NO.1 Which of the following command line tools can be used in the reconnaisance phase of a
network vulnerability assessment?
A. ifconfig
B. ipconfig
C. nbtstat
D. dig
Answer: D

CISSP学習教材 CISSP認定テキスト

NO.2 A business has implemented Payment Card Industry Data Security Standard (PCI-DSS)
compliant handheld credit card processing on their Wireless Local Area Network (WLAN) topology.
The network team partitioned the WLAN to create a private segment for credit card processing using
a firewall to control device access and route traffic to the card processor on the Internet. What
components are in the scope of PCI-DSS?
A. The entire enterprise network infrastructure.
B. The end devices, wireless access points, WLAN, switches, management console, and Internet
C. The end devices, wireless access points, WLAN, switches, management console, and firewall.
D. The handheld devices, wireless access points and border gateway.
Answer: C


NO.3 An organization is selecting a service provider to assist in the consolidation of multiple
computing sites including development, implementation and ongoing support of various computer
systems. Which of the following MUST be verified by the Information Security Department?
A. The service provider's policies can meet the requirements imposed by the new environment even
if they differ from the organization's current policies.
B. The service provider's policies are consistent with ISO/IEC27001 and there is evidence that the
service provider is following those policies.
C. The service provider will impose controls and protections that meet or exceed the current systems
controls and produce audit logs as verification.
D. The service provider will segregate the data within its systems and ensure that each region's
policies are met.
Answer: A


NO.4 Which of the following BEST describes a Protection Profile (PP)?
A. A document that expresses an implementation dependent set of security requirements which
contains only the security functional requirements.
B. A document that represents evaluated products where there is a one-to-one correspondence
between a PP and a Security Target (ST).
C. A document that expresses an implementation independent set of security requirements for an IT
product that meets specific consumer needs.
D. A document that is used to develop an IT security product from its security requirements
Answer: C




試験科目:Certified Information Systems Security Professional
問題と解答:全373問 CISSP 試験準備

>> CISSP 試験準備



JPshikenは最新の70-462問題集と高品質の070-413問題と回答を提供します。JPshikenのHPE0-Y53 VCEテストエンジンと1Z0-820試験ガイドはあなたが一回で試験に合格するのを助けることができます。高品質の070-341 PDFトレーニング教材は、あなたがより迅速かつ簡単に試験に合格することを100%保証します。試験に合格して認証資格を取るのはそのような簡単なことです。