ISC CISSP過去問、CISSP試験概要自分の幸せは自分で作るものだと思われます。ただ、社会に入るIT卒業生たちは自分能力の不足で、CISSP試験向けの仕事を探すのを悩んでいますか?それでは、弊社のISCのCISSP練習問題を選んで実用能力を速く高め、自分を充実させます。その結果、自信になる自己は面接のときに、面接官のいろいろな質問を気軽に回答できて、順調にCISSP向けの会社に入ります。
CISSP認定試験は、セキュリティとリスク管理、資産セキュリティ、セキュリティアーキテクチャとエンジニアリング、コミュニケーションとネットワークセキュリティ、アイデンティティとアクセス管理、セキュリティ評価とテスト、セキュリティ運用、ソフトウェア開発セキュリティなど、情報セキュリティの8つのドメインをカバーしています。この試験は、これらのドメインに関する個人の知識と理解、および実際のシナリオでこの知識を適用する能力をテストするように設計されています。 ISC Certified Information Systems Security Professional (CISSP) 認定 CISSP 試験問題 (Q1396-Q1401):質問 # 1396
Authentication Headers (AH) and Encapsulating Security Payload (ESP) protocols are the driving force of IPSec. Authentication Headers (AH) provides the following service except:
A. Integrity
B. Replay resistance and non-repudiations
C. Confidentiality
D. Authentication
正解:C
解説:
AH provides integrity, authentication, and non-repudiation. AH does not provide encryption which means that NO confidentiality is in place if only AH is being used.
You must make use of the Encasulating Security Payload if you wish to get confidentiality.
IPSec uses two basic security protocols: Authentication Header (AH) and Encapsulation
Security Payload.
AH is the authenticating protocol and the ESP is the authenticating and encrypting protocol that uses cryptographic mechanisms to provide source authentication, confidentiality and message integrity.
The modes of IPSEC, the protocols that have to be used are all negotiated using Security
Association. Security Associations (SAs) can be combined into bundles to provide authentication, confidentialility and layered communication.
Source:
TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4th
Edition, Volume 2, 2001, CRC Press, NY, page 164.
also see:
Shon Harris, CISSP All In One Exam Guide, 5th Edition, Page 758
質問 # 1397
Which of the following embodies all the detailed actions that personnel are required to follow?
A. Procedures
B. Baselines
C. Guidelines
D. Standards
正解:A
解説:
Procedures are step-by-step instructions in support of of the policies, standards, guidelines and baselines. The procedure indicates how the policy will be implemented and who does what to accomplish the tasks."
Standards is incorrect. Standards are a "Mandatory statement of minimum requirements that support some part of a policy, the standards in this case is your own company standards and not standards such as the ISO standards"
Guidelines is incorrect. "Guidelines are discretionary or optional controls used to enable individuals to make judgments with respect to security actions."
Baselines is incorrect. Baselines "are a minimum acceptable level of security. This minimum is implemented using specific rules necessary to implement the security controls in support of the policy and standards." For example, requiring a password of at leat 8 character would be an example. Requiring all users to have a minimun of an antivirus, a personal firewall, and an anti spyware tool could be another example.
References:
CBK, pp. 12 - 16. Note especially the discussion of the "hammer policy" on pp. 16-17 for the differences between policy, standard, guideline and procedure.
AIO3, pp. 88-93.
質問 # 1398
What does the * (star) integrity axiom mean in the Biba model?
A. No read up
B. No write up
C. No read down
D. No write down
正解:B
解説:
The *- (star) integrity axiom of the Biba access control model states that an object at one level of integrity is not permitted to modify an object of a higher level of integrity (no write up).
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: Security Architectures and Models (page 205).
質問 # 1399
Match the access control type to the example of the control type.
Drag each access control type net to its corresponding example. 正解:
解説:
Explanation
Administrative - labeling of sensitive data
Technical - Constrained user interface
Logical - Biometrics for authentication
Physical - Radio Frequency Identification 9RFID) badge
質問 # 1400
Which of the following security objectives for industrial control systems (ICS) can be adapted to securing any Internet of Things (IoT) system?
A. Restore the system after an incident.
B. Protect individual components from exploitation
