[2022年08月25日] 有効なCSSLPテスト解答とISC CSSLP試験PDF問題を試そう [Q173-Q196]

Rate this post

[2022年08月25日] 有効なCSSLPテスト解答とISC CSSLP試験PDF問題を試そう

実際に出るCSSLP試験問題集には正確で更新された問題

質問 173
You are the project manager for GHY Project and are working to create a risk response for a negative risk. You and the project team have identified the risk that the project may not complete on time, as required by the management, due to the creation of the user guide for the software you’re creating. You have elected to hire an external writer in order to satisfy the requirements and to alleviate the risk event. What type of risk response have you elected to use in this instance?

Transference

Exploiting

Avoidance

Sharing

質問 174
Which of the following types of redundancy prevents attacks in which an attacker can get physical control of a machine, insert unauthorized software, and alter data?

Data redundancy

Hardware redundancy

Process redundancy

Application redundancy

質問 175
Which of the following DoD directives is referred to as the Defense Automation Resources Management Manual?

DoD 8910.1

DoD 7950.1-M

DoDD 8000.1

DoD 5200.22-M

DoD 5200.1-R

質問 176
DRAG DROP
Drag and drop the appropriate external constructs in front of their respective functions.

質問 177
Which of the following are the responsibilities of a custodian with regard to data in an information classification program? Each correct answer represents a complete solution. Choose three.

Performing data restoration from the backups when necessary

Running regular backups and routinely testing the validity of the backup data

Determining what level of classification the information requires

Controlling access, adding and removing privileges for individual users

質問 178
Which of the following elements of BCP process includes the areas of plan implementation, plan testing, and ongoing plan maintenance, and also involves defining and documenting the continuity strategy?

Business continuity plan development

Business impact assessment

Scope and plan initiation

Plan approval and implementation

質問 179
Which of the following life cycle modeling activities establishes service relationships and message exchange paths?

Service-oriented logical design modeling

Service-oriented conceptual architecture modeling

Service-oriented discovery and analysis modeling

Service-oriented business integration modeling

質問 180
Which of the following methods offers a number of modeling practices and disciplines that contribute to a successful service-oriented life cycle management and modeling?

Service-oriented modeling framework (SOMF)

Service-oriented architecture (SOA)

Sherwood Applied Business Security Architecture (SABSA)

Service-oriented modeling and architecture (SOMA)

質問 181
The Information System Security Officer (ISSO) and Information System Security Engineer (ISSE) play the role of a supporter and advisor, respectively. Which of the following statements are true about ISSO and ISSE? Each correct answer represents a complete solution. Choose all that apply.

An ISSE manages the security of the information system that is slated for Certification & Accreditation (C&A).

An ISSE provides advice on the continuous monitoring of the information system.

An ISSO manages the security of the information system that is slated for Certification & Accreditation (C&A).

An ISSE provides advice on the impacts of system changes.

An ISSO takes part in the development activities that are required to implement system changes.

質問 182
Which of the following specifies the behaviors of the DRM implementation and any applications that are accessing the implementation?

OS fingerprinting

OTA provisioning

Access control

Compliance rule

質問 183
Mark works as a Network Administrator for NetTech Inc. The company has a Windows 2000 domain- based network. Users report that they are unable to log on to the network. Mark finds that accounts are locked out due to multiple incorrect log on attempts. What is the most likely cause of the account lockouts?

Spoofing

Brute force attack

SYN attack

PING attack

質問 184
Companies use some special marks to distinguish their products from those of other companies. These marks can include words, letters, numbers, drawings, etc. Which of the following terms describes these special marks?

Business mark

Trademark

Sales mark

Product mark

質問 185
Which of the following models uses a directed graph to specify the rights that a subject can transfer to an object or that a subject can take from another subject?

Take-Grant Protection Model

Biba Integrity Model

Bell-LaPadula Model

Access Matrix

質問 186
Which of the following processes will you involve to perform the active analysis of the system for any potential vulnerabilities that may result from poor or improper system configuration, known and/or unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures?

Penetration testing

Baselining

Risk analysis

Compliance checking

A penetration testing is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source. The process involves an active analysis of the system for any potential vulnerabilities that may result from poor or improper system configuration, known or unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures. This analysis is carried out from the position of a potential attacker, and can involve active exploitation of security vulnerabilities. Any security issues that are found will be presented to the system owner together with an assessment of their impact and often with a proposal for mitigation or a technical solution. The intent of a penetration test is to determine feasibility of an attack and the amount of business impact of a successful exploit, if discovered. It is a component of a full security audit. Answer C is incorrect. Risk analysis is the science of risks and their probability and evaluation in a business or a process. It is an important factor in security enhancement and prevention in a system. Risk analysis should be performed as part of the risk management process for each project. The outcome of the risk analysis would be the creation or review of the risk register to identify and quantify risk elements to the project and their potential impact. Answer D is incorrect. Compliance checking performs the reviews for safeguards and controls to verify whether the entity is complying with particular procedures, rules or not. It includes the inspection of operational systems to guarantee that hardware and software controls have been correctly implemented and maintained. Compliance checking covers the activities such as penetration testing and vulnerability assessments. Compliance checking must be performed by skilled persons, or by an automated software package. Answer B is incorrect. Baselining is a method for analyzing the performance of computer networks. The method is marked by comparing the current performance to a historical metric, or “baseline”. For example, if a user measured the performance of a network switch over a period of time, he could use that performance figure as a comparative baseline if he made a configuration change to the switch.

質問 187
Which of the following methods is a means of ensuring that system changes are approved before being implemented, only the proposed and approved changes are implemented, and the implementation is complete and accurate?

Configuration control

Documentation control

Configuration identification

Configuration auditing

Documentation control is a method of ensuring that system changes should be agreed upon before being implemented, only the proposed and approved changes are implemented, and the implementation is complete and accurate. Documentation control is involved in the strict events for proposing, monitoring, and approving system changes and their implementation. It helps the change process by supporting the person who synchronizes the analytical task, approves system changes, reviews the implementation of changes, and oversees other tasks such as documenting the controls. Answer D is incorrect. Configuration auditing is the quality assurance element of configuration management. It is occupied in the process of periodic checks to establish the consistency and completeness of accounting information and to validate that all configuration management policies are being followed. Configuration audits are broken into functional and physical configuration audits. They occur either at delivery or at the moment of effecting the change. A functional configuration audit ensures that functional and performance attributes of a configuration item are achieved, while a physical configuration audit ensures that a configuration item is installed in accordance with the requirements of its detailed design documentation. Answer A is incorrect. Configuration control is a procedure of the Configuration management. Configuration control is a set of processes and approval stages required to change a configuration item’s attributes and to re-baseline them. It supports the change of the functional and physical attributes of software at various points in time, and performs systematic control of changes to the identified attributes. Answer C is incorrect. Configuration identification is the process of identifying the attributes that define every aspect of a configuration item. A configuration item is a product (hardware and/or software) that has an end-user purpose. These attributes are recorded in configuration documentation and baselined. Baselining an attribute forces formal configuration change control processes to be effected in the event that these attributes are changed.

質問 188
ISO 27003 is an information security standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Which of the following elements does this standard contain? Each correct answer represents a complete solution. Choose all that apply.

Inter-Organization Co-operation

Information Security Risk Treatment

CSFs (Critical success factors)

ystem requirements for certification bodies Managements

Terms and Definitions

Guidance on process approach

質問 189
Which of the following statements about the integrity concept of information security management are true? Each correct answer represents a complete solution. Choose three.

It ensures that unauthorized modifications are not made to data by authorized personnel or processes.

It determines the actions and behaviors of a single individual within a system

It ensures that internal information is consistent among all subentities and also consistent with the real-world, external situation.

It ensures that modifications are not made to data by unauthorized personnel or processes.

質問 190
Which of the following statements about the authentication concept of information security management is true?

It establishes the users’ identity and ensures that the users are who they say they are.

It ensures the reliable and timely access to resources.

It determines the actions and behaviors of a single individual within a system, and identifies that particular individual.

It ensures that modifications are not made to data by unauthorized personnel or processes.

質問 191
DRAG DROP
Drop the appropriate value to complete the formula.

質問 192
Which of the following roles is also known as the accreditor?

Data owner

Chief Risk Officer

Chief Information Officer

Designated Approving Authority

質問 193
Which of the following components of configuration management involves periodic checks to determine the consistency and completeness of accounting information and to verify that all configuration management policies are being followed?

Configuration Identification

Configuration Auditing

Configuration Control

Configuration Status Accounting

Configuration auditing is a component of configuration management, which involves periodic checks to establish the consistency and completeness of accounting information and to confirm that all configuration management policies are being followed. Configuration audits are broken into functional and physical configuration audits. They occur either at delivery or at the moment of effecting the change. A functional configuration audit ensures that functional and performance attributes of a configuration item are achieved, while a physical configuration audit ensures that a configuration item is installed in accordance with the requirements of its detailed design documentation. Answer D is incorrect. The configuration status accounting procedure is the ability to record and report on the configuration baselines associated with each configuration item at any moment of time. It supports the functional and physical attributes of software at various points in time, and performs systematic control of accounting to the identified attributes for the purpose of maintaining software integrity and traceability throughout the software development life cycle. Answer C is incorrect. Configuration control is a procedure of the Configuration management. Configuration control is a set of processes and approval stages required to change a configuration item’s attributes and to re-baseline them. It supports the change of the functional and physical attributes of software at various points in time, and performs systematic control of changes to the identified attributes. Answer A is incorrect. Configuration identification is the process of identifying the attributes that define every aspect of a configuration item. A configuration item is a product (hardware and/or software) that has an end-user purpose. These attributes are recorded in configuration documentation and baselined. Baselining an attribute forces formal configuration change control processes to be effected in the event that these attributes are changed.

質問 194
Which of the following authentication methods is used to access public areas of a Web site?

Anonymous authentication

Biometrics authentication

Mutual authentication

Multi-factor authentication

質問 195
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls are tested and reviewed?

Level 4

Level 5

Level 2

Level 3

Level 1

質問 196
DRAG DROP
A number of security design patterns are developed for software assurance in general. Drag and drop the appropriate security design patterns in front of their respective descriptions.

ISC CSSLP 認定試験の出題範囲：

トピック	出題範囲
トピック 1	Incorporate Integrated Risk Management (IRM) Develop Security Requirement Traceability Matrix (STRM)
トピック 2	Perform Verification and Validation Testing Performing Architectural Risk Assessment
トピック 3	Manage Security Within a Software Development Methodology Define Software Security Requirements
トピック 4	Securely Reuse Third-Party Code or Libraries Identify Security Standards and Frameworks
トピック 5	Apply Security During the Build Process Define Secure Operational Architecture

CSSLP試験問題集でPDF問題とテストエンジン：https://www.goshiken.com/ISC/CSSLP-mondaishu.html

Tags: CSSLPシュミレーション問題集, CSSLPミシュレーション問題, CSSLP問題と解答, CSSLP日本語受験教科書, CSSLP日本語関連対策, CSSLP模擬トレーリング, CSSLP認定内容

[2022年08月25日] 有効なCSSLPテスト解答とISC CSSLP試験PDF問題を試そう [Q173-Q196]

ISC CSSLP 認定試験の出題範囲：

コメントを残すコメントをキャンセル

関連認証

CSSLP 練習テスト

最近の投稿

アーカイブ

カテゴリー

[2022年08月25日] 有効なCSSLPテスト解答とISC CSSLP試験PDF問題を試そう [Q173-Q196]

ISC CSSLP 認定試験の出題範囲：

コメントを残す コメントをキャンセル

関連認証

CSSLP 練習テスト

最近の投稿

アーカイブ

カテゴリー

コメントを残すコメントをキャンセル