SSCP日本語ブレーン問題集リアル試験最新問題2025年02月11日には1338問題 [Q552-Q567]

Share

SSCP日本語ブレーン問題集リアル試験最新問題2025年02月11日には1338問題

最新SSCP日本語のPDF問題集リアル無料テスト本日更新です

質問 # 552
情報システムに対する脅威が現実化する確率とは?

  • A. 脅威
  • B. リスク
  • C. 脆弱性
  • D. 穴

正解:D

解説:
In this step, your main objective is to examine and analyze what has occurred and focus on determining the root cause of the incident.
Recovery is incorrect as recovery is about resuming operations or bringing affected systems back into production Containment is incorrect as containment is about reducing the potential impact of an incident.
Triage is incorrect as triage is about determining the seriousness of the incident and filtering out false positives


質問 # 553
値の上限が最小で値の下限が最大の要素のペアがあるアクセス制御のタイプとは何ですか?

  • A. 必須モデル
  • B. 格子モデル
  • C. ルールモデル
  • D. 任意モデル

正解:B

解説:
In a lattice model, there are pairs of elements that have the least upper bound of values and greatest lower bound of values.
Reference(s) used for this question:
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 34.


質問 # 554
ステーションがネットワーク上で初めて通信するとき、既知のイーサネット アドレスと一致するインターネット プロトコル (IP) アドレスを検索して見つけるプロトコルは次のうちどれですか?

  • A. アドレス解決プロトコル (ARP)。
  • B. 逆アドレス解決プロトコル (RARP)。
  • C. インターネット制御メッセージ プロトコル (ICMP)。
  • D. ユーザー データグラム プロトコル (UDP)。

正解:B

解説:
The RARP protocol sends out a packet, which includes its MAC address and a request to be informed of the IP address that should be assigned to that MAC address.
ARP does the opposite by broadcasting a request to find the Ethernet address that matches a known IP address.
ICMP supports packets containing error, control, and informational messages (e.g. PING). UDP runs over IP and is used primarily for broadcasting messages over a network.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 87.


質問 # 555
IPアドレスをパケットの宛先の適切なハードウェアアドレスに一致させて送信できるようにするために使用されるプロトコルは何ですか?

  • A. インターネット制御メッセージ プロトコル (ICMP)
  • B. ルーティング テーブル
  • C. アドレス解決プロトコル (ARP)
  • D. 逆アドレス解決プロトコル (RARP)

正解:B

解説:
All the previous protocols operate at the transport layer except for Secure HTTP (S- HTTP), which operates at the application layer. S-HTTP has been replaced by SSL and TLS.
As it is very well explained in the Shon Harris book:
The transport layer receives data from many different applications and assembles the data into a stream to be properly transmitted over the network. The main protocols that work at this layer are TCP, UDP, Secure Sockets Layer (SSL), and Sequenced Packet Exchange (SPX).
NOTE:
Different references can place specific protocols at different layers. For example, many references place the SSL protocol in the session layer, while other references place it in the transport layer. It is not that one is right or wrong. The OSI model tries to draw boxes around reality, but some protocols straddle the different layers. SSL is made up of two protocols-- one works in the lower portion of the session layer and the other works in the transport layer. For purposes of the CISSP exam, SSL resides in the transport layer.


質問 # 556
商用電力系統が故障したときに電力を供給する装置は、次のうちどれと呼ばれますか?

  • A. 電力分配器
  • B. パワーフィルター
  • C. パワーコンディショナー
  • D. 無停電電源装置

正解:D

解説:
A hot site has the equipment, software and communications capabilities to facilitate a recovery within a few minutes or hours following the notification of a disaster to the organization's primary site. With the exception of providing your own hot site, commercial hot sites provide the greatest protection. Most will allow you up to six weeks to restore your sites if you declare a disaster. They also permit an annual amount of time to test the Disaster Plan.
The following answers are incorrect:
Cold sites. Cold sites are empty computer rooms consisting only of environmental systems, such as air conditioning and raised floors, etc. They do not meet the requirements of most regulators and boards of directors that the disaster plan be tested at least annually.
Reciprocal Agreement. Reciprocal agreements are not contracts and cannot be enforced. You cannot force someone you have such an agreement with to provide processing to you.
Government regulators do not accept reciprocal agreements as valid disaster recovery backup sites.
Time Brokers. Time Brokers promise to deliver processing time on other systems. They charge a fee, but cannot guaranty that processing will always be available, especially in areas that experienced multiple disasters.


質問 # 557
次のうち、予防的なログイン制御ではないものはどれですか?

  • A. アカウントの有効期限
  • B. パスワード エージング
  • C. 最後のログイン メッセージ
  • D. 最小パスワード長

正解:C

解説:
The last login message displays the last login date and time, allowing a user to discover if their account was used by someone else. Hence, this is rather a detective control.


質問 # 558
対策のコストがリスクのコストを上回る場合、リスクをどのように処理する必要がありますか?

  • A. リスクを減らす
  • B. リスクを受け入れる
  • C. リスクを拒否する
  • D. 別のリスク分析を実行する

正解:B

解説:
The cost of a countermeasure should not be greater in cost than the risk it mitigates (ALE). For a quantitative risk assessment, the equation is ALE = ARO x SLE where the SLE is calculated as the product of asset value x exposure factor. An event that happen once every five years would have an ARO of .2 (1 divided by 5).
SLE = Asset Value (AV) x Exposure Fact (EF)
SLE = 1,000,000 x .30 = 300,000
ALE = SLE x Annualized Rate of Occurance (ARO)
ALE = 300,000 x .2 = 60,000
Know your acronyms:
ALE -- Annual loss expectancy
ARO -- Annual rate of occurrence
SLE -- Single loss expectancy
The following are incorrect answers:
$300,000 is incorrect. See the explanation of the correct answer for the correct calculation.
$150,000 is incorrect. See the explanation of the correct answer for the correct calculation.
$1,500 is incorrect. See the explanation of the correct answer for the correct calculation.


質問 # 559
__________の基準では、一定レベルの完全性と情報保護レベルを維持することが定められています。

  • A. BSO 1799
  • B. 十分な注意
  • C. デューデリジェンス
  • D. 適正手続き

正解:B


質問 # 560
システム開発ライフサイクルの次のフェーズのうち、設計の基盤として優れたセキュリティ ポリシーを確立することに最も関心があるのはどれですか?

  • A. 開発/買収
  • B. 開始
  • C. 実装
  • D. メンテナンス

正解:B

解説:
A security policy is an important document to develop while designing an information system. The security policy begins with the organization's basic commitment to information security formulated as a general policy statement.
The policy is then applied to all aspects of the system design or security solution. The policy identifies security goals (e.g., confidentiality, integrity, availability, accountability, and assurance) the system should support, and these goals guide the procedures, standards and controls used in the IT security architecture design.
The policy also should require definition of critical assets, the perceived threat, and security- related roles and responsibilities.


質問 # 561
ソフトウェアおよびハードウェアを使用してセキュリティ ポリシー違反を明らかにすることを目的とした制御手段は、次のものに関連付けられています。

  • A. 探偵/物理
  • B. 探偵/技術者
  • C. 探偵/行政
  • D. 予防/物理

正解:B

解説:
The detective/technical control measures are intended to reveal the violations of security policy using technical means.


質問 # 562
事業継続計画 (BCP) は、以下を促進する準備として定義されていません。

  • A. 災害による影響の軽減
  • B. 基幹業務の迅速な復旧
  • C. 技術的制御の調整のための脅威活動の監視
  • D. 重要なビジネス機能の継続

正解:B

解説:
The following answers are incorrect.
Symmetric Key. Is incorrect because RSA is a Public Key or a Asymmetric Key cryptographic system and not a Symmetric Key or a Secret Key cryptographic system.
Secret Key. Is incorrect because RSA is a Public Key or a Asymmetric Key cryptographic system and not a Secret Key or a Symmetric Key cryptographic system.
Private Key. Is incorrect because Private Key is just one part if an Asymmetric Key cryptographic system, a Private Key used alone is also called a Symmetric Key cryptographic system.


質問 # 563
次のうち、管理統制として最も適切に分類されるものはどれですか?

  • A. 物理的および環境保護
  • B. 人員のセキュリティ
  • C. セキュリティ管理策の見直し
  • D. ドキュメント

正解:C

解説:
Management controls focus on the management of the IT security system
and the management of risk for a system.
They are techniques and concerns that are normally addressed by management.
Routine evaluations and response to identified vulnerabilities are important elements of managing the risk of a system, thus considered management controls.
SECURITY CONTROLS: The management, operational, and technical controls
(i.e.,safeguards or countermeasures) prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information.
SECURITY CONTROL BASELINE: The set of minimum security controls defined for a low- impact, moderate-impact,or high-impact information system.
The following are incorrect answers:
Personnel security, physical and environmental protection and documentation are forms of operational controls.
Reference(s) used for this question:
http://csrc.nist.gov/publications/drafts/800-53-rev4/sp800-53-rev4-ipd.pdf and FIPS PUB 200 at http://csrc.nist.gov/publications/fips/fips200/FIPS-200-final-march.pdf


質問 # 564
評価されたものの、上位部門の基準と要件を満たしていないシステムに対して予約されているオレンジブックのセキュリティ評価は何ですか?

  • A. D
  • B. E
  • C. A
  • D. F

正解:A

解説:
D or "minimal protection" is reserved for systems that were evaluated under the TCSEC but did not meet the requirements for a higher trust level.
A is incorrect. A or "Verified Protectection" is the highest trust level under the TCSEC.
E is incorrect. The trust levels are A - D so "E" is not a valid trust level.
F is incorrect. The trust levels are A - D so "F" is not a valid trust level.


質問 # 565
次のうち、ソフトウェア製品の保守フェーズの変更管理サブフェーズに含まれる可能性が低いものはどれですか?

  • A. ユーザーに提示するインターフェースの決定
  • B. 要求された変更のコストの見積もり
  • C. リクエストの優先順位の確立
  • D. 問題の再現と分析

正解:C

解説:
Change control sub-phase includes Recreating and analyzing the problem, Determining the interface that is presented to the user, and Establishing the priorities of requests.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 7: Applications and Systems Development (page 252).


質問 # 566
情報システム内で機密性を保持するには、情報が次の者に開示されないようにする必要があります。

  • A. 許可されていない人。
  • B. 許可されていない人物またはプロセス。
  • C. 権限のある人
  • D. 権限のある人物とプロセス

正解:B

解説:
Confidentiality assures that the information is not disclosed to unauthorized persons or processes.


質問 # 567
......

SSCP日本語問題集には100%厳密検証された問題と解答で合格保証もしくは全額返金:https://jp.fast2test.com/SSCP-JPN-premium-file.html


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어