A. X.25
  • B. X.400
  • C. X.75
  • D. X.509

正解:D

解説:
X.509 is used in digital certificates. X.400 is used in e-mail as a message handling protocol. X.25 is a standard for the network and data link levels of a communication network and X.75 is a standard defining ways of connecting two X.25 networks. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 164).


質問 # 269
......

合格させるSSCP日本語試験問題は更新された1338問あります:https://jp.fast2test.com/SSCP-JPN-premium-file.html


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어