312-76試験問題集合格させるのは2025年最新の認証済み試験問題
312-76試験問題でリアルに更新された問題PDF
EC-COUNCIL 312-76 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
| トピック 7 |
|
| トピック 8 |
|
| トピック 9 |
|
質問 # 86
Which of the following processes hides one set of IP addresses used for internal traffic only while exposing a second set of addresses to external traffic?
- A. SIIT
- B. NAT
- C. NAPT-PT
- D. NAT-PT
正解:B
質問 # 87
Which of the following DRP tests is plan distributed, and reviewed by the business units for its thoroughness and effectiveness?
- A. Parallel test
- B. Walk-through drill
- C. Functional drill
- D. Checklist review
正解:D
質問 # 88
You work as an Incident handling manager for Orangesect Inc. You detect a virus attack incident in the network of your company. You develop a signature based on the characteristics of the detected virus. Which of the following phases in the Incident handling process will utilize the signature to resolve this incident?
- A. Identification
- B. Containment
- C. Eradication
- D. Recovery
正解:C
質問 # 89
Which of the following system security policies is used to address specific issues of concern to the organization?
- A. Program policy
- B. System-specific policy
- C. Informative policy
- D. Issue-specific policy
正解:D
質問 # 90
Peter works as a Technical Representative in a CSIRT for SecureEnet Inc. His team is called to investigate the computer of an employee, who is suspected for classified data theft. Suspect's computer runs on Windows operating system. Peter wants to collect data and evidences for further analysis. He knows that in Windows operating system, the data is searched in pre-defined steps for proper and efficient analysis. Which of the following is the correct order for searching data on a Windows based system?
- A. Volatile data, file slack, internet traces, registry, memory dumps, system state backup, file system
- B. Volatile data, file slack, file system, registry, memory dumps, system state backup, internet traces
- C. Volatile data, file slack, registry, memory dumps, file system, system state backup, internet traces
- D. Volatile data, file slack, registry, system state backup, internet traces, file system, memory dumps
正解:B
質問 # 91
You work as a CSO (Chief Security Officer) for Tech Perfect Inc. You have a disaster scenario and you want to discuss it with your team members for getting appropriate responses of the disaster. In which of the following disaster recovery tests can this task be performed?
- A. Parallel test
- B. Simulation test
- C. Structured walk-through test
- D. Full-interruption test
正解:B
質問 # 92
BS 7799 is an internationally recognized ISM standard that provides high level, conceptual recommendations on enterprise security. BS 7799 is basically divided into three parts. Which of the following statements are true about BS 7799?
Each correct answer represents a complete solution. Choose all that apply.
- A. BS 7799 Part 3 was published in 2005, covering risk analysis and management.
- B. BS 7799 Part 2 was adopted by ISO as ISO/IEC 27001 in November 2005.
- C. BS 7799 Part 1 was adopted by ISO as ISO/IEC 27001 in November 2005.
- D. BS 7799 Part 1 was a standard originally published as BS 7799 by the British Standards Institute (BSI) in
1995.
正解:A、B、D
質問 # 93
DRAG DROP
Drag and drop the appropriate team names in front of their respective responsibilities.
Select and Place:
正解:
解説:
質問 # 94
Which of the following modes of operation supports users with different clearances and data at various classification levels?
- A. Limited Access
- B. Compartmented
- C. Dedicated
- D. Multilevel mode
正解:D
質問 # 95
An online betting site accepts bets for sporting events held around the world. Due to this, their operations need to be up 24x7. During an internal IT audit, they discovered a vulnerability in their payment gateway system. They assessed that should the payment gateway go down for more than an hour, they will lose about
$100,000 and about 15% of their customers to their competitor website. Moreover, they might lose 25% of their customer base permanently due to the constant promotions run by their competitor to attract and retain new customers. This was unacceptable for the business under any circumstances, so immediate corrective measures were taken to fix the vulnerability. What technical term best defines this time period of two hours?
- A. Work Recovery Time (WRT)
- B. Recovery Time Objective (RTO)
- C. Maximum Tolerable Period of Disruption (MTPOD)
- D. Recovery Point Objective (RPO)
正解:B
解説:
Recovery Time Objective (RTO)refers to the amount of time a system, application, or process can be down before it causes significant harm to the business. In this scenario, the betting site determined that if the payment gateway system is down for more than an hour, it would result in substantial financial losses ($100,000) and customer attrition (15% short-term and 25% permanently). The focus on the acceptable downtime before these impacts occur aligns with the definition of RTO. The mention of "two hours" in the question seems to be a slight mismatch with the "more than an hour" in the description, but the context still points to RTO as the best fit, as it defines the target time frame for recovery.
* Recovery Point Objective (RPO)refers to the amount of data loss (measured in time) a business can tolerate, not the duration of system downtime.
* Maximum Tolerable Period of Disruption (MTPOD)is a broader term that encompasses the total time a business can withstand a disruption, including recovery and other factors, but it is less specific to the immediate system restoration time frame described here.
* Work Recovery Time (WRT)is not a widely standardized term in this context and typically relates to the time needed to recover specific work processes, not the system downtime tolerance.
Thus,RTOis the most precise term for the time period the business can tolerate the payment gateway being unavailable.
質問 # 96
In which of the following tests is the entire BCP implemented?
- A. Simulation Test
- B. Orientation Test
- C. Full-Scale Test
- D. Functional Test
正解:C
解説:
A Full-Scale Test implements the entire Business Continuity Plan (BCP) in a live environment, testing all components comprehensively.
* Option A (Orientation):Introduces the plan, not implementation.
* Option B (Functional):Tests specific functions, not the whole plan.
* Option D (Simulation):Mimics scenarios, not full execution.
* "Full-Scale Tests execute the entire BCP, validating all procedures and resources in a real-world scenario" (Module: Testing Disaster Recovery Plans, Section: Test Types).
質問 # 97
Configuration Management (CM) is an Information Technology Infrastructure Library (ITIL) IT Service Management (ITSM) process. Configuration Management is used for which of the following?
Each correct answer represents a part of the solution. Choose all that apply.
- A. To account for all IT assets
- B. To provide a solid base only for Incident and Problem Management
- C. To provide precise information support to other ITIL disciplines
- D. To verify configuration records and correct any exceptions
正解:A、C、D
質問 # 98
Which of the following ensures that the confidentiality, integrity, and availability of the services are maintained to the levels approved on the Service Level Agreement (SLA)?
- A. The Change Manager
- B. The Configuration Manager
- C. The Service Level Manager
- D. The IT Security Manager
正解:D
質問 # 99
Which of the following is the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in business continuity?
- A. RPO
- B. RTO
- C. RCO
- D. RTA
正解:B
質問 # 100
Oliver's team had been working hard on a proposal for a new project. After meticulously working out the details for a month, they found out that someone had leaked their proposal to their competitor and they had lost the project. This impacted their morale hugely, and for the next two months, all the other projects progressed extremely slowly resulting in their delay. Which of the following best describes the impact that this data breach had on the organization?
- A. Semi-Qualitative Impact
- B. Quantitative Impact
- C. Qualitative Impact
- D. Industrial Impact
正解:C
解説:
Qualitative Impact assesses non-measurable effects, such as morale, productivity, and reputation, which align with the scenario's focus on slowed progress and team morale.
* Option A (Semi-Qualitative):A hybrid term, less precise here.
* Option C (Quantitative):Measurable losses (e.g., financial), not the primary focus.
* Option D (Industrial):Too broad, not specific to impact type.
* "Qualitative Impact evaluates intangible consequences like morale and operational delays following a breach, critical for BIA" (Module: Business Impact Analysis, Section: Impact Types).
質問 # 101
In which disaster recovery tier is data backed up with a hot site?
- A. Tier 2
- B. Tier 1
- C. Tier 5
- D. Tier 4
正解:C
解説:
In disaster recovery (DR) tier classifications, often based on frameworks like theShare GrouporIBM's DR tier model, the tiers represent increasing levels of recovery capability. Here's a brief overview to explain:
* Tier 1: Basic backup with offsite storage (e.g., tape backups), no real-time replication, and long recovery times.
* Tier 2: Offsite backups with some improvements (e.g., electronic vaulting), but still no immediate recovery capability.
* Tier 4: Point-in-time copies with more advanced backup solutions (e.g., disk-based replication), but typically lacks a fully operational hot site.
* Tier 5: Transaction integrity with ahot site-a fully operational, mirrored site that can take over almost immediately with minimal data loss and downtime. Data is actively backed up and synchronized in real- time or near real-time.
Ahot siteis a fully equipped, operational duplicate of the primary site, ready to assume operations with little to no downtime. This capability aligns withTier 5, where data is backed up continuously or frequently, and the hot site ensures rapid recovery. Higher tiers (e.g., Tier 6 or 7) might involve zero data loss and instantaneous failover, but Tier 5 specifically fits the description of having a hot site with robust backup.
質問 # 102
Fill in the blank with the appropriate number:
RAID-______is a combination of RAID-1 and RAID-0.
- A. 10
正解:A
質問 # 103
In which of the following DRP tests does a business unit management meet to review the plan?
- A. Parallel test
- B. Simulation test
- C. Full-interruption test
- D. Structured walk-through test
正解:D
質問 # 104
......
合格させる保証付き無料クイズ2025年最新の実際に出ると確認されたEC-COUNCIL:https://jp.fast2test.com/312-76-premium-file.html