無料提供中のCISSP試験問題集で(2023年最新のPDF問題集)信頼度の高いテストエンジン [Q614-Q637]

Share

無料提供中のCISSP試験問題集で(2023年最新のPDF問題集)信頼度の高いテストエンジン

CISSPのPDFで最近更新された問題です集試験点数を伸ばそう


ISC CISSP(認定情報システムセキュリティプロフェッショナル)試験は、サイバーセキュリティの分野で最も高く評価されている認定の1つです。この試験は、組織の情報セキュリティプログラムの設計、実装、および管理を担当する専門家の知識とスキルをテストするように設計されています。 CISSP認定は世界的に認識されており、雇用主によって高く評価されており、サイバーセキュリティの専門家の間で非常に人気のある認定となっています。

 

質問 # 614
When implementing controls in a heterogeneous end-point network for an organization, it is critical that

  • A. common software security components be implemented across all hosts.
  • B. hosts are able to establish network communications.
  • C. users can make modifications to their security software configurations.
  • D. firewalls running on each host are fully customizable by the user.

正解:A


質問 # 615
Which of the following algorithms does NOT provide hashing?

  • A. SHA-1
  • B. MD2
  • C. RC4
  • D. MD5

正解:C

解説:
As it is an algorithm used for encryption and does not provide hashing functions , it is also commonly implemented ' Stream Ciphers '.
The other answers are incorrect because :
SHA-1 was designed by NIST and NSA to be used with the Digital Signature Standard
(DSS). SHA was designed to be used in digital signatures and was developed when a more secure hashing algorithm was required for U.S. government applications.
MD2 is a one-way hash function designed by Ron Rivest that creates a 128-bit message digest value. It is not necessarily any weaker than the other algorithms in the "MD" family, but it is much slower.
MD5 was also created by Ron Rivest and is the newer version of MD4. It still produces a
128-bit hash, but the algorithm is more complex, which makes it harder to break.
Reference : Shon Harris , AIO v3 , Chapter - 8 : Cryptography , Page : 644 - 645


質問 # 616
Which of the following issues is not addressed by Kerberos?

  • A. Authentication
  • B. Availability
  • C. Integrity
  • D. Confidentiality

正解:B

解説:
The KDC (Kerberos Distribution Center) can be a single point of failure.
Confidentiality is incorrect. Kerberos does ensure confidentiality, keeping communications private
between systems over a network.
Integrity is incorrect. Kerberos does ensure integrity.
Authentication is incorrect. Kerberos does provide authentication.
References:
CBK pp 181-194


質問 # 617
When reviewing the security logs, the password shown for an administrative login event was ' OR ' '1'='1' --. This is an example of which of the following kinds of attack?

  • A. Cross-Site Scripting (XSS)
  • B. Structured Query Language (SQL) Injection
  • C. Rainbow Table Attack
  • D. Brute Force Attack

正解:B


質問 # 618
Which of the following is NOT a property of a Packet Filtering Firewall?

  • A. Operates at the Application Layer
  • B. Considered a first-generation firewall
  • C. Uses ACLs
  • D. Examines the source and destination addresses of the incoming packet

正解:A

解説:
The correct answer is Operates at the Application Layer. A packet-filtering firewall can operate at the network or transport layers.


質問 # 619
Software Code signing is used as a method of verifying what security concept?

  • A. Integrity
  • B. Access Control
  • C. Confidentiality
  • D. Availability

正解:A


質問 # 620
In a Public Key Infrastructure, how are public keys published?

  • A. They are sent via e-mail.
  • B. They are not published.
  • C. Through digital certificates.
  • D. They are sent by owners.

正解:C

解説:
Public keys are published through digital certificates, signed by certification authority
(CA), binding the certificate to the identity of its bearer.
A bit more details:
Although "Digital Certificates" is the best (or least wrong!) in the list of answers presented, for the
past decade public keys have been published (ie: made known to the World) by the means of a
LDAP server or a key distribution server (ex.: http://pgp.mit.edu/). An indirect publishing method is
through OCSP servers (to validate digital signatures' CRL)
Reference used for this question:
TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
and
http://technet.microsoft.com/en-us/library/dd361898.aspx


質問 # 621
In biometric identification systems, at the beginning, it was soon apparent that truly positive identification could only be based on physical attributes of a person. This raised the necessicity of answering 2 questions:

  • A. what was the tone of the voice of a person and his habits
  • B. what part of the body to be used and how to accomplish identification to be viable
  • C. what was the sex of a person and his age
  • D. what was the age of a person and his income level

正解:B


質問 # 622
Which of the following is true about link encryption?

  • A. Only secure nodes are used in this type of transmission.
  • B. This mode does not provide protection if anyone of the nodes along the transmission path is compromised.
  • C. Each entity has a common key with the destination node.
  • D. Encrypted messages are only decrypted by the final node.

正解:B

解説:
In link encryption, each entity has keys in common with its two neighboring nodes in
the transmission chain.
Thus, a node receives the encrypted message from its predecessor, decrypts it, and then re-
encrypts it with a new key, common to the successor node. Obviously, this mode does not provide
protection if anyone of the nodes along the transmission path is compromised.
Encryption can be performed at different communication levels, each with different types of
protection and implications. Two general modes of encryption implementation are link encryption
and end-to-end encryption.
Link encryption encrypts all the data along a specific communication path, as in a satellite link, T3
line, or telephone circuit. Not only is the user information encrypted, but the header, trailers,
addresses, and routing data that are part of the packets are also encrypted. The only traffic not
encrypted in this technology is the data link control messaging information, which includes
instructions and parameters that the different link devices use to synchronize communication
methods. Link encryption provides protection against packet sniffers and eavesdroppers.
In end-to-end encryption, the headers, addresses, routing, and trailer information are not
encrypted, enabling attackers to learn more about a captured packet and where it is headed.
Reference(s) used for this question:
Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (pp. 845-846). McGraw-Hill.
And:
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of
Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 132).


質問 # 623
Which model, based on the premise that the quality of a software product is a direct function of the quality of its associated software development and maintenance processes, introduced five levels with which the maturity of an organization involved in the software process is evaluated?

  • A. The Spiral Model
  • B. The Software Capability Maturity Model
  • C. The Total Quality Model (TQM)
  • D. The IDEAL Model

正解:B

解説:
The Software Capability Maturity Model (CMM) is based on the premise that the quality of a software product is a direct function of the quality of its associated software development and maintenance processes. It introduces five maturity levels that serve as a foundation for conducting continuous process improvement and as an ordinal scale for measuring the maturity of the organization involved in the software processes.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 7: Applications and
Systems Development (page 254).


質問 # 624
Which of the following is less likely to be used in creating a Virtual Private Network?

  • A. L2TP
  • B. PPTP
  • C. IPSec
  • D. L2F

正解:D

解説:
"The following are the three most common VPN communications protocol standards:
Point-to-Point Tunneling Protocol(PPTP). PPTP works at the Data Link Layer of the OSI model. Designed for individual client to server connections, it enables only a single point-to-point connection per session. This standard is very common with asynchronous connections that use Win9x or NT clients. PPTP uses native Point-to-Point Protocol (PPP) authentication and encryption services.
Layer 2 Tunneling Protocol (L2TP). L2TP is a combination of PPTP and the earlier Layer 2 Forwarding (L2F) Protocol that works at the Data Link Layer like PPTP. It has become an accepted tunneling standard for VPN's. In fact, dial-up VPNs use this standard quite frequently. Like PPTP, this standard was designed for single point-to-point client to server connections. Not that multiple protocols can be encapsulated within the L2TP tunnel, but do not use encryption like PPTP. Also, L2TP supports TACACS+ and RADIUS, but PPTP does not.
IPSEC. IPSec operates at the Network Layer and it enables multiple and simultaneous tunnels, unlike the single connection of the previous standards. IPSec has the functionality to encrypt and authenticate IP data. It is built into the new Ipv6 standard, and is used as an add-on to the current Ipv4. While PPTP and L2TP are aimed more at dial-up VPNs, IPSec focuses more on network-tonetwork connectivity." Pg. 123-125 Krutz: The CISSP Prep Guide: Gold Edition.


質問 # 625
What is a consideration when determining the potential impact an organization faces in the event of the loss of confidentiality of Personally Identifiable Information (PII)?

  • A. Criticality
  • B. Quality
  • C. Quantity
  • D. Availability

正解:C


質問 # 626
An important element of database design that ensures that the attributes
in a table depend only on the primary key is:

  • A. Data reuse.
  • B. Data normalization.
  • C. Data integrity.
  • D. Database management.

正解:B

解説:
The correct answer is "Data normalization". Normalization includes eliminating redundant data and eliminating attributes in a table that are not dependent on the primary key of that table. In answer a, a database management system (DBMS) provides access to the database and is used for maintaining the database. Answers "Data integrity" and "Data reuse" are distracters.


質問 # 627
One of the offences an individual or company can commit is decompiling vendor code. This is usually done in the hopes of understanding the intricate details of its functionality. What best describes this type of non-ethical engineering?

  • A. Reverse Engineering
  • B. Subvert Engineering
  • C. Backward Engineering
  • D. Inverse Engineering

正解:A


質問 # 628
Which of the following is used to support the of defense in depth during development phase of a software product?

  • A. Maintenance
  • B. Known vulnerability list
  • C. Security auditing
  • D. Polyinstantiation

正解:C


質問 # 629
Which of the following is an Internet IPsec protocol to negotiate, establish, modify, and delete security associations, and to exchange key generation and authentication data, independent of the details of any specific key generation technique, key establishment protocol, encryption algorithm, or authentication mechanism?

  • A. Simple Key-management for Internet Protocols (SKIP)
  • B. Internet Security Association and Key Management Protocol (ISAKMP)
  • C. IPsec Key exchange (IKE)
  • D. OAKLEY

正解:B

解説:
Explanation/Reference:
Explanation:
ISAKMP defines actions and packet formats to establish, negotiate, modify and delete Security Associations. It is distinct from key exchange protocols with the intention of cleanly separating the details of security association management and key management from the details of key exchange.
Incorrect Answers:
A: The Oakley Key Determination Protocol is a key-agreement protocol that allows authenticated parties to exchange keying material across an insecure connection by making use of the Diffie-Hellman key exchange algorithm.
C: Simple Key-management for Internet Protocols (SKIP) was a protocol developed by the IETF Security Working Group for the sharing of encryption keys.
D: Internet Key Exchange (IKE) provides authenticated keying material for use with ISAKMP.
References:
https://en.wikipedia.org/wiki/Internet_Security_Association_and_Key_Management_Protocol
https://en.wikipedia.org/wiki/Oakley_protocol
https://en.wikipedia.org/wiki/Simple_Key-Management_for_Internet_Protocol Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 863


質問 # 630
Which of the following is the MAIN goal of a data retention policy?

  • A. Ensure that data recovery can be done on the data.
  • B. Ensure the integrity and confidentiality of data for a predetermined amount of time.
  • C. Ensure that data is destroyed properly.
  • D. Ensure the integrity and availability of data for a predetermined amount of time.

正解:D


質問 # 631
Attack trees are MOST useful for which of the following?

  • A. Enumerating threats
  • B. Generating attack libraries
  • C. Determining system security scopes
  • D. Evaluating Denial of Service (DoS) attacks

正解:C

解説:
Section: Software Development Security


質問 # 632
The PRIMARY outcome of a certification process is that it provides documented

  • A. standards for security assessment, testing, and process evaluation.
  • B. security analyses needed to make a risk-based decision.
  • C. system weakness for remediation.
  • D. interconnected systems and their implemented security controls.

正解:B

解説:
Section: Software Development Security
Explanation


質問 # 633
Retaining system logs for six months or longer can be valuable for what activities?

  • A. Disaster recovery and business continuity
  • B. Forensics and incident response
  • C. Physical and logical access control
  • D. Identity and authorization management

正解:B


質問 # 634
In non-discretionary access control, a central authority determines what subjects can have access to certain objects based on the organizational security policy. The access controls may be based on:

  • A. the individual's role in the organization
  • B. the society's role in the organization
  • C. the group-dynamics as they relate to the master-slave role in the organization
  • D. the group-dynamics as they relate to the individual's role in the organization

正解:A

解説:
Non-Discretionary Access Control. A central authority determines what subjects can have access to certain objects based on organizational security policy. The access controls may be based on the individual's role in the organization (role-based) or the subject's responsibilities and duties (task-based). Pg. 33 Krutz: The CISSP Prep Guide.


質問 # 635
Order the below steps to create an effective vulnerability management process.

正解:

解説:

Explanation


質問 # 636
A hospital enforces the Code of Fair Information Practices. What practice applies to a patient requesting their medical records from a web portal?

  • A. Use limitation
  • B. Purpose specification
  • C. Individual participation
  • D. Collection limitation

正解:D


質問 # 637
......


ISC CISSP試験は容易ではなく、難易度が非常に高いです。試験は複数選択式の形式で、6時間以内に250問を解答する必要があります。この試験では、候補者が実際の現場で知識を応用する能力を測定し、情報セキュリティ分野でキャリアを向上させたいプロフェッショナルにとって高く評価される認定資格となっています。

 

CISSP完全版問題集には無料PDF問題で合格させる:https://www.goshiken.com/ISC/CISSP-mondaishu.html

無料ISC Certification CISSP公式認定ガイドPDFダウンロード:https://drive.google.com/open?id=1YD1fwB5YfIV1ERYIYPVrCjzWtqDLfJ3W