HTML Code

Download as pdf or txt
Download as pdf or txt
You are on page 1of 1

Sunday Challenge Quiz - IP 8th Time

Total points 97/100

Based on Security Module

Email *

naymyintjohn007@gmail.com

Your Name *

Nay Myint Mo Aung

Your ITPEC Trainer *

AIT Institute

*0/1
When a smartphone is used, which of the following is an
appropriate
preventive measure for shoulder surfing? 

a) Always using the latest OS

b) Turning off the GPS function

c) Affixing a privacy screen protector on the screen

d) Attaching a strap to prevent fall and theft

Correct answer

c) Affixing a privacy screen protector on the screen

*1/1
Which of the following is used to confirm that there is no
falsification of
the content of an e-mail? 

a) IMAP

b) SMTP

c) Information security policy

d) Digital signature

*1/1
Which of the following is not an appropriate security
control concerning
human resources as a security risk treatment in ISMS? 

a) Performing background checks and other such checks for all candidates for
recruitment in accordance with the relevant laws, regulations, and ethics

b) Defining official disciplinary proceedings for employees who violate


information security, and ensuring employees’ awareness of them

c) Requesting that all employees at a company comply with information


security according to organizational policies and procedures, but not making
any request to companies that work is outsourced to

d) For employees who are leaving a company, defining obligations concerning


information security valid after they leave the company, informing the employees
about their obligations, and having them fulfill their obligations after they leave

*1/1
 A document file that
is stored on a file server is directly edited on a PC
and then an attempt is
made to overwrite the file, but the message “You
do not have permission, so the
file cannot be saved” is displayed. Which
of the following is the appropriate combination
of permissions that were
set for the document file and the folder that it is stored
in?

a)

b)

c)

d)

*0/1
Which of the following is an appropriate explanation of the
keylogger that
is a threat to information security? 

a) Stealing information by watching the keyboard input and the display output
from behind a PC user

b) Monitoring and recording the keyboard input on a user’s PC

c) Analyzing a password by using dictionary of all the words that are likely to be
used as passwords

d) Searching for a free access point by moving around a town with a PC that can
detect the electromagnetic waves of a wireless LAN

Correct answer

b) Monitoring and recording the keyboard input on a user’s PC

* 1/1
Which of the following is a DoS attack? 

a) Interrupting a network service by sending a large number of requests

b) Spying on the data of other people on a communication path

c) Trying various combinations of letters or numbers to unlock an account

d) Using a service on a network illegally by pretending to be another person

*1/1
In a file system that uses the access control methods below,
which of the
following settings for access rights to file A satisfies the
requirements for
access control?

a)

b)

c)

d)

*1/1
Among the countermeasures A through D concerning information
security, which of the following is the list that contains all and only the
appropriate countermeasures for preventing a virus infection?

a) A, B

b) A, B, C

c) A, D

d) B, C

*1/1
Which of the following is a protocol that is used for
encrypted
communication between a web server and a web browser that are
connected through HTTPS? 

a) SEO

b) SPEC

c) SQL

d) TLS

*1/1
Among I through IV used for authentication, which of the
following lists
all and only biometrics?

a) I, II, III

b) II, III

c) II, III, IV

d) IV

*1/1
When information security management is based on the PDCA
cycle,
which of the following corresponds to C? 

a) The objectives, processes, and procedures for information security are


established.

b) Improvement is made through corrective and preventive actions on the basis


of an evaluation.

c) Processes and procedures are introduced and operated.

d) Effectiveness of the processes are measured and evaluated.

*1/1
ID and password information is leaked from a web
site, and the users of
this web site suffer from a password list attack on a
different web site. In
this case, which of the following is considered to be a
description of the
problem concerning the ID and password that are used on the
second
web site?

a) Transactions with the ID and password are performed by using communication


that is not encrypted.

b) The same ID and password as the other web site are set.

c) A password is set with a combination of a small variety of types of


characters.

d) A short password is set.

*1/1
When a document file attached to a received
e-mail is opened, a PC
begins to behave abnormally. Which of the following is
an appropriate
suspected attack? 

a) SQL injection

b) Cross-site scripting

c) Shoulder hacking

d) Macro virus

Which of the following is a physical countermeasure for


information *1/1
security where depending on the importance of the information that
is
handled, an office or other such space is physically divided and separated
into areas such as an open area, a security area, and a handover area? 

a) Sanitizing

b) Social engineering

c) Zoning

d) Hacking

*1/1
In public key cryptography, a key for encryption and a key
for decryption
are required. If four (4) people want to encrypt communication
and send it
to each other, a total of eight (8) keys are required. Of these,
how many of
these keys are not made public? 

a) 1

b) 2

c) 4

d) 6

*1/1
Which of the following is an appropriate example of
biometric
authentication? 

a) Authentication by drawing a line connecting some of the nine (9) dots


displayed on a screen

b) Authentication by a password and a user ID that is unique for each individual

c) Authentication by recognizing the shape of a signature, the stroke order


and pen pressure used in signing, etc. using a reader device

d) Authentication by selecting, from among multiple illustrations, a combination


of illustrations that the user memorizes

*1/1
The authentication technology is classified into three (3)
types, namely
authentication based on one’s possession, authentication based on
physical characteristics, and authentication based on one’s memory.
Which of
the following is an appropriate combination of the
implementation examples (1)
through (3) and their classifications?

a)

b)

c)

d)

*1/1
Which of the following is appropriate as the characteristic
of single sign-
on? 

a) It is an effective countermeasure for information leakage because data is


processed and stored on a server side, and data does not remain on devices.

b) It implements high availability because when the data is saved, it is


automatically distributed and stored on multiple disks.

c) It implements high confidentiality because it employs authentication that uses


fingerprint and iris in addition to a password.

d) It implements high convenience because once a user is authenticated, he


or she is allowed to use multiple services without any more authentication.

*1/1
Among descriptions A through D concerning how to conduct
information
security education to employees, which of the following contains
all and
only the appropriate descriptions?

a) A, B, D

b) A, C, D

c) A, D

d) B, C

When information security measures are grouped into three


(3) categories *1/1
of technical security measures, human security measures, and
physical
security measures, which of the following is an appropriate example of
physical security measures? 

a) Making a non-disclosure agreement with employees

b) Attaching a digital signature to an e-mail when it is sent

c) Storing a notebook PC in a place that can be locked

d) Recommending password change on a regular basis

*1/1
Which of the following is an authentication method where a
user uses
information that differs each time and is generated with a device
called a
token or other such device? 

a) Digital signature

b) Password cracking

c) Password policy

d) One time password

*1/1
Which of the following is a technique for taking advantage
of
psychological weaknesses or carelessness in order to, for example,
improperly obtain confidential information? 

a) DoS attack

b) SQL injection

c) Social engineering

d) Buffer overflow

*1/1
Which of the following is a term for software that encrypts
files on a
computer in order to make them unusable, and demands money or other
valuables in exchange for the decryption key? 

a) Keylogger

b) Ransomware

c) Rootkit

d) Worm

*1/1
Which of the following is an appropriate description
concerning password
management? 

a) A password that is used for a business system should not be used for any
private Internet services.

b) The initial password should not be changed until a user becomes familiar with
the operation of login to the system.

c) Several passwords should be prepared and used in rotation.

d) A password should be stored in a plaintext file and saved on a PC.

*1/1
Which of the following is an appropriate description
concerning a scheme
for authenticating a user of a system? 

a) A scheme where authentication is accomplished by utilizing a password that


can be used only once is called a single sign-on.

b) A scheme where the use of multiple servers or applications is authorized by


being authenticated once is called a one time password.

c) A scheme where a sequence of numbers or characters that are placed on


positions that the user remembers within a table on the screen is entered as
a password is called a matrix authentication.

d) A scheme where authentication of the user is accomplished by using


fingerprints, voiceprint, or other physical characteristics is called a challenge-
response authentication.

When information is classified and managed according to the


protection *1/1
level in information security, which of the following lists all and
only the
appropriate methods for the management?

a) I, III

b) I, IV

c) II, III

d) II, IV

*1/1
There is a room that stores important information. Which of
the following
is the most appropriate countermeasure for unauthorized entry to
this
room and unauthorized access to the important information in the room? 

a) The monitoring of entry and exit of the room and work that is performed in
the room with security staff and monitoring cameras

b) The wearing of an entry pass in a place where other people cannot see it when
in the room

c) The use of only electronic methods such as card authentication with no


staffed desk for entrance and exit control

d) The informing of all employees of the existence of the room and the
information that it stores

*1/1
Which of the following is the appropriate description
concerning a
wireless LAN? 

a) Countermeasures against unauthorized use of an access point are


required.

b) The standard for encryption is limited to WPA2.

c) Communication between a terminal and an access point is possible over any


distance.

d) There are multiple standards for wireless LANs, and communication is


possible among them all.

*1/1
There is an electronic file that needs to be made
confidential. Which of
the following is the appropriate security technology to
use in order to
ensure the confidentiality of this file? 

a) Access control

b) Timestamp

c) Digital signature

d) Hot standby

One of the methods of cracking a password is a brute force


attack that *1/1
attempts all character combinations. When the number of characters
of a
password that is composed of 26 letters from A through Z is increased
from
four (4) to six (6) characters, by what factor is the maximum number
of
attempts to successfully crack the password with the brute force
attack
increased? 

a) 2

b) 24

c) 52

d) 676

*1/1
Which of the following is used to confirm that there is no
falsification of
the content of an e-mail? 

a) IMAP

b) SMTP

c) Information security policy

d) Digital signature

*1/1
When risk treatment in risk management for information
security is
divided into the four (4) categories of risk transfer, avoidance,
acceptance,
and mitigation, which of the following is an appropriate example of
risk
mitigation? 

a) A company runs a service on the Internet to provide confidential information


to specific users, but in consideration of the risk of information leakage, the
company withdraws from the service.

b) A company buys insurance against the risk of personal information leakage.

c) Entry to a server room is limited to administrators, and the risk of theft of


devices is low so no additional countermeasures are taken.

d) The information that is stored on the hard disk drive of a notebook PC is


encrypted in order to protect against the risk of information leakage due to
loss and theft of the notebook PC.

*1/1
Which of the following is an appropriate example of
biometric
authentication? 

a) Authentication of an individual by the shape of the veins in a finger

b) Authentication of an individual with a digital certificate

c) Authentication by testing whether a distorted text in an image can be read


correctly or not

d) Authentication by using a one-time password

*1/1
Which of the following is the aim of an attacker who infects
someone
else’s PC with ransomware? 

a) To obtain personal information on the PC via a network

b) To make files on the PC unusable, and to obtain money in exchange from


unlocking them

c) To obtain characters typed with the PC keyboard via a network

d) To maliciously operate the PC by sending instructions for operations via a


network

*1/1
An IoT device with a vulnerability was used in large numbers
by several
companies. One (1) of the devices was infected with malware, and the
infection spreads to many other IoT devices. On a certain date at a certain
time, the many IoT devices that were infected with the malware attempted
many
connections to a certain website simultaneously, and this forced
the service of
the website to stop. Which of the following attacks was
made against the
website? 

a) DDoS attack

b) Cross-site scripting

c) Dictionary attack

d) Social engineering

* 1/1
Which of the following is an appropriate explanation of
phishing?

a) An attacker’s act of sending a command via network to a virus-infected PC and


having it execute an illegal program

b) Sending an e-mail that pretends to be from a financial institution, directing


a user to a false web site, and illegally acquiring a PIN, a credit card number,
or other information

c) Identifying a password by using a dictionary data that enumerates strings that


are likely to be used as a password

d) Sending a large number of packets from multiple computers to a target server


and disabling the function of the server

*1/1
Which of the following is the most appropriate combination
of the
measures against password theft and brute force attack respectively on
websites having a login function?

a)

b)

c)

d)

*1/1
Which of the following is the appropriate example of
activities conducted
in A (Act) in the organizations that operate ISMS on the
basis of the PDCA
model? 

a) Changing the server monitoring method as a corrective action that is


based on the results of the audit of the business operations.

b) Objectively evaluating the server administrator’s work details by a third party.

c) Identifying the information assets in the server room.

d) Monitoring the operation of the server according to the defined operational


procedure.

*1/1
When the evaluation values of asset value, threat, and
vulnerability of
assets A through D are as shown in the table, which of the
following
assets will be evaluated as the asset where risk measures should be
taken at the highest priority? Here, the risk value is calculated by
multiplying each three evaluation values together in the table without
weighting.

a) Asset A

b) Asset B

c) Asset C

d) Asset D

*1/1
It is reported that WEP suffers from the problem that
ciphers are decoded
in a short time. Which of the following is a wireless LAN
encryption
method for increasing the strength of encryption? 

a) ESSID

b) HTTPS

c) S/MIME

d) WPA2

*1/1
Mr. A sent an e-mail to Mr. B that was encrypted with Mr.
B’s key by using
the public key cryptosystem, and this e-mail contains details
that Mr. A
wants to send only to Mr. B. Which of the following keys is needed
to
decrypt this e-mail? 

a) Public key of Mr. A

b) Private key of Mr. A

c) Public key of Mr. B

d) Private key of Mr. B

*1/1
Among the descriptions from A through C, which of the
following is the
list that contains all appropriate features of VPN?

a) A

b) A, C

c) B

d) C

*1/1
When an information security policy is composed of three (3)
documents,
namely, basic policy, standards, and procedures, which of the
following is
the appropriate explanation concerning these documents? 

a) The basic policy is created by employees according to the standards and


procedures prepared by the management.

b) The basic policy is a manual that describes the actions that the management
should take when an information security incident occurs.

c) The procedures describe what specific steps the person in charge should
take in accordance with the rules in the standards.

d) The standards define what should be described in the basic policy and the
procedures, and it should be made known to the concerned parties.

*1/1
When information security measures are classified into three
(3)
measures, namely, technology measures, personnel measures, and
physical
measures, which of the following is the appropriate example of
physical
measures? 

a) In order to prevent unauthorized use of computers, biometric authentication is


used in the login authentication of computers.

b) In order to prevent unauthorized intrusion to a server from an external network,


a firewall is installed.

c) In order to prevent and detect frauds and operational errors by a security


administrator, multiple personnel are assigned to security administration and
perform mutual checks on each other’s work contents.

d) In order to check for unauthorized entry, a security zone is established and


locked, and the use of keys is managed.

*1/1
Which of the following is the appropriate description
concerning virus
infection? 

a) Infection may affect not only the OS and applications, but also the
firmware embedded in a device.

b) If only an external storage medium is used for exchanging data with other
computers without connecting a computer to the network, the computer will not
be infected.

c) The computer where infection is detected should be kept connected to the


network, and the OS and the security software should be immediately updated.

d) If e-mail attachments are not opened, the computer will not be infected.

*1/1
When a smartphone is used, which of the following is the
appropriate
preventive measure for shoulder surfing that is classified as
social
engineering? 

a) Always using the latest OS

b) Turning off the position information function

c) Affixing a privacy filter on the screen

d) Attaching a strap to prevent fall and theft

*1/1
Which of the following is an appropriate information
security measures
for PC against harmful software? 

a) Using a 64-bit OS

b) Maintaining the latest version of the virus definition file at all times

c) Defragmenting the hard disk periodically

d) Saving files after compressing them

*1/1
A private key and a public key were generated as a key pair
when a digital
certificate was issued. Which of the following is an appropriate
action
that should be taken when the private key is leaked? 

a) Reissuing the digital certificate with the key pair that was used

b) Requesting to the certification authority for invalidation of the digital


certificate

c) Using a key pair that is newly created at the time of reissuing due to the
expiration of the validity period

d) Using the digital certificate as it is, because it is only the private key that was
leaked

*1/1
Risks on information assets are assessed on the basis of
threats and
vulnerabilities. Which of the following falls under a threat? 

a) Unencrypted communication

b) An inconsistency in procedures for handling confidential documents

c) A door that cannot be locked

d) An unexpected power failure due to a disaster such as a thunderbolt

*1/1
Which of the following is an appropriate description of risk
assessment in
information security? 

a) Quarantining a virus that has intruded into a PC or a server, as well as


minimizing the risk of a spread of the infection

b) Analyzing and assessing risks on identified assets, and determining


whether any action is necessary according to a criteria

c) Confirming that the user of a system is authentic by using information that


has been registered in advance

d) Calculating the cost effectiveness of installing an information system

*1/1
Which of the following is an appropriate description
concerning a scheme
for authenticating the user of a system? 

a) A scheme where authentication is accomplished by utilizing a password that


can be used only once is called a single sign-on.

b) A scheme where the use of multiple servers or applications is authorized by


accomplishing an authentication once is called a one time password.

c) A scheme where numbers or characters that are placed on positions that


the user remembers within a table on the screen are entered as a password is
called a matrix authentication.

d) A scheme where authentication of the user is accomplished by using


fingerprints, voiceprint, or other physical characteristics is called a challenge-
response authentication.

*1/1
Which of the following is a protocol that is used for
encrypted
communication between a web server and a browser that are connected
through HTTPS? 

a) SEO

b) SPEC

c) SQL

d) SSL/TLS

*1/1
Which of the following is an appropriate
combination of the descriptions
(i) through (iii) about threats in information
security and the terms below?

a)

b)

c)

d)

When information is classified and managed according to the


protection *1/1
level in information security, which of the following lists all and
only the
appropriate methods for the management?

a) I, III

b) I, IV

c) II, III

d) II, IV

*1/1
Which of the following is a security standard that is used
in a wireless
LAN? 

a) Cookie

b) ESSID

c) MIME

d) WPA2

*1/1
Which of the following is an appropriate example of
biometric
authentication? 

a) A user hovers his/her hand over a sensor when he/she uses an ATM, and
then authentication is accomplished by matching his/her vein pattern against
the preregistered one.

b) By drawing on the screen of a smartphone a preregistered sequence in a


single stroke, the lock on the screen is released.

c) By requesting the user to answer a question that a machine is unlikely to be


able to answer, it is confirmed that a human is doing the operation. For example,
the user is requested to choose photos of an outdoor scenery from multiple
photos.

d) By requesting the user to choose images that relate to the user, for example,
photos of his/her relatives, from multiple photos, the authentication is
accomplished.

Which of the following is a characteristic of symmetric key


cryptography *1/1
and not of public key cryptography? 

a) Safe communication is possible even if the key used for encryption becomes
known to a third party.

b) Only one key is required even when separate communications must be


conducted safely with multiple parties.

c) The holder of a key can be verified through a digital certificate.

d) The key that was used for encryption is also used for decryption.

*1/1
When risk management in information security is divided into
risk
identification, risk analysis, risk assessment, and risk treatment, which
of
the following is included in risk treatment?

a) Finding risks that exist in an organization

b) Comparing the level of each risk and risk acceptance criteria, and determining
the necessity of implementing controls

c) Calculating the level of each risk from the probability that the risk will be
realized and its impact

d) Selecting a method to deal with each risk, and creating a plan to


implement specific controls

*1/1
Which of the following is a term for software that encrypts
files on a PC in
order to make them unusable, and demands money or other
valuables in
exchange for the decryption key? 

a) Keylogger

b) Ransomware

c) Rootkit

d) Worm

*1/1
When treatments against information security risks are
categorized into
risk transfer, risk avoidance, risk acceptance, and risk
reduction, which of
the following is the description that corresponds to risk
acceptance? 

a) Taking security measures, and reducing the likelihood that problems will occur

b) Without taking any special action, estimating the impact when damage
occurs

c) Shifting risk to a third party through insurance

d) Removing the causes of a problem, and eliminating the likelihood that the risk
will materialize

*1/1
Which of the following is an appropriate description about
password
management? 

a) A password that is used for a business system should not be used for any
private Internet services.

b) The initial password should not be changed until a user becomes familiar with
the operation of login to the system.

c) Several passwords should be prepared and used in rotation.

d) A password should be stored in a plaintext file and saved on a PC.

*1/1
When a user accessed the URL in the body of an e-mail
message with a
PC, the message shown in the figure appeared on the screen and
the PC
was locked. What is used in this attack?

a) Keylogger

b) Spyware

c) Bot

d) Ransomware

* 1/1
Which of the following is not an example of a cyber attack? 

a) With a purpose of obtaining confidential information, looking for recorded


media that were disposed of from an office

b) By exploiting a vulnerability of a server, breaking into its Web site, and making
unauthorized modification to its data

c) By sending a large amount of requests at once, disrupting a service

d) By using a back door, remotely controlling another person’s PC

*1/1
In a corporate network, which of the following is a server
that should be
installed in a corporate LAN rather than in the demilitarized
zone (DMZ)? 

a) An e-mail server that receives e-mails from outside the company

b) A DNS server where IP addresses of servers that are open to the public are
registered

c) A file server that stores confidential information of the company

d) A Web server that publishes information to the outside of the company

*1/1
Among the information I through IV used for authentication,
which of the
following lists all and only the biometrics used for
authentication?

a) I, II, III

b) II, III

c) II, III, IV

d) IV

*1/1
When information security management is based on the PDCA
cycle,
which of the following corresponds to C? 

a) The objectives, processes, and procedures for information security are


established.

b) Improvement is made through corrective and preventive actions on the basis


of an evaluation.

c) Processes and procedures are introduced and operated.

d) Effectiveness of the processes are measured and evaluated.

*1/1
Which of the following is appropriate as the characteristic
of single sign-
on? 

a) It is an effective countermeasure for information leakage because data is


processed and stored on a server side, and data does not remain on devices.

b) It implements high availability because when the data is saved, it is


automatically distributed and stored on multiple disks.

c) It implements high confidentiality because it employs authentication that uses


fingerprint and iris in addition to a password.

d) It implements high convenience because once a user is authenticated, he


or she is allowed to use multiple services without any more authentication.

*1/1
Among I through III below, which of the following lists all
and only the
appropriate measures for preventing a PC from getting infected
with
viruses?

a) I

b) I, II

c) I, III

d) II, III

Company A has decided to digitize a paper list of customers


and manage *1/1
customers by using electronic data. Which of the following is an
appropriate method for preventing information leakage from the
electronic data
of the customer list? 

a) Attaching a digital signature to the data

b) Frequently obtaining backups of the data

c) Saving the data on a RAID disk

d) Encrypting the data

*1/1
Which of the following is an example of damage incurred by
the theft of
cookies by a cross site scripting attack or other attack?

a) The PC becomes infected by a virus.

b) The files on the PC are sent to an outside destination.

c) Web service accounts are hijacked.

d) Intrusion into the network takes place over the wireless LAN.

*1/1
Among the examples of conducting communication between a PC,
a
server, a communication device, a printer, etc., which of the following is
the list that contains all and only the examples that require the use of a
WAN?

a) A, B

b) A, C

c) B

d) C

*1/1
Which of the following is an appropriate disposal method for
media that
stores confidential information to ensure that information leakage
does
not occur?

a) CDs and DVDs are destroyed and then are disposed of.

b) A PC is disposed of with its CPU being destroyed.

c) USB memory is disposed of with its files and folders being deleted.

d) Paper documentation is not used as memo paper and is sealed in a


confidential envelope and then is disposed of together with general trash.

*1/1
Which of the following sets conditions for character type,
length, etc. used
for passwords that are set for accounts on a computer, etc.?

a) Single sign-on

b) Password crack

c) Password policy

d) One-time password

*1/1
Which of the following is a technique for taking advantage
of
psychological weaknesses or carelessness in order to improperly obtain
confidential
information?

a) DoS attack

b) SQL injection

c) Social engineering

d) Buffer overflow

*1/1
Which of the following is the threat that can be prevented
by encrypting
data?

a) Deletion of data because of an operational error

b) Social engineering

c) Tapping of communication content

d) DoS attack on the server in which data is stored

*1/1
When an abnormality in power supply voltage caused by power
failure,
lightning strike, etc. has been detected, a company wishes to inform
its
computers of this event, continue supplying power for a certain period of
time, and safely shut down systems. Which of the following is an
appropriate
device that should be installed between computers and the
power supply for this
purpose?

a) DMZ

b) GPU

c) UPS

d) VPN

* 1/1
Which of the following is an appropriate explanation of a
VPN?

a) A wireless network over which devices engage in two-way communication


without going through an access point

b) A network that is set up within a relatively limited area, such as an office or a


building

c) A virtual network that is set up by using a public network, etc., and is used
in the manner of a dedicated network

d) A network to which a PC is connected to prior to be connected to an internal


company network, etc. in order to test the PC’s security

*1/1
Among confidentiality, integrity, and availability, which of
the following is
the list that contains all items that are lost in the incident
below, which
involves information security?

a) Confidentiality

b) Confidentiality, integrity

c) Integrity, availability

d) Availability

*1/1
In a file system that uses the access control methods below,
which of the
following settings for access rights to file A satisfy the
conditions for
access control?

a)

b)

c)

d)

*1/1
During the use of a PC in workplace, a message was displayed
stating
that antivirus software had detected a virus. Which of the following is
an
appropriate action that should be taken immediately on the PC?

a) Reboot of the PC

b) Notification to the workplace by e-mail from the PC

c) Disconnection of the PC from networks

d) Backup of files on the PC

*1/1
Which of the following is an appropriate example of
biometric
authentication?

a) Authentication by drawing a line connecting some of the nine (9) dots


displayed on a screen

b) Authentication by a password and a user ID that is unique for each individual

c) Authentication by recognizing the shape of a signature, the stroke order


and pen pressure used in signing, etc. using a reader device

d) Authentication by selecting, from among multiple illustrations, a combination


of illustrations that the user memorizes

*1/1
Which of the following is an appropriate description
concerning the
reliability of a system or a device?

a) Controlling a system in a safe state in order to minimize damage when a fault


occurs in a device is called foolproof.

b) Reducing the probability of occurrence of a fault in a device by using high-


quality and high-reliability parts and elements is called fail-safe.

c) Enabling continuation of system processing when a fault occurs in a


system due to an error is called fault tolerance.

d) Taking measures in the design stage so that humans do not make mistakes in
system operation, or no faults or failures occur even if they make mistakes is
called fail soft.

*1/1
When information security measures are grouped into three
(3) categories
of technical security measures, human security measures, and
physical
security measures, which of the following is an appropriate example of
physical security measures? 

a) Making a non-disclosure agreement with employees

b) Attaching a digital signature to an e-mail when it is sent

c) Storing a notebook PC in a place that can be locked

d) Recommending password change on a regular basis

*1/1
Among information security measures A through D implemented
in the
workplace to maintain the “confidentiality” and “integrity” of
information,
which of the following is a list of only the appropriate measures?

a) A, B

b) A, B, D

c) B, D

d) B, C, D

*1/1
Among the descriptions A through C below concerning
information
security measures, which of the following is the list that contains
all and
only the goals that can be achieved by encrypting communication
content?

a) A

b) A, B

c) A, C

d) B

Which of the following is an authentication method where a


user uses *1/1
information that differs each time and is generated with a device
called a
token or other such device? 

a) Digital signature

b) Password cracking

c) Password policy

d) One time password

*1/1
In the description below concerning the ISMS conformity
assessment
scheme, which of the following is an appropriate combination of
words to
be inserted into blanks A and B?

a)

b)

c)

d)

*1/1
In order to promote risk management, the execution plan for
introducing
the risk management system was developed as the first step. When
the
subsequent actions are divided into steps A through C below, which of the
following is the order of the steps in accordance with the PDCA cycle?

a) A → B → C

b) A → C → B

c) C → A → B

d) C → B → A

*1/1
All employees are registered in an entry and exit control
system with
biometric authentication, and the employees who are allowed to
enter
each room within the company are specified. The exit from a room is not
controlled. Among the following lists of the descriptions A through D,
which is
the list that contains all and only the items that can be achieved
by the entry
and exit control system?

a) A, B, C

b) A, C

c) A, D

d) B, C, D

*1/1
Which of the following is the most appropriate description
concerning
SSL/TLS? 

a) It generates a one-time password to authenticate a user on a web site.

b) It encrypts communications between a web server and a browser.

c) It prevents (or filters) access to an unauthorized web site.

d) It detects a virus that infects a computer through a network.

*1/1
Among the countermeasures A through D concerning information
security, which of the following is the list that contains all and only the
appropriate countermeasures for preventing a virus infection?

a) A, B

b) A, B, C

c) A, D

d) B, C

Among the descriptions A through D concerning the operations *1/1


management of a file server, which of the following is the list that
contains
all and only the items that are effective as a security measure?

a) A, B, D

b) A, D

c) B, C

d) B, D

Which of the following is


the most appropriate description of an *1/1
information security policy for an
organization? 

a) The management must implement not only the top-level information security
policy, but also the rules and procedures for information security.

b) It is necessary to publish outside of the company not only the top-level


information security policy, but also the rules and procedures for information
security.

c) While the rules and procedures for information security should be tailored to
the organization, the top-level information security policy must be adopted from
the industry standard model.

d) Even when different information security measures are implemented in


different departments of an organization, the top-level information security
policy must be unified across the organization.

Which of the following is


an appropriate explanation of spam mail? * 1/1

a) E-mail that is indiscriminately sent to users without their consent

b) E-mail that is distributed to all participants registered previously for a specific


purpose

c) E-mail that is sent or forwarded with the same content by its receivers to
multiple destinations and causes the number of receivers to continue increasing

d) A message exchange system that provides a message posting function using


e-mail or web page to enable information exchange with the general public

Which of the following is


an appropriate explanation of the keylogger that *0/1
is a threat to information
security? 

a) Stealing information by watching the keyboard input and the display screen
from behind a PC user

b) Monitoring the keyboard input on a user’s PC by running a mechanism that can


record such input

c) Analyzing a password by using dictionary data of all the words that are likely
to be used as passwords

d) Searching for a free access point by moving around a town with a PC that can
detect the electromagnetic waves of a wireless LAN

Correct answer

b) Monitoring the keyboard input on a user’s PC by running a mechanism that can


record such input

*1/1
The authentication
technology is classified into three (3) types, namely
authentication based on
one’s possession, authentication based on
physical characteristics, and authentication
based on one’s memory.
Which of the following is the appropriate classifications
of the
implementation examples (1) through (3)?

a)

b)

c)

d)

*1/1
Which of the following is
a form of direct damage to a server which is
caused by a DoS attack? 

a) The encrypted data is decrypted.

b) The administrator password is changed.

c) The server is infected by a virus.

d) The services of a server are interrupted.

*1/1
Which of the following is
the most appropriate explanation of the
operation that spyware is meant to
perform? 

a) To destabilize the operation of the OS and software

b) To delete files from the file system without user consent

c) To hijack the browser and forcefully execute a particular operation

d) To collect personal and other information without being noticed by users

*1/1
Which of the following is
an appropriate information security measure
against harmful software in a PC? 

a) Using a 64-bit OS

b) Maintaining the latest version of the virus definition file at all times

c) Defragmenting the hard disk periodically

d) Saving files after compressing them

*1/1
Which of the following is
an appropriate description concerning a security
patch that is used for the OS,
middleware, applications, etc., on a PC that
is used for work at a company? 

a) It should be applied in order to prevent virus infection.

b) It should be applied when a PC is infected with a virus.

c) If the current functions are satisfactory, even if a security patch is released, it


does not need to be applied.

d) Software for which support has ended and no more security patches are to be
released can be used securely if all security patches released so far are applied.

This content is neither created nor endorsed by Google. - Terms of Service - Privacy Policy

 Forms

You might also like