1106 お客様のコメント
質問 1:
ABC Limited has recently suffered a security breach with customers' social security number available on the dark web for sale. The CISO, during the time of the incident, has been fired, and you have been hired as the replacement. The analysis of the breach found that the absence of an insider threat program, lack of least privilege policy, and weak access control was to blame. You would like to implement key performance indicators to mitigate the risk.
Which metric would meet the requirement?
A. Number of times third parties access critical information systems
B. Number of systems with known vulnerabilities
C. Number of websites with weak or misconfigured certificates
D. Number of users with elevated privileges
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
You manage a newly created Security Operations Center (SOC), your team is being inundated with security alerts and don't know what to do. What is the BEST approach to handle this situation?
A. Tune the sensors to help reduce false positives so the team can react better
B. Request additional resources to handle the workload
C. Tell the team to only respond to the critical and high alerts
D. Tell the team to do their best and respond to each alert
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
To have accurate and effective information security policies how often should the CISO review the organization policies?
A. At least once a year
B. Before an audit
C. Quarterly
D. Every 6 months
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
An example of professional unethical behavior is:
A. Copying documents from an employer's server which you assert that you have an intellectual property claim to possess, but the company disputes
B. Sharing copyrighted material with other members of a professional organization where all members have legitimate access to the material
C. Storing client lists and other sensitive corporate internal documents on a removable thumb drive
D. Gaining access to an affiliated employee's work email account as part of an officially sanctioned internal investigation
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
As a CISO you need to understand the steps that are used to perform an attack against a network. Put each step into the correct order.
1.Covering tracks
2.Scanning and enumeration
3.Maintaining Access
4.Reconnaissance
5.Gaining Access
A. 4, 3, 5, 2, 1
B. 4, 5, 2, 3, 1
C. 4, 2, 5, 3, 1
D. 2, 5, 3, 1, 4
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 6:
Bob waits near a secured door, holding a box. He waits until an employee walks up to the secured door and uses the special card in order to access the restricted area of the target company. Just as the employee opens the door, Bob walks up to the employee (still holding the box) and asks the employee to hold the door open so that he can enter. What is the best way to undermine the social engineering activity of tailgating?
A. Educate and enforce physical security policies of the company to all the employees on a regular basis
B. Issue special cards to access secure doors at the company and provide a one-time only brief description of use of the special card
C. Setup a mock video camera next to the special card reader adjacent to the secure door
D. Post a sign that states, "no tailgating" next to the special card reader adjacent to the secure door
正解:A
質問 7:
An auditor is reviewing the security classifications for a group of assets and finds that many of the assets are not correctly classified.
What should the auditor's NEXT step be?
A. Document the missing classifications
B. Immediately notify the board of directors of the organization as to the finding
C. Identify the owner of the asset and induce the owner to apply a proper classification
D. Correct the classifications immediately based on the auditor's knowledge of the proper classification
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 8:
While designing a secondary data center for your company what document needs to be analyzed to determine to how much should be spent on building the data center?
A. Disaster recovery strategic plan
B. Enterprise Risk Assessment
C. Application mapping document
D. Business continuity plan
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
ABC Limited has recently suffered a security breach with customers' social security number available on the dark web for sale. The CISO, during the time of the incident, has been fired, and you have been hired as the replacement. The analysis of the breach found that the absence of an insider threat program, lack of least privilege policy, and weak access control was to blame. You would like to implement key performance indicators to mitigate the risk.
Which metric would meet the requirement?
A. Number of times third parties access critical information systems
B. Number of systems with known vulnerabilities
C. Number of websites with weak or misconfigured certificates
D. Number of users with elevated privileges
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
You manage a newly created Security Operations Center (SOC), your team is being inundated with security alerts and don't know what to do. What is the BEST approach to handle this situation?
A. Tune the sensors to help reduce false positives so the team can react better
B. Request additional resources to handle the workload
C. Tell the team to only respond to the critical and high alerts
D. Tell the team to do their best and respond to each alert
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
To have accurate and effective information security policies how often should the CISO review the organization policies?
A. At least once a year
B. Before an audit
C. Quarterly
D. Every 6 months
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
An example of professional unethical behavior is:
A. Copying documents from an employer's server which you assert that you have an intellectual property claim to possess, but the company disputes
B. Sharing copyrighted material with other members of a professional organization where all members have legitimate access to the material
C. Storing client lists and other sensitive corporate internal documents on a removable thumb drive
D. Gaining access to an affiliated employee's work email account as part of an officially sanctioned internal investigation
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
As a CISO you need to understand the steps that are used to perform an attack against a network. Put each step into the correct order.
1.Covering tracks
2.Scanning and enumeration
3.Maintaining Access
4.Reconnaissance
5.Gaining Access
A. 4, 3, 5, 2, 1
B. 4, 5, 2, 3, 1
C. 4, 2, 5, 3, 1
D. 2, 5, 3, 1, 4
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 6:
Bob waits near a secured door, holding a box. He waits until an employee walks up to the secured door and uses the special card in order to access the restricted area of the target company. Just as the employee opens the door, Bob walks up to the employee (still holding the box) and asks the employee to hold the door open so that he can enter. What is the best way to undermine the social engineering activity of tailgating?
A. Educate and enforce physical security policies of the company to all the employees on a regular basis
B. Issue special cards to access secure doors at the company and provide a one-time only brief description of use of the special card
C. Setup a mock video camera next to the special card reader adjacent to the secure door
D. Post a sign that states, "no tailgating" next to the special card reader adjacent to the secure door
正解:A
質問 7:
An auditor is reviewing the security classifications for a group of assets and finds that many of the assets are not correctly classified.
What should the auditor's NEXT step be?
A. Document the missing classifications
B. Immediately notify the board of directors of the organization as to the finding
C. Identify the owner of the asset and induce the owner to apply a proper classification
D. Correct the classifications immediately based on the auditor's knowledge of the proper classification
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 8:
While designing a secondary data center for your company what document needs to be analyzed to determine to how much should be spent on building the data center?
A. Disaster recovery strategic plan
B. Enterprise Risk Assessment
C. Application mapping document
D. Business continuity plan
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
结城** -
Pass4Testは様々な工夫がなされており、712-50合格者の思考力が身に付く。