What type of diagram used in application threat modeling includes malicious users as well as descriptions like mitigates and threatens?
A. DREAD diagrams.
B. Threat trees.
C. STRIDE charts.
D. Misuse case diagrams.
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
What term refers to the shared set of values within an organisation that determine how people are expected to behave in regard to information security?
A. Code of Ethics.
B. System Operating Procedures.
C. Security Culture.
D. Security Policy Framework.
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
Which of the following testing methodologies TYPICALLY involves code analysis in an offline environment without ever actually executing the code?
A. Dynamic Testing.
B. User Testing.
C. Penetration Testing.
D. Static Testing.
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
What is the name of the method used to illicitly target a senior person in an organisation so as to try to coerce them Into taking an unwanted action such as a misdirected high-value payment?
A. C-suite spamming.
B. Spear-phishing.
C. Trawling.
D. Whaling.
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
What Is the first yet MOST simple and important action to take when setting up a new web server?
A. Apply hardening to all applications.
B. Change default system passwords.
C. Patch the OS to the latest version
D. Fully encrypt the hard disk.
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 6:
How might the effectiveness of a security awareness program be effectively measured?
1) Employees are required to take an online multiple choice exam on security principles.
2) Employees are tested with social engineering techniques by an approved penetration tester.
3) Employees practice ethical hacking techniques on organisation systems.
4) No security vulnerabilities are reported during an audit.
5) Open source intelligence gathering is undertaken on staff social media profiles.
A. 1, 2 and 5.
B. 1, 2 and 3.
C. 2, 4 and 5.
D. 3, 4 and 5.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
Asami -
要点がまとめてあって結果良かったです!より効率良く合格を目指す私のための,必携のCISMP-V9試験対策書だと思う