検証済み！CC問題集と解答でCCテストエンジン正確解答付き [Q41-Q60]

検証済み！CC問題集と解答でCCテストエンジン正確解答付き

あなたを必ず合格させるCC問題集PDF2025年最新のに更新された160問あります

質問 # 41
Cyril wants to ensure all the devices on his company's internal IT environment are properly synchronized. Which of the following protocols would aid in this effort?

A. NTP (Network Time Protocol)
B. FTP (File Transfer Protocol)
C. SMTP (Simple Mail Transfer Protocol)
D. HTTP (Hypertext Transfer Protocol)

正解：A

質問 # 42
Trina is a security practitioner at Triffid, Inc. Trina has been tasked with selecting a new product to serve as a security control in the environment. After doing some research, Trina selects a particular product. Before that product can be purchased, a manager must review Trina's selection and determine whether to approve the purchase. This is a description of:

A. Segregation of duties
B. Defense in depth
C. Software
D. Two-person integrity

正解：A

質問 # 43
In order for a biometric security to function properly, an authorized person's physiological data must be ______.

A. Modified
B. Stored
C. Deleted
D. Broadcast

正解：B

質問 # 44
Which of the following is not a typical benefit of cloud computing services?

A. Reduced cost of ownership/investment
B. Metered usage
C. Freedom from legal constraints
D. Scalability

正解：C

質問 # 45
When Pritha started working for Triffid, Inc., Pritha had to sign a policy that described how Pritha would be allowed to use Triffid's IT equipment. What policy was this?

A. The organizational security policy
B. The acceptable use policy (AUP)
C. The workplace attire policy
D. The bring-your-own-device (BYOD) policy

正解：B

質問 # 46
Which of the following probably poses the most risk?

A. A low-likelihood, low-impact event
B. A high-likelihood, high-impact event
C. A low-likelihood, high-impact event
D. A high-likelihood, low-impact event

正解：B

質問 # 47
What is the goal of an incident response effort?

A. Save money
B. Punish wrongdoers
C. No incident ever happen
D. Reduce the impact of incidents on operations

正解：D

質問 # 48
Zarma is an (ISC)² member and a security analyst for Triffid Corporation. One of Zarma's colleagues is interested in getting an (ISC)2 certification and asks Zarma what the test questions are like. What should Zarma do?

A. Inform the colleague's supervisor
B. Explain the style and format of the questions, but no detail
C. Inform (ISC)2
D. Nothing

正解：B

質問 # 49
Bruce is the branch manager of a bank. Bruce wants to determine which personnel at the branch can get access to systems, and under which conditions they can get access. Which access control methodology would allow Bruce to make this determination?

A. Discretionary access control (DAC)
B. Defense-in-depth
C. Mandatory access control (MAC)
D. Role-based access control (RBAC)

正解：A

質問 # 50
A tool that aggregates log data from multiple sources, and typically analyzes it and reports potential threats.

A. Anti-malware
B. Router
C. HIDS
D. SIEM

正解：D

質問 # 51
Which of the following is likely to be included in the business continuity plan?

A. Log data from all systems
B. The organization's approach security approach
C. Last year's budget information
D. Alternate work areas for personnel affected by a natural disaster

正解：D

質問 # 52
Prachi works as a database administrator for Triffid, Inc. Prachi is allowed to add or delete users, but is not allowed to read or modify the data in the database itself. When Prachis logs onto the system, an access control list (ACL) checks to determine which permissions Prachi has.
Which security concept is being applied in this situation?

A. Least privilege
B. Defense in depth
C. Layered defense
D. Two-person integrity

正解：A

質問 # 53
Which of the following is an example of a "something you are" authentication factor?

A. Your password and PIN
B. A credit card presented to a cash machine
C. A user ID
D. A photograph of your face

正解：D

質問 # 54
Which of the following is not an appropriate control to add to privileged accounts?

A. Multifactor authentication
B. Increased logging
C. Increased auditing
D. Security deposit

正解：D

質問 # 55
Inbound traffic from an external source seems to indicate much higher rates of communication than normal, to the point where the internal systems might be overwhelmed. Which security solution can often identify and potentially counter this risk?

A. Anti-malware
B. Badge system
C. Firewall
D. Turnstile

正解：C

質問 # 56
Who approves the incident response policy?

A. Senior management
B. (ISC)2
C. The security manager
D. Investor

正解：A

質問 # 57
Jengi is setting up security for a home network. Jengi decides to configure MAC address filtering on the router, so that only specific devices will be allowed to join the network. This is an example of a(n)_______ control.