HTML Code
HTML Code
HTML Code
Email *
naymyintjohn007@gmail.com
Your Name *
AIT Institute
*0/1
When a smartphone is used, which of the following is an
appropriate
preventive measure for shoulder surfing?
Correct answer
*1/1
Which of the following is used to confirm that there is no
falsification of
the content of an e-mail?
a) IMAP
b) SMTP
d) Digital signature
*1/1
Which of the following is not an appropriate security
control concerning
human resources as a security risk treatment in ISMS?
a) Performing background checks and other such checks for all candidates for
recruitment in accordance with the relevant laws, regulations, and ethics
*1/1
A document file that
is stored on a file server is directly edited on a PC
and then an attempt is
made to overwrite the file, but the message “You
do not have permission, so the
file cannot be saved” is displayed. Which
of the following is the appropriate combination
of permissions that were
set for the document file and the folder that it is stored
in?
a)
b)
c)
d)
*0/1
Which of the following is an appropriate explanation of the
keylogger that
is a threat to information security?
a) Stealing information by watching the keyboard input and the display output
from behind a PC user
c) Analyzing a password by using dictionary of all the words that are likely to be
used as passwords
d) Searching for a free access point by moving around a town with a PC that can
detect the electromagnetic waves of a wireless LAN
Correct answer
* 1/1
Which of the following is a DoS attack?
*1/1
In a file system that uses the access control methods below,
which of the
following settings for access rights to file A satisfies the
requirements for
access control?
a)
b)
c)
d)
*1/1
Among the countermeasures A through D concerning information
security, which of the following is the list that contains all and only the
appropriate countermeasures for preventing a virus infection?
a) A, B
b) A, B, C
c) A, D
d) B, C
*1/1
Which of the following is a protocol that is used for
encrypted
communication between a web server and a web browser that are
connected through HTTPS?
a) SEO
b) SPEC
c) SQL
d) TLS
*1/1
Among I through IV used for authentication, which of the
following lists
all and only biometrics?
a) I, II, III
b) II, III
c) II, III, IV
d) IV
*1/1
When information security management is based on the PDCA
cycle,
which of the following corresponds to C?
*1/1
ID and password information is leaked from a web
site, and the users of
this web site suffer from a password list attack on a
different web site. In
this case, which of the following is considered to be a
description of the
problem concerning the ID and password that are used on the
second
web site?
b) The same ID and password as the other web site are set.
*1/1
When a document file attached to a received
e-mail is opened, a PC
begins to behave abnormally. Which of the following is
an appropriate
suspected attack?
a) SQL injection
b) Cross-site scripting
c) Shoulder hacking
d) Macro virus
a) Sanitizing
b) Social engineering
c) Zoning
d) Hacking
*1/1
In public key cryptography, a key for encryption and a key
for decryption
are required. If four (4) people want to encrypt communication
and send it
to each other, a total of eight (8) keys are required. Of these,
how many of
these keys are not made public?
a) 1
b) 2
c) 4
d) 6
*1/1
Which of the following is an appropriate example of
biometric
authentication?
*1/1
The authentication technology is classified into three (3)
types, namely
authentication based on one’s possession, authentication based on
physical characteristics, and authentication based on one’s memory.
Which of
the following is an appropriate combination of the
implementation examples (1)
through (3) and their classifications?
a)
b)
c)
d)
*1/1
Which of the following is appropriate as the characteristic
of single sign-
on?
*1/1
Among descriptions A through D concerning how to conduct
information
security education to employees, which of the following contains
all and
only the appropriate descriptions?
a) A, B, D
b) A, C, D
c) A, D
d) B, C
*1/1
Which of the following is an authentication method where a
user uses
information that differs each time and is generated with a device
called a
token or other such device?
a) Digital signature
b) Password cracking
c) Password policy
*1/1
Which of the following is a technique for taking advantage
of
psychological weaknesses or carelessness in order to, for example,
improperly obtain confidential information?
a) DoS attack
b) SQL injection
c) Social engineering
d) Buffer overflow
*1/1
Which of the following is a term for software that encrypts
files on a
computer in order to make them unusable, and demands money or other
valuables in exchange for the decryption key?
a) Keylogger
b) Ransomware
c) Rootkit
d) Worm
*1/1
Which of the following is an appropriate description
concerning password
management?
a) A password that is used for a business system should not be used for any
private Internet services.
b) The initial password should not be changed until a user becomes familiar with
the operation of login to the system.
*1/1
Which of the following is an appropriate description
concerning a scheme
for authenticating a user of a system?
a) I, III
b) I, IV
c) II, III
d) II, IV
*1/1
There is a room that stores important information. Which of
the following
is the most appropriate countermeasure for unauthorized entry to
this
room and unauthorized access to the important information in the room?
a) The monitoring of entry and exit of the room and work that is performed in
the room with security staff and monitoring cameras
b) The wearing of an entry pass in a place where other people cannot see it when
in the room
d) The informing of all employees of the existence of the room and the
information that it stores
*1/1
Which of the following is the appropriate description
concerning a
wireless LAN?
*1/1
There is an electronic file that needs to be made
confidential. Which of
the following is the appropriate security technology to
use in order to
ensure the confidentiality of this file?
a) Access control
b) Timestamp
c) Digital signature
d) Hot standby
a) 2
b) 24
c) 52
d) 676
*1/1
Which of the following is used to confirm that there is no
falsification of
the content of an e-mail?
a) IMAP
b) SMTP
d) Digital signature
*1/1
When risk treatment in risk management for information
security is
divided into the four (4) categories of risk transfer, avoidance,
acceptance,
and mitigation, which of the following is an appropriate example of
risk
mitigation?
*1/1
Which of the following is an appropriate example of
biometric
authentication?
*1/1
Which of the following is the aim of an attacker who infects
someone
else’s PC with ransomware?
*1/1
An IoT device with a vulnerability was used in large numbers
by several
companies. One (1) of the devices was infected with malware, and the
infection spreads to many other IoT devices. On a certain date at a certain
time, the many IoT devices that were infected with the malware attempted
many
connections to a certain website simultaneously, and this forced
the service of
the website to stop. Which of the following attacks was
made against the
website?
a) DDoS attack
b) Cross-site scripting
c) Dictionary attack
d) Social engineering
* 1/1
Which of the following is an appropriate explanation of
phishing?
*1/1
Which of the following is the most appropriate combination
of the
measures against password theft and brute force attack respectively on
websites having a login function?
a)
b)
c)
d)
*1/1
Which of the following is the appropriate example of
activities conducted
in A (Act) in the organizations that operate ISMS on the
basis of the PDCA
model?
*1/1
When the evaluation values of asset value, threat, and
vulnerability of
assets A through D are as shown in the table, which of the
following
assets will be evaluated as the asset where risk measures should be
taken at the highest priority? Here, the risk value is calculated by
multiplying each three evaluation values together in the table without
weighting.
a) Asset A
b) Asset B
c) Asset C
d) Asset D
*1/1
It is reported that WEP suffers from the problem that
ciphers are decoded
in a short time. Which of the following is a wireless LAN
encryption
method for increasing the strength of encryption?
a) ESSID
b) HTTPS
c) S/MIME
d) WPA2
*1/1
Mr. A sent an e-mail to Mr. B that was encrypted with Mr.
B’s key by using
the public key cryptosystem, and this e-mail contains details
that Mr. A
wants to send only to Mr. B. Which of the following keys is needed
to
decrypt this e-mail?
*1/1
Among the descriptions from A through C, which of the
following is the
list that contains all appropriate features of VPN?
a) A
b) A, C
c) B
d) C
*1/1
When an information security policy is composed of three (3)
documents,
namely, basic policy, standards, and procedures, which of the
following is
the appropriate explanation concerning these documents?
b) The basic policy is a manual that describes the actions that the management
should take when an information security incident occurs.
c) The procedures describe what specific steps the person in charge should
take in accordance with the rules in the standards.
d) The standards define what should be described in the basic policy and the
procedures, and it should be made known to the concerned parties.
*1/1
When information security measures are classified into three
(3)
measures, namely, technology measures, personnel measures, and
physical
measures, which of the following is the appropriate example of
physical
measures?
*1/1
Which of the following is the appropriate description
concerning virus
infection?
a) Infection may affect not only the OS and applications, but also the
firmware embedded in a device.
b) If only an external storage medium is used for exchanging data with other
computers without connecting a computer to the network, the computer will not
be infected.
d) If e-mail attachments are not opened, the computer will not be infected.
*1/1
When a smartphone is used, which of the following is the
appropriate
preventive measure for shoulder surfing that is classified as
social
engineering?
*1/1
Which of the following is an appropriate information
security measures
for PC against harmful software?
a) Using a 64-bit OS
b) Maintaining the latest version of the virus definition file at all times
*1/1
A private key and a public key were generated as a key pair
when a digital
certificate was issued. Which of the following is an appropriate
action
that should be taken when the private key is leaked?
a) Reissuing the digital certificate with the key pair that was used
c) Using a key pair that is newly created at the time of reissuing due to the
expiration of the validity period
d) Using the digital certificate as it is, because it is only the private key that was
leaked
*1/1
Risks on information assets are assessed on the basis of
threats and
vulnerabilities. Which of the following falls under a threat?
a) Unencrypted communication
*1/1
Which of the following is an appropriate description of risk
assessment in
information security?
*1/1
Which of the following is an appropriate description
concerning a scheme
for authenticating the user of a system?
*1/1
Which of the following is a protocol that is used for
encrypted
communication between a web server and a browser that are connected
through HTTPS?
a) SEO
b) SPEC
c) SQL
d) SSL/TLS
*1/1
Which of the following is an appropriate
combination of the descriptions
(i) through (iii) about threats in information
security and the terms below?
a)
b)
c)
d)
a) I, III
b) I, IV
c) II, III
d) II, IV
*1/1
Which of the following is a security standard that is used
in a wireless
LAN?
a) Cookie
b) ESSID
c) MIME
d) WPA2
*1/1
Which of the following is an appropriate example of
biometric
authentication?
a) A user hovers his/her hand over a sensor when he/she uses an ATM, and
then authentication is accomplished by matching his/her vein pattern against
the preregistered one.
d) By requesting the user to choose images that relate to the user, for example,
photos of his/her relatives, from multiple photos, the authentication is
accomplished.
a) Safe communication is possible even if the key used for encryption becomes
known to a third party.
d) The key that was used for encryption is also used for decryption.
*1/1
When risk management in information security is divided into
risk
identification, risk analysis, risk assessment, and risk treatment, which
of
the following is included in risk treatment?
b) Comparing the level of each risk and risk acceptance criteria, and determining
the necessity of implementing controls
c) Calculating the level of each risk from the probability that the risk will be
realized and its impact
*1/1
Which of the following is a term for software that encrypts
files on a PC in
order to make them unusable, and demands money or other
valuables in
exchange for the decryption key?
a) Keylogger
b) Ransomware
c) Rootkit
d) Worm
*1/1
When treatments against information security risks are
categorized into
risk transfer, risk avoidance, risk acceptance, and risk
reduction, which of
the following is the description that corresponds to risk
acceptance?
a) Taking security measures, and reducing the likelihood that problems will occur
b) Without taking any special action, estimating the impact when damage
occurs
d) Removing the causes of a problem, and eliminating the likelihood that the risk
will materialize
*1/1
Which of the following is an appropriate description about
password
management?
a) A password that is used for a business system should not be used for any
private Internet services.
b) The initial password should not be changed until a user becomes familiar with
the operation of login to the system.
*1/1
When a user accessed the URL in the body of an e-mail
message with a
PC, the message shown in the figure appeared on the screen and
the PC
was locked. What is used in this attack?
a) Keylogger
b) Spyware
c) Bot
d) Ransomware
* 1/1
Which of the following is not an example of a cyber attack?
b) By exploiting a vulnerability of a server, breaking into its Web site, and making
unauthorized modification to its data
*1/1
In a corporate network, which of the following is a server
that should be
installed in a corporate LAN rather than in the demilitarized
zone (DMZ)?
b) A DNS server where IP addresses of servers that are open to the public are
registered
*1/1
Among the information I through IV used for authentication,
which of the
following lists all and only the biometrics used for
authentication?
a) I, II, III
b) II, III
c) II, III, IV
d) IV
*1/1
When information security management is based on the PDCA
cycle,
which of the following corresponds to C?
*1/1
Which of the following is appropriate as the characteristic
of single sign-
on?
*1/1
Among I through III below, which of the following lists all
and only the
appropriate measures for preventing a PC from getting infected
with
viruses?
a) I
b) I, II
c) I, III
d) II, III
*1/1
Which of the following is an example of damage incurred by
the theft of
cookies by a cross site scripting attack or other attack?
d) Intrusion into the network takes place over the wireless LAN.
*1/1
Among the examples of conducting communication between a PC,
a
server, a communication device, a printer, etc., which of the following is
the list that contains all and only the examples that require the use of a
WAN?
a) A, B
b) A, C
c) B
d) C
*1/1
Which of the following is an appropriate disposal method for
media that
stores confidential information to ensure that information leakage
does
not occur?
a) CDs and DVDs are destroyed and then are disposed of.
c) USB memory is disposed of with its files and folders being deleted.
*1/1
Which of the following sets conditions for character type,
length, etc. used
for passwords that are set for accounts on a computer, etc.?
a) Single sign-on
b) Password crack
c) Password policy
d) One-time password
*1/1
Which of the following is a technique for taking advantage
of
psychological weaknesses or carelessness in order to improperly obtain
confidential
information?
a) DoS attack
b) SQL injection
c) Social engineering
d) Buffer overflow
*1/1
Which of the following is the threat that can be prevented
by encrypting
data?
b) Social engineering
*1/1
When an abnormality in power supply voltage caused by power
failure,
lightning strike, etc. has been detected, a company wishes to inform
its
computers of this event, continue supplying power for a certain period of
time, and safely shut down systems. Which of the following is an
appropriate
device that should be installed between computers and the
power supply for this
purpose?
a) DMZ
b) GPU
c) UPS
d) VPN
* 1/1
Which of the following is an appropriate explanation of a
VPN?
c) A virtual network that is set up by using a public network, etc., and is used
in the manner of a dedicated network
*1/1
Among confidentiality, integrity, and availability, which of
the following is
the list that contains all items that are lost in the incident
below, which
involves information security?
a) Confidentiality
b) Confidentiality, integrity
c) Integrity, availability
d) Availability
*1/1
In a file system that uses the access control methods below,
which of the
following settings for access rights to file A satisfy the
conditions for
access control?
a)
b)
c)
d)
*1/1
During the use of a PC in workplace, a message was displayed
stating
that antivirus software had detected a virus. Which of the following is
an
appropriate action that should be taken immediately on the PC?
a) Reboot of the PC
*1/1
Which of the following is an appropriate example of
biometric
authentication?
*1/1
Which of the following is an appropriate description
concerning the
reliability of a system or a device?
d) Taking measures in the design stage so that humans do not make mistakes in
system operation, or no faults or failures occur even if they make mistakes is
called fail soft.
*1/1
When information security measures are grouped into three
(3) categories
of technical security measures, human security measures, and
physical
security measures, which of the following is an appropriate example of
physical security measures?
*1/1
Among information security measures A through D implemented
in the
workplace to maintain the “confidentiality” and “integrity” of
information,
which of the following is a list of only the appropriate measures?
a) A, B
b) A, B, D
c) B, D
d) B, C, D
*1/1
Among the descriptions A through C below concerning
information
security measures, which of the following is the list that contains
all and
only the goals that can be achieved by encrypting communication
content?
a) A
b) A, B
c) A, C
d) B
a) Digital signature
b) Password cracking
c) Password policy
*1/1
In the description below concerning the ISMS conformity
assessment
scheme, which of the following is an appropriate combination of
words to
be inserted into blanks A and B?
a)
b)
c)
d)
*1/1
In order to promote risk management, the execution plan for
introducing
the risk management system was developed as the first step. When
the
subsequent actions are divided into steps A through C below, which of the
following is the order of the steps in accordance with the PDCA cycle?
a) A → B → C
b) A → C → B
c) C → A → B
d) C → B → A
*1/1
All employees are registered in an entry and exit control
system with
biometric authentication, and the employees who are allowed to
enter
each room within the company are specified. The exit from a room is not
controlled. Among the following lists of the descriptions A through D,
which is
the list that contains all and only the items that can be achieved
by the entry
and exit control system?
a) A, B, C
b) A, C
c) A, D
d) B, C, D
*1/1
Which of the following is the most appropriate description
concerning
SSL/TLS?
*1/1
Among the countermeasures A through D concerning information
security, which of the following is the list that contains all and only the
appropriate countermeasures for preventing a virus infection?
a) A, B
b) A, B, C
c) A, D
d) B, C
a) A, B, D
b) A, D
c) B, C
d) B, D
a) The management must implement not only the top-level information security
policy, but also the rules and procedures for information security.
c) While the rules and procedures for information security should be tailored to
the organization, the top-level information security policy must be adopted from
the industry standard model.
c) E-mail that is sent or forwarded with the same content by its receivers to
multiple destinations and causes the number of receivers to continue increasing
a) Stealing information by watching the keyboard input and the display screen
from behind a PC user
c) Analyzing a password by using dictionary data of all the words that are likely
to be used as passwords
d) Searching for a free access point by moving around a town with a PC that can
detect the electromagnetic waves of a wireless LAN
Correct answer
*1/1
The authentication
technology is classified into three (3) types, namely
authentication based on
one’s possession, authentication based on
physical characteristics, and authentication
based on one’s memory.
Which of the following is the appropriate classifications
of the
implementation examples (1) through (3)?
a)
b)
c)
d)
*1/1
Which of the following is
a form of direct damage to a server which is
caused by a DoS attack?
*1/1
Which of the following is
the most appropriate explanation of the
operation that spyware is meant to
perform?
*1/1
Which of the following is
an appropriate information security measure
against harmful software in a PC?
a) Using a 64-bit OS
b) Maintaining the latest version of the virus definition file at all times
*1/1
Which of the following is
an appropriate description concerning a security
patch that is used for the OS,
middleware, applications, etc., on a PC that
is used for work at a company?
d) Software for which support has ended and no more security patches are to be
released can be used securely if all security patches released so far are applied.
This content is neither created nor endorsed by Google. - Terms of Service - Privacy Policy
Forms