
100-160認証試験の問題集解答を提供しています [2025年07月]
更新された100-160試験練習テスト問題
質問 # 164
What does the term "data classification" refer to in the context of cybersecurity?
- A. Encrypting data to ensure confidentiality
- B. Backing up data to prevent data loss
- C. Protecting data from unauthorized access
- D. Sorting data based on its importance and sensitivity
正解:D
解説:
Data classification is the process of categorizing data based on its importance, sensitivity, and the level of protection required. This helps ensure that appropriate security measures are applied to protect different types of data.
質問 # 165
Which of the following is an example of a natural disaster?
- A. Data breach
- B. Malware attack
- C. Power outage
- D. Server failure
正解:C
解説:
A power outage is considered a natural disaster because it is caused by factors beyond human control, such as severe weather conditions or infrastructure failures. It can disrupt normal operations and impact the availability of systems and resources.
質問 # 166
During a vulnerability assessment, what is the purpose of making recommendations?
- A. To obtain management approval for security measures.
- B. To justify the need for additional cybersecurity resources.
- C. To allocate responsibility for fixing the vulnerabilities.
- D. To mitigate identified vulnerabilities.
正解:D
解説:
The purpose of making recommendations during a vulnerability assessment is to provide guidance on how to mitigate or fix the identified vulnerabilities. These recommendations may include suggested actions, such as applying patches, updating configurations, or implementing additional security controls.
質問 # 167
Which of the following best describes the concept of automation in cybersecurity testing?
- A. Conducting manual security tests
- B. Using software and tools to automatically conduct security tests
- C. Implementing security controls to prevent attacks
- D. Performing physical tests on network infrastructure
正解:B
解説:
Automation in cybersecurity testing involves using software and tools to automatically conduct security tests. This approach helps to increase efficiency and accuracy by automating repetitive tasks, such as vulnerability scanning, penetration testing, and log analysis. It allows for the identification of security issues and vulnerabilities in a timely manner.
質問 # 168
Which protocol is used for broadcasting and resolving MAC addresses to IP addresses?
- A. UDP
- B. TCP
- C. ICMP
- D. ARP
正解:D
解説:
ARP (Address Resolution Protocol) is used for broadcasting and resolving MAC (Media Access Control) addresses to IP addresses within a local network. It helps devices determine the MAC address associated with a given IP address, enabling proper communication on the network. ARP operates at the data link layer of the OSI model.
質問 # 169
Which technology actively inspects incoming and outgoing network traffic and takes immediate action to prevent security threats?
- A. IDS
- B. IPS
- C. Firewall
- D. Server
正解:B
解説:
An Intrusion Prevention System (IPS) is a technology that actively inspects network traffic, both incoming and outgoing, and takes immediate action to prevent security threats. It not only identifies potential threats but also actively blocks or mitigates them in real-time.
質問 # 170
Why is it important to maintain the chain of custody when handling digital evidence?
- A. To prevent unauthorized access or tampering.
- B. To ensure the evidence is stored securely.
- C. To accelerate the analysis of the evidence.
- D. To recover lost or deleted data from the evidence.
正解:A
解説:
Maintaining the chain of custody is crucial to ensure the integrity and admissibility of digital evidence in a legal case. It helps establish that the evidence has not been tampered with or accessed by unauthorized individuals, which ensures its reliability and credibility. By maintaining a strict chain of custody, any potential challenges to the evidence's validity can be effectively addressed by demonstrating that it has been handled in a controlled and secure manner.
質問 # 171
What is a common vulnerability in Internet of Things (IoT) devices?
- A. All of the above.
- B. Insufficient physical security measures.
- C. Lack of user access controls and authentication mechanisms.
- D. Weak encryption protocols used for data transmission.
正解:A
解説:
IoT devices often suffer from multiple vulnerabilities. Weak encryption protocols make data transmission susceptible to interception and unauthorized access. Insufficient physical security measures can result in the theft or compromise of the device itself. Furthermore, the lack of user access controls and authentication mechanisms can allow unauthorized individuals to infiltrate and manipulate IoT devices.
質問 # 172
What is spear phishing?
- A. A form of social engineering attack that uses SMS or text messages to trick victims into revealing sensitive information.
- B. A type of phishing attack that targets specific individuals or organizations.
- C. A physical attack where an unauthorized person gains entry to a restricted area by following closely behind an authorized person.
- D. A cyber attack where an attacker manipulates and deceives an individual to reveal sensitive information.
正解:B
解説:
Spear phishing is a targeted form of phishing attack that focuses on specific individuals or organizations. In spear phishing, the attacker gathers information about the target and tailors the phishing emails or messages to make them seem more legitimate and convincing. The goal is to trick the target into revealing sensitive information, such as login credentials or financial details.
質問 # 173
Which state of data is appropriate for encrypting sensitive information stored in a database?
- A. Data at rest
- B. Data in transit
- C. Data in use
- D. Data in motion
正解:A
解説:
Data at rest refers to data that is stored on storage devices such as hard drives, databases, or backups. Encrypting sensitive information in a database while it is at rest ensures that even if the database is compromised, the data remains protected, and unauthorized access or theft of the data becomes more challenging.
質問 # 174
Which of the following is an example of a preventive control?
- A. Firewall
- B. User access log
- C. Incident response plan
- D. Intrusion detection system
正解:A
解説:
A firewall is a preventive control that helps to protect a network by acting as a barrier between internal and external networks, monitoring and controlling incoming and outgoing traffic based on predetermined security rules. It prevents unauthorized access and defends against network-based attacks.
質問 # 175
Which encryption algorithm is commonly used for securing wireless network communication?
- A. DES
- B. SSL
- C. AES
- D. RC4
正解:C
解説:
AES (Advanced Encryption Standard) is widely used for securing wireless network communications. It is considered a strong and secure symmetric encryption algorithm that provides confidentiality and data integrity in wireless networks. AES has become the standard encryption algorithm for securing Wi-Fi networks (WPA2).
質問 # 176
Which of the following log file entries is typically associated with a Distributed Denial of Service (DDoS) attack?
- A. "Web server responding slowly to client requests at 14:10:15."
- B. "Spike in network traffic volume at 12:45:10."
- C. "Unusual number of concurrent sessions established at 09:30:00."
- D. "High CPU utilization on server at 15:20:05."
正解:B
解説:
In a Distributed Denial of Service (DDoS) attack, the attacker overwhelms the target system or network with a massive volume of traffic from multiple sources. This excessive traffic causes the targeted system to become inaccessible to legitimate users. Therefore, a sudden and significant spike in network traffic volume is a typical indicator of a DDoS attack. Additionally, other log entries may also be present, such as increased resource utilization or slow response times, as mentioned in the other options, but the spike in network traffic volume is the most indicative of a DDoS attack.
質問 # 177
Which of the following is a characteristic of weak encryption algorithms?
- A. They support secure communication protocols.
- B. They are susceptible to cryptanalysis attacks.
- C. They are resistant to brute force attacks.
- D. They provide encryption keys with longer bit lengths.
正解:B
解説:
Weak encryption algorithms are those that can be easily broken or exploited using various encryption analysis techniques. These algorithms have vulnerabilities that can be used to decrypt the encrypted data without the need for the encryption key.
質問 # 178
Which of the following is an example of a passive vulnerability identification technique?
- A. Penetration testing
- B. Vulnerability scanning
- C. Incident response
- D. Intrusion detection system (IDS)
正解:B
解説:
Vulnerability scanning is a passive technique used to identify vulnerabilities in a system or network. It involves the use of automated tools that scan the system for known vulnerabilities without actively exploiting them.
質問 # 179
Which compliance framework lays out guidelines for protecting the privacy of student education records in educational institutions?
- A. FERPA
- B. HIPAA
- C. PCI-DSS
- D. GDPR
正解:A
解説:
The Family Educational Rights and Privacy Act (FERPA) is a compliance framework that safeguards the privacy of student education records in educational institutions. FERPA provides guidelines for the control and release of these records, ensuring that students' personally identifiable information (PII) is protected and not disclosed without consent.
質問 # 180
What is the highest level of risk for a cybersecurity vulnerability that poses an immediate and significant threat to critical assets, systems, or data?
- A. Low risk
- B. High risk
- C. Extremely high risk
- D. Medium risk
正解:C
解説:
The highest level of risk for a cybersecurity vulnerability that poses an immediate and significant threat to critical assets, systems, or data is categorized as an extremely high risk. Vulnerabilities at this level represent a severe and imminent danger to an organization's key resources and require immediate attention and mitigation efforts to minimize potential harm or losses.
質問 # 181
Which of the following helps to ensure the confidentiality of data in computer operations?
- A. Access control lists (ACLs)
- B. Data integrity controls
- C. Intrusion Detection System (IDS)
- D. Antivirus software
正解:A
解説:
Access control lists (ACLs) are a security mechanism used in computer operations to enforce and manage access permissions for users and resources. ACLs enable organizations to control who can access specific data or resources, helping to ensure the confidentiality of sensitive information.
質問 # 182
Which endpoint security mechanism is used to secure data transmitted between the endpoint and the network?
- A. Antivirus
- B. Firewall
- C. Encryption
- D. Intrusion Detection System (IDS)
正解:C
解説:
Encryption is the mechanism used to secure data transmitted between the endpoint and the network. By encrypting the data, it becomes unreadable to unauthorized parties, ensuring the confidentiality and integrity of the information being transmitted. Encryption transforms the data into a ciphertext, which can only be decrypted back into its original form using the proper encryption key. This helps protect sensitive and confidential data from interception and unauthorized access during transmission over the network.
質問 # 183
Which of the following password policies is considered a best practice?
- A. Storing passwords in plain text format
- B. Enforcing a minimum password length and complexity requirements
- C. Allowing users to set easily guessable passwords
- D. Requiring passwords to be changed every 5 years
正解:B
解説:
Enforcing a minimum password length and complexity requirements is considered a best practice for password policies. This helps to ensure that passwords are not easily guessable and increases the security of user accounts.
質問 # 184
Which of the following statements best describes the impact of compliance frameworks on incident handling?
- A. Compliance frameworks have no impact on incident handling.
- B. Compliance frameworks focus primarily on prevention, not incident handling.
- C. Compliance frameworks are only relevant for incident response teams.
- D. Compliance frameworks establish standards and guidelines for incident handling.
正解:D
解説:
Compliance frameworks, such as the Payment Card Industry Data Security Standard (PCI DSS) or the Health Insurance Portability and Accountability Act (HIPAA), play a crucial role in incident handling. These frameworks define requirements and best practices for various aspects of cybersecurity, including incident response. They outline procedures and guidelines to be followed during incident handling and help organizations establish an effective incident response plan. Compliance frameworks ensure that incidents are handled according to industry standards and regulatory requirements, helping organizations mitigate risks, minimize damages, and maintain compliance with relevant laws and regulations.
質問 # 185
When should a firewall rule triggering block external access to a network resource be escalated?
- A. Only if the access attempt is from a known malicious IP address.
- B. Always, regardless of authorization.
- C. Only if the access was authorized.
- D. Never, as it is a normal security function of a firewall.
正解:D
解説:
Blocking external access to a network resource is a normal security function of a firewall and does not necessarily require escalation. Firewalls are designed to monitor and control incoming and outgoing network traffic based on predetermined rules and configurations. However, if the rule is triggered unexpectedly or causes disruption to critical services, it may be appropriate to escalate the issue for further investigation or adjustment of the firewall rule.
質問 # 186
During the incident handling process, what is the main purpose of conducting a post-incident analysis?
- A. Identifying the individuals responsible for the incident
- B. Restoring all affected systems to their pre-incident state
- C. Assessing the overall effectiveness of the incident response plan
- D. Providing management with a summary of the incident
正解:C
解説:
Conducting a post-incident analysis serves the purpose of assessing the overall effectiveness of the incident response plan. It helps identify any weaknesses or areas for improvement in the plan. While identifying responsible individuals, restoring affected systems, and providing management summaries are important aspects, the primary focus of a post-incident analysis is to evaluate and enhance future incident response efforts.
質問 # 187
......
検証済みの100-160問題集と解答を使って100%一発合格保証で更新された問題集:https://drive.google.com/open?id=173E6IbsbvopRM3lroncwUDf3jd1KekCQ
合格させるCisco CCST 100-160試験には310問があります:https://jp.fast2test.com/100-160-premium-file.html