[2025年04月18日] 完全版最新の問題集でPDFで最新Cybersecurity-Audit-Certificate試験問題と解答 [Q24-Q45]

[2025年04月18日] 完全版最新の問題集でPDFで最新Cybersecurity-Audit-Certificate試験問題と解答

無料で使えるCybersecurity-Audit-Certificate試験問題集で100%合格できる試験簡単に合格させるJPNTest

質問 # 24
Which of the following is the BEST indication of mature third-party vendor risk management for an organization?

• A. The organization's security program follows the thud party's security program.
• B. The third party's security program Mows the organization s security program.
• C. The third party maintains annual assessments of control effectiveness.
• D. The organization maintains vendor security assessment checklists.

正解：D

解説：
The BEST indication of mature third-party vendor risk management for an organization is that the organization maintains vendor security assessment checklists. This is because vendor security assessment checklists help the organization to evaluate and monitor the security posture and performance of their third-party vendors, based on predefined criteria and standards. Vendor security assessment checklists also help the organization to identify and mitigate any gaps or issues in the vendor's security controls or processes. The other options are not as indicative of mature third-party vendor risk management for an organization, because they either involve following or mimicking the security program of either party without considering their own needs or risks (A, D), or relying on the vendor's self-assessment without independent verification or validation C.

質問 # 25
Which of the following contains the essential elements of effective processes and describes an improvement path considering quality and effectiveness?

• A. 60 270042009
• B. COBIT 5
• C. Balanced scorecard
• D. Capability maturity model integration

正解：D

解説：
Explanation
The document that contains the essential elements of effective processes and describes an improvement path considering quality and effectiveness is Capability Maturity Model Integration (CMMI). This is because CMMI is a framework that defines five levels of process maturity, from initial to optimized, and provides best practices and guidelines for improving the quality and effectiveness of processes across different domains, such as software development, service delivery, or cybersecurity. The other options are not documents that contain the essential elements of effective processes and describe an improvement path considering quality and effectiveness, but rather different types of documents or tools that provide guidance or recommendations for implementing policies or controls, such as Balanced Scorecard (B), ISO 27004:2009 C, or COBIT 5 (D).

質問 # 26
At which layer in the open systems interconnection (OSI) model does SSH operate?

• A. Session
• B. Presentation
• C. Application
• D. Network

正解：C

解説：
SSH, or Secure Shell, is a network protocol that operates at the Application layer of the OSI model. This is the topmost layer, which allows users to interact with the network through applications. SSH provides a secure channel over an unsecured network in a client-server architecture, enabling users to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another.

質問 # 27
Which of the following is a weakness associated with the use of symmetric, private keys in wired equivalent privacy (WEP) encryption?

• A. Keys are not retrievable.
• B. Keys remain unchanged on networks for extended times.
• C. Keys change periodically on networks.
• D. Keys are stored in the cloud.

正解：B

解説：
The use of symmetric, private keys in WEP encryption is associated with several weaknesses, one of which is that the keys often remain unchanged on networks for extended periods. This can lead to security vulnerabilities because if an attacker manages to compromise a key, they can potentially gain access to the network and decrypt data for as long as the key remains unchanged.

質問 # 28
Within the NIST core cybersecurity framework, which function is associated with using organizational understanding to minimize risk to systems, assets, and data?

• A. Detect
• B. Respond
• C. Recover
• D. Identify

正解：D

解説：
Explanation
Within the NIST core cybersecurity framework, the identify function is associated with using organizational understanding to minimize risk to systems, assets, and data. This is because the identify function helps organizations to develop an organizational understanding of their cybersecurity risk management posture, as well as the threats, vulnerabilities, and impacts that could affect their business objectives. The other functions are not directly related to using organizational understanding, but rather focus on detecting (A), recovering C, or responding (D) to cybersecurity events.

質問 # 29
Cyber threat intelligence aims to research and analyze trends and technical developments in which of the following areas?

• A. Cybersecurity operations management
• B. Industry-specific security regulator
• C. Cybersecurity risk scenarios
• D. Cybercrime, hacktism. and espionage

正解：D

解説：
Explanation
Cyber threat intelligence aims to research and analyze trends and technical developments in the areas of cybercrime, hacktivism, and espionage. These are the main sources of malicious cyber activities that pose risks to organizations and individuals. Cyber threat intelligence helps to understand the motivations, capabilities, tactics, techniques, and procedures of various threat actors and groups.

質問 # 30
Which of the following BEST facilitates the development of metrics for repotting to senior management on vulnerability management efforts?

• A. Regularly benchmarking the number of new vulnerabilities identified with industry peers
• B. Reviewing business impact analysis (BIA) results
• C. Monitoring the frequency of vulnerability assessments using automated scans
• D. Tracking vulnerabilities and the remediation efforts to mitigate them

正解：D

解説：
Explanation
The BEST feature that facilitates the development of metrics for reporting to senior management on vulnerability management efforts is tracking vulnerabilities and the remediation efforts to mitigate them. This is because tracking vulnerabilities and remediation efforts helps to measure and monitor the performance and effectiveness of vulnerability management efforts, by providing quantifiable and objective data on the number, severity, impact, status, and resolution time of vulnerabilities. Tracking vulnerabilities and remediation efforts also helps to identify and communicate any gaps or issues in vulnerability management efforts to senior management and other stakeholders. The other options are not features that facilitate the development of metrics for reporting to senior management on vulnerability management efforts, but rather different aspects or factors that affect vulnerability management efforts, such as reviewing business impact analysis (BIA) results (A), benchmarking with industry peers (B), or monitoring the frequency of vulnerability assessments (D).

質問 # 31
Which of the following BEST characterizes security mechanisms for mobile devices?

• A. Comparatively weak relative to workstations
• B. Configurable and reliable across device types
• C. Easy to control through mobile device management
• D. Inadequate for organizational use

正解：C

解説：
Explanation
The BEST characteristic that describes security mechanisms for mobile devices is easy to control through mobile device management. This is because mobile device management is a technique that allows organizations to centrally manage and secure mobile devices, such as smartphones, tablets, laptops, etc., that are used by their employees or customers. Mobile device management helps to enforce security policies, configure settings, install applications, monitor usage, wipe data, etc., on mobile devices remotely and efficiently. The other options are not characteristics that describe security mechanisms for mobile devices, but rather different aspects or factors that affect security mechanisms for mobile devices, such as weakness (B), inadequacy C, or reliability (D).

質問 # 32
Using a data loss prevention (DLP) solution to monitor data saved to a USB memory device is an example of managing:

• A. data in use.
• B. data redundancy.
• C. data at rest.
• D. data availability.

正解：C

解説：
Using a data loss prevention (DLP) solution to monitor data saved to a USB memory device is an example of managing data at rest. Data at rest is data that is stored on a device or media, such as hard disks, flash drives, tapes, or CDs. Data at rest can be exposed to unauthorized access, theft, or loss if not properly protected. A DLP solution is a tool that monitors and controls the movement and usage of data across an organization's network or endpoints. A DLP solution can prevent users from saving sensitive data to removable devices or alert on any violations of data policies.

質問 # 33
Which of the following presents the GREATEST risk to corporate data pertaining to mobile device usage?

• A. The mobile device is not obtained through corporate provisioning.
• B. The mobile device may be subject to remote wipe.
• C. End users are not trained in mobile device management.
• D. Privileged access is replicated to the user's own mobile device.

正解：D

解説：
Replicating privileged access to a user's own mobile device presents the greatest risk to corporate data. This is because it potentially allows unauthorized access to sensitive information if the device is lost, stolen, or compromised. Privileged access means having elevated permissions that are typically reserved for administrators. When such access is available on a personal device, it bypasses many of the security controls that a company would normally have in place.
Option A, remote wipe, is actually a security feature that can protect data if a device is lost or stolen. Option B, lack of training, can increase risk but does not directly expose data like privileged access does. Option C, devices not obtained through corporate provisioning, can be a risk, but this risk is generally less than that of replicating privileged access.

質問 # 34
What would be an IS auditor's BEST response to an IT managers statement that the risk associated with the use of mobile devices in an organizational setting is the same as for any other device?

• A. The ability to wipe mobile devices and disable connectivity adequately mitigates additional
• B. The risk associated with mobile devices is less than that of other devices and systems.
• C. The risk associated with mobile devices cannot be mitigated with similar controls for workstations.
• D. Replication of privileged access and the greater likelihood of physical loss increases risk levels.

正解：D

解説：
The BEST response to an IT manager's statement that the risk associated with the use of mobile devices in an organizational setting is the same as for any other device is that replication of privileged access and the greater likelihood of physical loss increases risk levels. Mobile devices pose unique risks to an organization due to their portability, connectivity, and functionality. Mobile devices may store or access sensitive data or systems that require privileged access, which can be compromised if the device is lost, stolen, or hacked. Mobile devices also have a higher chance of being misplaced or taken by unauthorized parties than other devices.

質問 # 35
The integrity of digital assets can be controlled by:

• A. redundancy, backups, and business continuity management.
• B. access controls, encryption, and digital signatures.
• C. user awareness training and related end-user testing.
• D. read access restrictions, database normalization, and patching.

正解：B

質問 # 36
When passwords are tied into key generation, the strength of the encryption algorithm is:

• A. diminished.
• B. maintained.
• C. voided.
• D. increased.

正解：B

解説：
When passwords are used in key generation, they serve as a component of the encryption process. The strength of the encryption algorithm itself is not inherently affected by the use of passwords for key generation. Instead, the security of the encryption relies on the strength and complexity of the password, the key generation process, and the encryption algorithm's resilience to attacks. A strong, complex password can contribute to a robust encryption key, thereby maintaining the intended strength of the encryption algorithm.

質問 # 37
Which of the following describes a system that enforces a boundary between two or more networks, typically forming a barrier between a secure and an open environment such as the Internet?

• A. Intrusion prevention system (IPS)
• B. Firewall
• C. Router
• D. Intrusion detection system (IDS)

正解：B

解説：
A firewall is a network security device that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It establishes a barrier between a secure internal network and an untrusted external network, such as the internet. This system is designed to prevent unauthorized access to or from private networks and is a fundamental piece of a comprehensive security framework for any organization.

質問 # 38
Which of the following provides an early signal of increasing risk exposures for an organization?

• A. Capability maturity model integration
• B. Key performance indicators
• C. Risk management policies and procedures
• D. Key risk indicators

正解：D

解説：
Key risk indicators (KRIs) are metrics that can provide an early signal of increasing risk exposures for an organization. KRIs are designed to measure and predict potential losses, and they help in identifying trends that could lead to future risks. They are different from Key Performance Indicators (KPIs), which measure the performance related to the achievement of strategic goals. KRIs, on the other hand, are specifically focused on risk and are used to monitor changes in the level of risk exposure.

質問 # 39
in key protection/management, access should be aligned with which of the following?

• A. Role descriptions
• B. Least privilege
• C. Position responsibilities
• D. System limitation

正解：B

解説：
Explanation
In key protection/management, access should be aligned with the principle of least privilege. This means that users should only have the minimum level of access required to perform their tasks and no more. This reduces the risk of unauthorized access, misuse, or compromise of sensitive data or systems.

質問 # 40
What is the PRIMARY purpose of creating a security architecture?

• A. To map out how security controls interact with an organization's systems
• B. To visually show gaps in information security controls
• C. To provide senior management a measure of information security maturity
• D. To create a long-term information security strategy

正解：D

解説：
The PRIMARY purpose of creating a security architecture is to create a long-term information security strategy that aligns with the organization's business goals and objectives. A security architecture defines the vision, principles, standards, policies, and guidelines for how security will be implemented and managed across the organization's systems, networks, and data.

質問 # 41
Which of the following is the MOST important consideration when choosing between different types of cloud services?

• A. Security features available on demand
• B. Emerging risk and infrastructure scalability
• C. Reputation of the cloud providers
• D. Overall risk and benefits

正解：D

質問 # 42
What is the MAIN consideration when storing backup files?

• A. Protecting the off-site data backup copies from unauthorized access
• B. Utilizing solid slate device (SSDJ media for quick recovery
• C. Storing backup files on public cloud storage
• D. Storing copies on-site for ease of access during incident response

正解：A

解説：
The MAIN consideration when storing backup files is protecting the off-site data backup copies from unauthorized access. This is because protecting the off-site data backup copies from unauthorized access helps to ensure the confidentiality and integrity of the backup data, and prevent any unauthorized or malicious disclosure, modification, or deletion of the backup data. Protecting the off-site data backup copies from unauthorized access also helps to comply with any regulatory or contractual requirements that may apply to the backup data. The other options are not the main consideration when storing backup files, but rather different aspects or factors that affect the backup process, such as using solid state device (SSD) media (A), storing backup files on public cloud storage (B), or storing copies on-site (D).

質問 # 43
Which of the following is MOST critical to guiding and managing security activities throughout an organization to ensure objectives are met?

• A. Establishing metrics to measure and monitor security performance
• B. Allocating a significant amount of budget to security investments
• C. Adopting industry security standards and frameworks
• D. Conducting annual security awareness training for all employees

正解：A

解説：
The MOST critical thing to guiding and managing security activities throughout an organization to ensure objectives are met is establishing metrics to measure and monitor security performance. This is because metrics provide quantifiable and objective data that can be used to evaluate the effectiveness and efficiency of security activities, as well as identify gaps and areas for improvement. Metrics also enable communication and reporting of security performance to stakeholders, such as senior management, board members, auditors, regulators, customers, etc. The other options are not as critical as establishing metrics, because they either involve spending money without knowing the return on investment (A), adopting standards without customizing them to fit the organization's context and needs (B), or conducting training without assessing its impact on behavior change (D).

質問 # 44
The "recover" function of the NIST cybersecurity framework is concerned with:

• A. taking appropriate action to contain and eradicate a security incident.
• B. identifying critical data to be recovered in case of a security incident.
• C. allocating costs incurred as part of the implementation of cybersecurity measures.
• D. planning for resilience and timely repair of compromised capabilities and services.

正解：D

解説：
The "Recover" function in the NIST Cybersecurity Framework is focused on developing and implementing activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event. This includes efforts to support timely recovery to normal operations to reduce the impact of a cybersecurity incident.

質問 # 45
......

無料で試せるCybersecurity-Audit-Certificate試験問題Cybersecurity-Audit-Certificate実際の無料試験問題：https://www.jpntest.com/shiken/Cybersecurity-Audit-Certificate-mondaishu

検証済みのCybersecurity-Audit-Certificate問題集と136格別な問題：https://drive.google.com/open?id=18oHZOx0h8H_S2KjiPnOM8-srzVMwZ_pm