CISSP練習テスト問題解答には更新された1481問があります [Q193-Q211]

Share

CISSP練習テスト問題解答には更新された1481問があります

CISSP問題集はISC Certification合格確定させる練習で1481問があります


ISC CISSP認定試験は、250の複数選択の質問で構成されるコンピューターベースのテストです。候補者は試験を完了するのに最大6時間を持っており、パスするには1000ポイントのうち少なくとも700点を獲得する必要があります。この試験は複数の言語で入手でき、世界中のピアソンvueテストセンターで撮影できます。


ISC CISSP(Certified Information Systems Security Professional)試験は、情報セキュリティの分野における候補者の知識とスキルをテストするために設計された認定試験です。この試験は、情報セキュリティの専門家の能力を測定するための基準として、世界的に認められています。ISC(国際情報システムセキュリティ認定コンソーシアム)によって作成され、情報セキュリティの分野で最も求められている認定資格の一つです。

 

質問 # 193
Which of the following is the PRIMARY mechanism used to limit the range of objects available to a given subject within different execution domains?

  • A. Process isolation
  • B. Virtual Private Network (VPN)
  • C. Data hiding and abstraction
  • D. Use of discrete layering and Application Programming Interfaces (API)

正解:A


質問 # 194
Which one of the following items are true concerning the Platform
for Privacy Preferences (P3P) developed by the World Wide Web
Consortium (W3C)? Select three.

  • A. It allows users to be informed of site practices in human-readable format.
  • B. It allows Web sites to express their privacy practices in a standard format that can be retrieved automatically and interpreted easily by user agents.
  • C. It automates decision-making based on the sites privacy practices
    when appropriate.
  • D. It does not provide the site privacy practices to users in machine-readable format.

正解:A、B、C

解説:
In addition to the capabilities in the correct answers, P3P does provide the site privacy practices to users in machine-readable format.


質問 # 195
Which of the following is true about digital certificate?

  • A. Electronic credential proving that the person the certificate was issued to is who they claim to be
  • B. You can only get digital certificate from Verisign, RSA if you wish to prove the key belong to a specific user.
  • C. Can't contain geography data such as country for example.
  • D. It is the same as digital signature proving Integrity and Authenticity of the data

正解:A

解説:
Digital certificate helps others verify that the public keys presented by users are genuine and valid. It is a form of Electronic credential proving that the person the certificate was issued to is who they claim to be.
The certificate is used to identify the certificate holder when conducting electronic transactions.
It is issued by a certification authority (CA). It contains the name of an organization or individual, the business address, a serial number, expiration dates, a copy of the certificate holder's public key (used for encrypting messages), and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real. Some digital certificates conform to a standard, X.509. Digital certificates can be kept in registries so that authenticating users can look up other users' public keys.
Digital certificates are key to the PKI process. The digital certificate serves two roles. First, it ensures the integrity of the public key and makes sure that the key remains unchanged and in a valid state. Second, it validates that the public key is tied to the stated owner and that all
associated information is true and correct. The information needed to accomplish these goals is
added into the digital certificate.
A Certificate Authority (CA) is an entity trusted by one or more users as an authority in a network
that issues, revokes, and manages digital certificates.
A Registration Authority (RA) performs certificate registration services on behalf of a CA. The RA,
a single purpose server, is responsible for the accuracy of the information contained in a certificate
request. The RA is also expected to perform user validation before issuing a certificate request.
A Digital Certificate is not like same as a digital signature, they are two different things, a digital
Signature is created by using your Private key to encrypt a message digest and a Digital
Certificate is issued by a trusted third party who vouch for your identity.
There are many other third parties which are providing Digital Certifictes and not just Verisign,
RSA.
Reference(s) used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition
((ISC)2 Press) (Kindle Locations 14894-14903). Auerbach Publications. Kindle Edition.
Gregg, Michael; Haines, Billy (2012-02-16). CASP: CompTIA Advanced Security Practitioner
Study Guide Authorized Courseware: Exam CAS-001 (p. 24). Wiley. Kindle Edition.
Please refer to http://en.wikipedia.org/wiki/Digital_certificate
What is Digital certificate:
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci211947,00.html
another deifination on http://www.webopedia.com/TERM/D/digital_certificate.html


質問 # 196
Which of the following statements pertaining to VPN protocol standards is false?

  • A. L2TP is a combination of PPTP and L2F.
  • B. L2TP operates at the network layer.
  • C. L2TP and PPTP were designed for single point-to-point client to server communication.
  • D. PPTP uses native PPP authentication and encryption services.

正解:B

解説:
L2TP and PPTP were both designed for individual client to server connections; they enable only a single point-to-point connection per session. Dial-up VPNs use L2TP often. Both L2TP and PPTP operate at the data link layer (layer 2) of the OSI model. PPTP uses native PPP authentication and encryption services and L2TP is a combination of PPTP and Layer 2 Forwarding protocol (L2F). Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 95).


質問 # 197
In telephony different types of connections are being used. The connection from the phone company's branch office to local customers is referred to as which of the following choices?

  • A. local loop
  • B. loopback
  • C. indigenous loop
  • D. new loop

正解:A

解説:
Transmission on fiber optic wire requires repeating at distance intervals. The glass
fiber requires more protection within an outer cable than copper. For these reasons and because
the installation of any new wiring is labor-intensive, few communities yet have fiber optic wires or
cables from the phone company's branch office to local customers (local loop).
In telephony, a local loop is the wired connection from a telephone company's central office in a
locality to its customers' telephones at homes and businesses. This connection is usually on a pair
of copper wires called twisted pair. The system was originally designed for voice transmission only
using analog transmission technology on a single voice channel. Today, your computer's modem
makes the conversion between analog signals and digital signals. With Integrated Services Digital
Network (ISDN) or Digital Subscriber Line (DSL), the local loop can carry digital signals directly
and at a much higher bandwidth than they do for voice only.
Local Loop diagram
Image from: http://www.thenetworkencyclopedia.com/entry/local-loop/
The following are incorrect answers:
New loop This is only a detractor and does not exist
Loopback In telephone systems, a loopback is a test signal sent to a network destination that is
returned as received to the originator. The returned signal may help diagnose a problem.
Ingenious loop This is only a detractor and does not exist
Reference(s) used for this question:
http://searchnetworking.techtarget.com/definition/local-loop and STEINER, Kurt, Telecommunications and Network Security, Version 1, May 2002, CISSP Open Study Group (Domain Leader: skottikus), Page 14.


質問 # 198
Secure real-time transport protocol (SRTP) provides security for which of the following?

  • A. Satellite communication
  • B. Network Communication for real-time operating systems
  • C. time sensitive e-communication
  • D. Voice communication

正解:D


質問 # 199
An important control that should be in place for external connections to
a network that uses call-back schemes is:

  • A. Call enhancement
  • B. Breaking of a dial-up connection at the organization's computing resource side of the line
  • C. Breaking of a dial-up connection at the remote user's side of the line
  • D. Call forwarding

正解:B

解説:
One attack that can be applied when call back is used for remote,
dial-up connections is that the caller may not hang up. If the caller
had been previously authenticated and has completed his/her session,
a live connection into the remote network will still be maintained.
Also, an unauthenticated remote user may hold the line open,
acting as if call-back authentication has taken place. Thus, an active
disconnect should be effected at the computing resource's side of the
line.
Answer "Breaking of a dial-up connection at the remote user's side of the line" is not correct since
it involves the caller hanging up.
Answer "call forwarding" is a feature that should be disabled, if possible,
when used with call-back schemes. With call back, a cracker can
have a call forwarded from a valid phone number to an invalid
phone number during the call-back process. Answer "Call enhancement" is a distracter.


質問 # 200
Who would be the BEST person to approve an organizations information security policy?

  • A. Chief Information Security Officer (CISO)
  • B. Chief Executive Officer (CEO)
  • C. Chief internal auditor
  • D. Chief Information Officer (CIO)

正解:A

解説:
Section: Security Operations


質問 # 201
Asymmetric algorithms are used for which of the following when using Secure Sockets Layer/Transport Layer Security (SSL/TLS) for implementing network security?

  • A. Hashing digest
  • B. Peer authentication
  • C. Session encryption
  • D. Payload data encryption

正解:C

解説:
Section: Mixed questions


質問 # 202
The Wired Equivalency Privacy algorithm (WEP) of the 802.11 Wireless
LAN Standard uses which of the following to protect the confidentiality
of information being transmitted on the LAN?

  • A. A digital signature that is sent between a mobile station (e.g., a laptop with a wireless Ethernet card) and a base station access point
  • B. A secret key that is shared between a mobile station (e.g., a laptop with a wireless Ethernet card) and a base station access point
  • C. A public/private key pair that is shared between a mobile station (e.g., a laptop with a wireless Ethernet card) and a base station access point
  • D. Frequency shift keying (FSK) of the message that is sent between a mobile station (e.g., a laptop with a wireless Ethernet card) and a base station access point

正解:B

解説:
The transmitted packets are encrypted with a secret key and an Integrity Check (IC) field comprised of a CRC-32 check sum that is attached to the message. WEP uses the RC4 variable key-size stream cipher encryption algorithm. RC4 was developed in 1987 by Ron Rivest and operates in output feedback mode. Researchers at the University of California at Berkely ([email protected]) have found that the security of the WEP algorithm can be compromised, particularly with the following attacks: Passive attacks to decrypt traffic based on statistical analysis Active attack to inject new traffic from unauthorized mobile stations, based on known plaintext Active attacks to decrypt traffic, based on tricking the access point Dictionary-building attack that, after analysis of about a day's worth of traffic, allows real-time automated decryption of all traffic The Berkeley researchers have found that these attacks are effective against both the 40-bit and the so-called 128-bit versions of WEP using inexpensive off-the-shelf equipment. These attacks can also be used against networks that use the 802.11b Standard, which is the extension to 802.11 to support higher data rates, but does not change the WEP algorithm. The weaknesses in WEP and 802.11 are being addressed by the IEEE 802.11i Working Group. WEP will be upgraded to WEP2 with the following proposed changes: Modifying the method of creating the initialization vector (IV) Modifying the method of creating the encryption key Protection against replays Protection against IV collision attacks Protection against forged packets In the longer term, it is expected that the Advanced Encryption Standard (AES) will replace the RC4 encryption algorithm currently used in WEP.


質問 # 203
Tim is a network administrator of Acme inc. He is responsible for configuring the network devices.
John the new security manager reviews the configuration of the Firewall configured by Tim and identifies an issue. This specific firewall is configured in failover mode with another firewall. A sniffer on a PC connected to the same switch as the firewalls can decipher the credentials, used by Tim while configuring the firewalls. Which of the following should be used by Tim to ensure a that no one can eavesdrop on the communication?

  • A. SCP
  • B. RSH
  • C. SSH
  • D. SFTP

正解:C

解説:
The SSH protocol provides an encrypted terminal session to the remote firewalls. By encrypting the data, it prevents sniffing attacks using a protocol analyzer also called a sniffer. With more and more computers installed in networked environments, it often becomes necessary to access hosts from a remote location. This normally means that a user sends login and password strings for authentication purposes. As long as these strings are transmitted as plain text, they could be intercepted and misused to gain access to that user account without the authorized user even knowing about it. Apart from the fact that this would open all the user's files to an attacker, the illegal account could be used to obtain administrator or root access or to penetrate other systems. In the past, remote connections were established with telnet, which offers no guards against eavesdropping in the form of encryption or other security mechanisms. There are other unprotected communication channels, like the traditional FTP protocol and some remote copying programs. The SSH suite provides the necessary protection by encrypting the authentication strings (usually a login name and a password) and all the other data exchanged between the hosts. With SSH, the data flow could still be recorded by a third party, but the contents are encrypted and cannot be reverted to plain text unless the encryption key is known. So SSH enables secure communications over insecure networks such as the Internet.
The following answers are incorrect: SCP and SFTP The SCP protocol is a network protocol that supports file transfers. The SCP protocol, which runs on port 22, is based on the BSD RCP protocol which is tunneled through the Secure Shell (SSH) protocol to provide encryption and authentication. SCP might not even be considered a protocol itself, but merely a combination of RCP and SSH. The RCP protocol performs the file transfer and the SSH protocol performs authentication and encryption. SCP protects the authenticity and confidentiality of the data in transit. It hinders the ability for packet sniffers to extract usable information from the data packets. The SCP protocol has been superseded by the more comprehensive SFTP protocol, which is also based on SSH.
RSH RSH@ allows a user to execute commands on a remote system without having to log in to the system. For example, RSH can be used to remotely examine the status of a number of access servers without connecting to each communication server, executing the command, and then disconnecting from the communication server. As described in the rlogin article, the rsh protocol is not secure for network use, because it sends unencrypted information over the network, among other things. Some implementations also authenticate by sending unencrypted passwords over the network. rsh has largely been replaced by the very similar SSH (secure shell) program on untrusted networks like the internet. As an example of RSH use, the following executes the command mkdir testdir as user remote user on the computer remote computer: rsh -l remote user remote computer "mkdir testdir"
After the command has finished RSH terminates. If no command is specified then rsh will log in on the remote system using rlogin. The following reference(s) were/was used to create this question: http://www.novell.com/documentation/suse91/suselinux-adminguide/html/ch19s02html and http://en.wikipedia.org/wiki/Remote_Shell and http://en.wikipedia.org/wiki/Secure_copy


質問 # 204
Which of the following is true about a "dry pipe" sprinkler system?

  • A. It reduces the likelihood of the sprinkler system pipes freezing.
  • B. It maximizes chances of accidental discharge of water.
  • C. It uses less water than "wet pipe" systems.
  • D. It is a substitute for carbon dioxide systems.

正解:A

解説:
A dry pipe system is used in areas where the water in the pipes is subject to freezing, and to minimize the chances of accidental discharge of water if the pipes would freeze in the winter time, and It minimizes chances of accidental discharge of water as well by not releasing the water until the pressure in the pipe would drop due to one of the sprinkler head being opened.
A Dry Pipe system has the water being held back from charging the sprinkler pipe system by a special kind of check valve called a "dry pipe valve" or "clapper valve". A dry pipe system is also a system which the pipes are filled with pressurized air or nitrogen rather than water. The air uses a mechanical advantage which holds back a device known as a dry pipe valve or clapper valve that prevent the water from getting into the pipe when it is pressurized. A small amount of water, called priming water, is also inside the dry pipe system, which is filled with either air or nitrogen under pressure.
The sprinkler pipe system is filled with pressurized air or nitrogen, which keeps the dry pipe valve closed using mechanical advantage. When any of the sprinkler valves open, the pressurized air or nitrogen is released, and the dropping pressure permits the dry pipe valve to open. It's primary use is to protect the sprinkler pipes from freezing.
A Wet Pipe system has the pipes always charged with water, and the thermal-fusible link in each sprinkler head is holding back the water. If any sprinkler head is exposed to enough heat, for long enough, the link will break/melt and water will be discharged. A wet pipe system is generally used when there is no danger of the water in the pipes freezing or when there are no special conditions that require a special purpose sprinkler system.
A Preaction Pipe system is used where accidental activation is undesired. It is similar to a Dry Pipe system, except one or more other interlocks, such as fire/heat sensors, are used in addition to sprinkler head opening and relieving the air pressure, which then permits the water to charge the sprinkler pipe system and flow through the open sprinkler head. This system has the added value of requiring a series of events before the water is actually permitted to flow, which can enable personnel to handle a small fire or incident without the flow of water.
All of the other answers were NOT true so they were wrong choices
The following reference(s) were/was used to create this question: Shon Harris, AIO v5, pg 444-445 and Ronald Krutz adn Russell Vines, The CISSP and CAP Prep Guide, pg 530


質問 # 205
Looking at the choices below, which ones would be the most suitable protocols/tools for securing e-mail?

  • A. IPsec and IKE
  • B. TLS and SSL
  • C. SSH
  • D. PGP and S/MIME

正解:D

解説:
Explanation/Reference:
Explanation:
Secure MIME (S/MIME) is a standard for encrypting and digitally signing electronic mail and for providing secure data transmissions.
PGP is often used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications.
Incorrect Answers:
B: IPSec is not used to protect e-mails. IPsec is used to secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPSec can be implemented with the help of the IKE security architecture.
C: SSL and TLS are primarily used to protect HTTP traffic.
D: SSH is not used to protect e-mails. SSH allows remote login and other network services to operate securely over an unsecured network.
References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 850-851


質問 # 206
What ensures that the control mechanisms correctly implement the security policy for the entire life cycle of an information system?

  • A. Administrative controls
  • B. Assurance procedures
  • C. Accountability controls
  • D. Mandatory access controls

正解:B

解説:
Assurance procedures ensure that the control mechanisms correctly implement the
security policy for the entire life cycle of an information system.
Pg 33 Krutz: The CISSP Prep Guide.


質問 # 207
Lack of which of the following options could cause a negative effect on an organization's reputation, revenue, and result in legal action, if the organization fails to perform due diligence?

  • A. Service Level Agreement (SLA)
  • B. Third-party risk management
  • C. Threat modeling methodologies
  • D. Service Level Requirement (SLR)

正解:A


質問 # 208
DRAG DROP
A software security engineer is developing a black box-based test plan that will measure the system's reaction to incorrect or illegal inputs or unexpected operational errors and situations. Match the functional testing techniques on the left with the correct input parameters on the right.

正解:

解説:


質問 # 209
Which is NOT a recommended way to dispose of unwanted used data
media?

  • A. Destroying CD-ROMs
  • B. Formatting diskettes seven or more times
  • C. Shredding paper reports by cleared personnel
  • D. Copying new data over existing data on diskettes

正解:D

解説:
The correct answer is copying new data over existing data on
diskettes. While this method might overwrite the older files, if the
new data file is smaller than the older data file, recoverable data
might exist past the file end marker of the new file.


質問 # 210
Which of the following best describes the difference between a circuit based and application based firewall?

  • A. Circuit based provides more security
  • B. Application based builds a state table
  • C. Circuit based firewalls are only found in Cisco routers
  • D. Circuit based looks at IP addresses and ports
  • E. Application based is more flexible and handles more protocols

正解:D

解説:
Circuit based look only at IP address and ports, whereas application based dig much deeper into the packet. This makes it more secure.


質問 # 211
......


ISC CISSP(認定情報システムセキュリティプロフェッショナル)認定試験は、情報セキュリティの分野で専門知識を証明したいプロフェッショナルにとって、世界的に認められた認定資格です。この認定は、情報セキュリティとサイバーセキュリティのキャリアアップを目指す経験豊富な専門家を対象に設計されています。認定試験は、セキュリティとリスク管理、アセットセキュリティ、セキュリティエンジニアリング、通信とネットワークセキュリティ、アイデンティティとアクセス管理、セキュリティ評価とテスト、セキュリティオペレーション、ソフトウェア開発セキュリティなどの情報セキュリティの様々なドメインにおける候補者の知識とスキルを測定します。

 

最新CISSP試験問題にはリアルなCISSP問題集があります:https://jp.fast2test.com/CISSP-premium-file.html

最新CISSP認証有効な試験問題集解答を試そう!:https://drive.google.com/open?id=16GSr3L8gT64DNlRmunUEbgWMaaQAhnXp


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어