746 お客様のコメント
質問 1:
Scenario 1: HealthGenic is a pediatric clinic that monitors the health and growth of individuals from infancy to early adulthood using a web-based medical software. The software is also used to schedule appointments, create customized medical reports, store patients' data and medical history, and communicate with all the
[^involved parties, including parents, other physicians, and the medical laboratory staff.
Last month, HealthGenic experienced a number of service interruptions due to the increased number of users accessing the software Another issue the company faced while using the software was the complicated user interface, which the untrained personnel found challenging to use.
The top management of HealthGenic immediately informed the company that had developed the software about the issue. The software company fixed the issue; however, in the process of doing so, it modified some files that comprised sensitive information related to HealthGenic's patients. The modifications that were made resulted in incomplete and incorrect medical reports and, more importantly, invaded the patients' privacy.
Based on the scenario above, answer the following question:
According to scenario 1. to detect (1)____________________________, Antiques should have implemented (2)
A. (1) Intrusions on networks. (?) an intrusion detection system
B. (1) Patches. (2) an access control software
C. (1) Technical vulnerabilities. (2) network intrusions
正解:A
質問 2:
An employee of the organization accidentally deleted customers' data stored in the database. What is the impact of this action?
A. Information is not accessible when required
B. Information is modified in transit
C. Information is not available to only authorized users
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
Scenario 6: Skyver offers worldwide shipping of electronic products, including gaming consoles, flat-screen TVs. computers, and printers. In order to ensure information security, the company has decided to implement an information security management system (ISMS) based on the requirements of ISO/IEC 27001.
Colin, the company's best information security expert, decided to hold a training and awareness session for the personnel of the company regarding the information security challenges and other information security- related controls. The session included topics such as Skyver's information security approaches and techniques for mitigating phishing and malware.
One of the participants in the session is Lisa, who works in the HR Department. Although Colin explains the existing Skyver's information security policies and procedures in an honest and fair manner, she finds some of the issues being discussed too technical and does not fully understand the session. Therefore, in a lot of cases, she requests additional help from the trainer and her colleagues What is the difference between training and awareness? Refer to scenario 6.
A. Training helps acquire certain skills, whereas awareness develops certain habits and behaviors.
B. Training helps acquire a skill, whereas awareness helps apply it in practice
C. Training helps transfer a message with the intent of informing, whereas awareness helps change the behavior toward the message
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
Del&Co has decided to improve their staff-related controls to prevent incidents. Which of the following is NOT a preventive control related to the Del&Co's staff?
A. Video cameras
B. Control of physical access to the equipment
C. Authentication and authorization
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
Employees of the Finance Department did not fully understand the awareness sessions. What should TradeB do to avoid similar situations in the future? Refer to scenario 6.
A. Consider self-studies as the type of activities needed to address the competence gaps
B. Extend the duration of the training and awareness session
C. Adjust awareness sessions to the target audience based on the activities they perform within the company
正解:C
質問 6:
Some of the issues being discussed in the awareness session were too technical for the participants. What does this situation indicate? Refer to scenario 6.
A. TradeB did not determine the type and level of competence needed
B. Employees are equipped with information security expertise, therefore. they do not represent a potential risk
C. TradeB did not evaluate the competence of the trainer
正解:A
Scenario 1: HealthGenic is a pediatric clinic that monitors the health and growth of individuals from infancy to early adulthood using a web-based medical software. The software is also used to schedule appointments, create customized medical reports, store patients' data and medical history, and communicate with all the
[^involved parties, including parents, other physicians, and the medical laboratory staff.
Last month, HealthGenic experienced a number of service interruptions due to the increased number of users accessing the software Another issue the company faced while using the software was the complicated user interface, which the untrained personnel found challenging to use.
The top management of HealthGenic immediately informed the company that had developed the software about the issue. The software company fixed the issue; however, in the process of doing so, it modified some files that comprised sensitive information related to HealthGenic's patients. The modifications that were made resulted in incomplete and incorrect medical reports and, more importantly, invaded the patients' privacy.
Based on the scenario above, answer the following question:
According to scenario 1. to detect (1)____________________________, Antiques should have implemented (2)
A. (1) Intrusions on networks. (?) an intrusion detection system
B. (1) Patches. (2) an access control software
C. (1) Technical vulnerabilities. (2) network intrusions
正解:A
質問 2:
An employee of the organization accidentally deleted customers' data stored in the database. What is the impact of this action?
A. Information is not accessible when required
B. Information is modified in transit
C. Information is not available to only authorized users
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
Scenario 6: Skyver offers worldwide shipping of electronic products, including gaming consoles, flat-screen TVs. computers, and printers. In order to ensure information security, the company has decided to implement an information security management system (ISMS) based on the requirements of ISO/IEC 27001.
Colin, the company's best information security expert, decided to hold a training and awareness session for the personnel of the company regarding the information security challenges and other information security- related controls. The session included topics such as Skyver's information security approaches and techniques for mitigating phishing and malware.
One of the participants in the session is Lisa, who works in the HR Department. Although Colin explains the existing Skyver's information security policies and procedures in an honest and fair manner, she finds some of the issues being discussed too technical and does not fully understand the session. Therefore, in a lot of cases, she requests additional help from the trainer and her colleagues What is the difference between training and awareness? Refer to scenario 6.
A. Training helps acquire certain skills, whereas awareness develops certain habits and behaviors.
B. Training helps acquire a skill, whereas awareness helps apply it in practice
C. Training helps transfer a message with the intent of informing, whereas awareness helps change the behavior toward the message
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
Del&Co has decided to improve their staff-related controls to prevent incidents. Which of the following is NOT a preventive control related to the Del&Co's staff?
A. Video cameras
B. Control of physical access to the equipment
C. Authentication and authorization
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
Employees of the Finance Department did not fully understand the awareness sessions. What should TradeB do to avoid similar situations in the future? Refer to scenario 6.
A. Consider self-studies as the type of activities needed to address the competence gaps
B. Extend the duration of the training and awareness session
C. Adjust awareness sessions to the target audience based on the activities they perform within the company
正解:C
質問 6:
Some of the issues being discussed in the awareness session were too technical for the participants. What does this situation indicate? Refer to scenario 6.
A. TradeB did not determine the type and level of competence needed
B. Employees are equipped with information security expertise, therefore. they do not represent a potential risk
C. TradeB did not evaluate the competence of the trainer
正解:A
千叶** -
この問題集の網羅性が高く分かりやすくなっているので、
是非、高得点での合格を目指してもらいたいです。安心感もあります