[2025年01月]更新のSSCP問題集で時間限定！無料アクセスせよ！ [Q651-Q675]

Rate this post

[2025年01月]更新のSSCP問題集で時間限定！無料アクセスせよ！

SSCP問題集で2025年最新のISC SSCP試験問題

ISC SSCP試験は、情報セキュリティ分野における個人の知識とスキルセットを認定する高く評価される資格です。この認定は、ネットワークとシステムの管理、またセキュリティ分析と実装の経験を持つ専門家を対象としています。SSCP認定は、情報セキュリティ分野でキャリアアップを目指す専門家にとって、貴重な資格であり、彼らの分野へのコミットメント、そして彼らの知識とスキルセットを実世界の状況に適用できる能力を示すものです。

ISC SSCP認定試験は、世界中の多くの組織に認められているベンダー中立の認定試験です。この試験は、ITインフラストラクチャのセキュリティを担当するプロフェッショナルのスキルと知識を検証するために設計されています。認定試験は、試験でカバーされる7つの共通知識体系（CBK）の1つ以上で1年以上の経験を持つITプロフェッショナルを対象としています。

質問651、 What is the goal of the Maintenance phase in a common development process of a security policy?

to review the document on the specified review date

publication within the organization

to write a proposal to management that states the objectives of the policy

to present the document to an approving body

質問652、 What would BEST define a covert channel?

An undocumented backdoor that has been left by a programmer in an operating system

An open system port that should be closed.

A communication channel that allows transfer of information in a manner that violates the system’s security policy.

A trojan horse.

Explanation:
The

質問653、 Which of the following is a set of data processing elements that increases the performance in a computer by overlapping the steps of different instructions?

pipelining

complex-instruction-set-computer (CISC)

reduced-instruction-set-computer (RISC)

multitasking

Pipelining is a natural concept in everyday life, e.g. on an assembly line. Consider the assembly of a car: assume that certain steps in the assembly line are to install the engine, install the hood, and install the wheels (in that order, with arbitrary interstitial steps). A car on the assembly line can have only one of the three steps done at once. After the car has its engine installed, it moves on to having its hood installed, leaving the engine installation facilities available for the next car. The first car then moves on to wheel installation, the second car to hood installation, and a third car begins to have its engine installed. If engine installation takes 20 minutes, hood installation takes 5 minutes, and wheel installation takes 10 minutes, then finishing all three cars when only one car can be assembled at once would take 105 minutes. On the other hand, using the assembly line, the total time to complete all three is 75 minutes. At this point, additional cars will come off the assembly line at 20 minute increments.
In computing, a pipeline is a set of data processing elements connected in series, so that the output of one element is the input of the next one. The elements of a pipeline are often executed in parallel or in time-sliced fashion; in that case, some amount of buffer storage is often inserted between elements. Pipelining is used in processors to allow overlapping execution of multiple instructions within the same circuitry. The circuitry is usually divided into stages, including instruction decoding, arithmetic, and register fetching stages, wherein each stage processes one instruction at a time.
The following were not correct answers:
CISC: is a CPU design where single instructions execute several low-level operations (such as a load from memory, an arithmetic operation, and a memory store) within a single instruction.
RISC: is a CPU design based on simplified instructions that can provide higher performance as the simplicity enables much faster execution of each instruction.
Multitasking: is a method where multiple tasks share common processing resources, such as a CPU, through a method of fast scheduling that gives the appearance of parallelism, but in reality only one task is being performed at any one time.
Reference:
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, pages 188-189.
Also see
http://en.wikipedia.org/wiki/Pipeline_(computing)

質問654、 Which of the following is most relevant to determining the maximum effective cost of access control?

the value of information that is protected

management’s perceptions regarding data importance

budget planning related to base versus incremental spending.

the cost to replace lost data

質問655、 Which one of the following represents an ALE calculation?

single loss expectancy x annualized rate of occurrence.

gross loss expectancy x loss frequency.

actual replacement cost – proceeds of salvage.

asset value x loss expectancy.

質問656、 The computations involved in selecting keys and in enciphering data are complex, and are not practical for manual use. However, using mathematical properties of modular arithmetic and a method known as
“_________________,” RSA is quite feasible for computer use.

computing in Galois fields

computing in Gladden fields

computing in Gallipoli fields

computing in Galbraith fields

質問657、 MD5 is a ___________ algorithm

One way hash

3DES

192 bit

PKI

質問658、 Which of the following is covered under Crime Insurance Policy Coverage?

Inscribed, printed and Written documents

Manuscripts

Accounts Receivable

Money and Securities

質問659、 Which one of the following is used to provide authentication and confidentiality for e-mail messages?

Digital signature

PGP

IPSEC AH

MD4

Explanation/Reference:
Instead of using a Certificate Authority, PGP uses a “Web of Trust”, where users can certify each other in a mesh model, which is best applied to smaller groups.
In cryptography, a web of trust is a concept used in PGP, GnuPG, and other OpenPGP compatible systems to establish the authenticity of the binding between a public key and its owner. Its decentralized trust model is an alternative to the centralized trust model of a public key infrastructure (PKI), which relies exclusively on a certificate authority (or a hierarchy of such). The web of trust concept was first put forth by PGP creator Phil Zimmermann in 1992 in the manual for PGP version 2.0.
Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, E-mails, files, directories and whole disk partitions to increase the security of e-mail communications. It was created by Phil Zimmermann in 1991.
As per Shon Harris’s book:
Pretty Good Privacy (PGP) was designed by Phil Zimmerman as a freeware e-mail security program and was released in 1991. It was the first widespread public key encryption program. PGP is a complete cryptosystem that uses cryptographic protection to protect e-mail and files. It can use RSA public key encryption for key management and use IDEA symmetric cipher for bulk encryption of data, although the user has the option of picking different types of algorithms for these functions. PGP can provide confidentiality by using the IDEA encryption algorithm, integrity by using the MD5 hashing algorithm, authentication by using the public key certificates, and nonrepudiation by using cryptographically signed messages. PGP initially used its own type of digital certificates rather than what is used in PKI, but they both have similar purposes. Today PGP support X.509 V3 digital certificates.
Reference(s) used for this question:
KRUTZ, Ronald L & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 169).
Shon Harris, CISSP All in One book
https://en.wikipedia.org/wiki/Pretty_Good_Privacy
TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.

質問660、 What is a big difference between Java Applets and Active X controls?

Active X controls can run on any platform

Java Applets only run in Windows

Java Applets have access to the full Windows OS

Active X controls have access to the full Windows OS

質問661、 Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?

Layer 7 – Application Layer

Layers 2, 3, & 4 – Data Link, Network, and Transport Layers

Layer 3 – Network Layer

Layers 5, 6, & 7 – Session, Presentation, and Application Layers

質問662、 Under the principle of culpable negligence, executives can be held liable for losses that result from computer system breaches if:

The company is not a multi-national company.

They have not exercised due care protecting computing resources.

They have failed to properly insure computer resources against loss.

The company does not prosecute the hacker that caused the breach.

質問663、 Within the OSI model, at what layer are some of the SLIP, CSLIP, PPP control functions provided?

Data Link

Transport

Presentation

Application

質問664、 At which layer of ISO/OSI does the fiber optics work?

Network layer

Transport layer

Data link layer

Physical layer

質問665、 Which of the following BEST explains why computerized information systems frequently fail to meet the needs of users?

Inadequate quality assurance (QA) tools.

Constantly changing user needs.

Inadequate user participation in defining the system’s requirements.

Inadequate project management.

質問666、 Which of the following statements pertaining to firewalls is incorrect?

Firewalls create bottlenecks between the internal and external network.

Firewalls allow for centralization of security services in machines optimized and dedicated to the task.

Firewalls protect a network at all layers of the OSI models.

Firewalls are used to create security checkpoints at the boundaries of private networks.

質問667、 Each data packet is assigned the IP address of the sender and the IP address of the:

recipient.

host.

node.

network.

質問668、 In biometric identification systems, the parts of the body conveniently available for identification are:

neck and mouth

hands, face, and eyes

feet and hair

voice and neck

質問669、 Which IPSec operational mode encrypts the entire data packet (including header and data) into an IPSec packet?

Authentication mode

Tunnel mode

Transport mode

Safe mode

質問670、 Which of the following offers security to wireless communications?

S-WAP

WTLS

WSP

WDP

質問671、 The Clipper Chip utilizes which concept in public key cryptography?

Substitution

Key Escrow

An undefined algorithm

Super strong encryption

質問672、 Which of the following is not a component of a Operations Security “triples”?

Asset

Threat

Vulnerability

Risk

質問673、 Which of the following statements pertaining to firewalls is incorrect?

Firewalls create bottlenecks between the internal and external network.

Firewalls allow for centralization of security services in machines optimized and dedicated to the task.

Firewalls protect a network at all layers of the OSI models.

Firewalls are used to create security checkpoints at the boundaries of private networks.

質問674、 Which of the following is NOT a basic component of security architecture?

Motherboard

Central Processing Unit (CPU

Storage Devices

Peripherals (input/output devices)

質問675、 CORRECT TEXT
Passwords should be changed every ________ days at a minimum. 90 days is the recommended minimum, but some resources will tell you that 30-60 days is ideal.

ISC SSCP試験実践テスト問題：https://www.goshiken.com/ISC/SSCP-mondaishu.html

Tags: SSCPオンライン試験, SSCP対応受験, SSCP日本語版問題集, SSCP日本語資格取得, SSCP試験攻略, SSCP試験過去問

[2025年01月]更新のSSCP問題集で時間限定！無料アクセスせよ！ [Q651-Q675]

コメントを残すコメントをキャンセル

関連認証

SSCP 練習テスト

最近の投稿

アーカイブ

カテゴリー

[2025年01月]更新のSSCP問題集で時間限定！無料アクセスせよ！ [Q651-Q675]

コメントを残す コメントをキャンセル

関連認証

SSCP 練習テスト

最近の投稿

アーカイブ

カテゴリー

コメントを残すコメントをキャンセル