CISA-JPN 試験問題 581
インシデント対応チームは、ネットワーク サブネットでウイルスが発生したことを通知されました。次のステップは次のどれですか。
正解: B
CISA-JPN 試験問題 582
ある組織は、ビジネス目的で個人情報を取得する提案を受けて、クライアント向け Web アプリケーションのセキュリティを強化しています。この取り組みを実施する前に確認する必要がある最も重要な項目は次のうちどれですか。
正解: A
CISA-JPN 試験問題 583
次のどれがソーシャルエンジニアリング攻撃方法でしょうか?
正解: A
Social engineering is a technique that exploits human weaknesses, such as trust, curiosity, or greed, to obtain information or access from a target. An employee is induced to reveal confidential IP addresses and passwords by answering questions over the phone is an example of a social engineering attack method, as it involves manipulating the employee into divulging sensitive information that can be used to compromise the network or system. A hacker walks around an office building using scanning tools to search for a wireless network to gain access, an intruder eavesdrops and collects sensitive information flowing through the network and sells it to third parties, and an unauthorized person attempts to gain access to secure premises by following an authorized person through a secure door are not examples of social engineering attack methods, as they do not involve human interaction or deception. References: [ISACA CISA Review Manual 27th Edition], page 361.
CISA-JPN 試験問題 584
仮想化環境にとって最も重要な制御は次のどれですか?
正解: B
The most important control for virtualized environments is hardening for the hypervisor and guest machines.
Hardening is the process of applying security measures and configurations to reduce the vulnerabilities and risks of a system or device. Hardening for the hypervisor and guest machines is essential for protecting the virtualized environments from attacks, as they are exposed to various threats from both the physical and virtual layers. Hardening for the hypervisor and guest machines involves the following steps:
* Applying the latest patches and updates for the hypervisor and guest operating systems, as well as the applications and drivers running on them.
* Configuring the firewall and network settings for the hypervisor and guest machines, to restrict and monitor the network traffic and prevent unauthorized access or communication.
* Disabling or removing any unnecessary or unused features, services, accounts, or ports on the hypervisor and guest machines, to minimize the attack surface and reduce the potential entry points for attackers.
* Enforcing strong authentication and authorization policies for the hypervisor and guest machines, to ensure that only authorized users or administrators can access or manage them.
* Encrypting the data and communication for the hypervisor and guest machines, to protect the confidentiality and integrity of the information stored or transmitted on them.
* Implementing logging and auditing mechanisms for the hypervisor and guest machines, to record and track any activities or events that occur on them, and enable detection and investigation of any incidents or anomalies.
Hardening for the hypervisor and guest machines can help prevent or mitigate common attacks on virtualized environments, such as:
* Hypervisor escape: An attack where a malicious guest machine breaks out of its isolated environment and gains access to the hypervisor or other guest machines.
* Hypervisor compromise: An attack where an attacker exploits a vulnerability or misconfiguration in the hypervisor to gain control over it or its resources.
* Guest compromise: An attack where an attacker exploits a vulnerability or misconfiguration in a guest machine to gain access to its data or applications.
* Guest impersonation: An attack where an attacker creates a fake or cloned guest machine to trick other guests or users into interacting with it.
* Guest denial-of-service: An attack where an attacker consumes or exhausts the resources of a guest machine to disrupt its availability or performance.
Therefore, hardening for the hypervisor and guest machines is the most important control for virtualized environments, as it can enhance their security, reliability, and performance. For more information about hardening for virtualized environments, you can refer to some of these web sources:
* Hypervisor security on the Azure fleet
* Chapter 2: Hardening the Hyper-V host
* Plan for Hyper-V security in Windows Server
Hardening is the process of applying security measures and configurations to reduce the vulnerabilities and risks of a system or device. Hardening for the hypervisor and guest machines is essential for protecting the virtualized environments from attacks, as they are exposed to various threats from both the physical and virtual layers. Hardening for the hypervisor and guest machines involves the following steps:
* Applying the latest patches and updates for the hypervisor and guest operating systems, as well as the applications and drivers running on them.
* Configuring the firewall and network settings for the hypervisor and guest machines, to restrict and monitor the network traffic and prevent unauthorized access or communication.
* Disabling or removing any unnecessary or unused features, services, accounts, or ports on the hypervisor and guest machines, to minimize the attack surface and reduce the potential entry points for attackers.
* Enforcing strong authentication and authorization policies for the hypervisor and guest machines, to ensure that only authorized users or administrators can access or manage them.
* Encrypting the data and communication for the hypervisor and guest machines, to protect the confidentiality and integrity of the information stored or transmitted on them.
* Implementing logging and auditing mechanisms for the hypervisor and guest machines, to record and track any activities or events that occur on them, and enable detection and investigation of any incidents or anomalies.
Hardening for the hypervisor and guest machines can help prevent or mitigate common attacks on virtualized environments, such as:
* Hypervisor escape: An attack where a malicious guest machine breaks out of its isolated environment and gains access to the hypervisor or other guest machines.
* Hypervisor compromise: An attack where an attacker exploits a vulnerability or misconfiguration in the hypervisor to gain control over it or its resources.
* Guest compromise: An attack where an attacker exploits a vulnerability or misconfiguration in a guest machine to gain access to its data or applications.
* Guest impersonation: An attack where an attacker creates a fake or cloned guest machine to trick other guests or users into interacting with it.
* Guest denial-of-service: An attack where an attacker consumes or exhausts the resources of a guest machine to disrupt its availability or performance.
Therefore, hardening for the hypervisor and guest machines is the most important control for virtualized environments, as it can enhance their security, reliability, and performance. For more information about hardening for virtualized environments, you can refer to some of these web sources:
* Hypervisor security on the Azure fleet
* Chapter 2: Hardening the Hyper-V host
* Plan for Hyper-V security in Windows Server
CISA-JPN 試験問題 585
内部監査チームは、別の国のサードパーティがホストする監査管理アプリケーションを使用するかどうかを決定しています。
ホストされたアプリケーションに給与監査文書をアップロードする場合に最も重要な考慮事項は何ですか?
ホストされたアプリケーションに給与監査文書をアップロードする場合に最も重要な考慮事項は何ですか?
正解: C
This is because privacy regulations are laws or rules that protect the personal information of individuals from unauthorized access, use, disclosure, or transfer by third parties. Payroll audit documentation may contain sensitive and confidential data, such as employee names, salaries, benefits, taxes, deductions, and bank accounts. If the audit management application is hosted by a third party in a different country, the organization may need to comply with the privacy regulations of both its own country and the host country, as well as any international or regional agreements or frameworks that apply. Privacy regulations may impose various requirements and obligations on the organization, such as obtaining consent from the data subjects, implementing appropriate security measures, notifying data breaches, and ensuring data quality and accuracy.
Privacy regulations may also grant various rights to the data subjects, such as accessing, correcting, deleting, or transferring their data. Failing to comply with privacy regulations may expose the organization to significant risks and consequences, such as legal actions, fines, sanctions, reputational damage, or loss of trust.
Some examples of privacy regulations affecting the organization are:
* The General Data Protection Regulation (GDPR), which is a comprehensive and strict privacy regulation that applies to any organization that processes personal data of individuals in the European Union (EU) or offers goods or services to them, regardless of where the organization or the data is located1.
* The California Consumer Privacy Act (CCPA), which is a broad and influential privacy regulation that applies to any organization that collects personal information of California residents and meets certain thresholds of revenue, data volume, or data sharing2.
* The Health Insurance Portability and Accountability Act (HIPAA), which is a sector-specific privacy regulation that applies to any organization that handles protected health information (PHI) of individuals in the United States, such as health care providers, health plans, or health care clearinghouses3.
Therefore, before using an audit management application hosted by a third party in a different country, the internal audit team should conduct a thorough assessment of the privacy regulations affecting the organization and ensure that they have adequate policies, procedures, and controls in place to comply with them.
Privacy regulations may also grant various rights to the data subjects, such as accessing, correcting, deleting, or transferring their data. Failing to comply with privacy regulations may expose the organization to significant risks and consequences, such as legal actions, fines, sanctions, reputational damage, or loss of trust.
Some examples of privacy regulations affecting the organization are:
* The General Data Protection Regulation (GDPR), which is a comprehensive and strict privacy regulation that applies to any organization that processes personal data of individuals in the European Union (EU) or offers goods or services to them, regardless of where the organization or the data is located1.
* The California Consumer Privacy Act (CCPA), which is a broad and influential privacy regulation that applies to any organization that collects personal information of California residents and meets certain thresholds of revenue, data volume, or data sharing2.
* The Health Insurance Portability and Accountability Act (HIPAA), which is a sector-specific privacy regulation that applies to any organization that handles protected health information (PHI) of individuals in the United States, such as health care providers, health plans, or health care clearinghouses3.
Therefore, before using an audit management application hosted by a third party in a different country, the internal audit team should conduct a thorough assessment of the privacy regulations affecting the organization and ensure that they have adequate policies, procedures, and controls in place to comply with them.
- 他のバージョン
- 3037ISACA.CISA-JPN.v2025-06-30.q593
- 1011ISACA.CISA-JPN.v2025-05-16.q572
- 2110ISACA.CISA-JPN.v2023-04-10.q297
- 1982ISACA.CISA-JPN.v2023-04-03.q306
- 2119ISACA.CISA-JPN.v2023-03-20.q319
- 2170ISACA.CISA-JPN.v2022-08-01.q273
- 2234ISACA.CISA-JPN.v2022-05-28.q253
- 最新アップロード
- 112PaloAltoNetworks.SecOps-Generalist.v2026-06-23.q81
- 110NetworkAppliance.NS0-005.v2026-06-23.q110
- 108Google.Generative-AI-Leader.v2026-06-23.q31
- 107Google.Google-Workspace-Administrator.v2026-06-23.q111
- 161Databricks.Databricks-Certified-Professional-Data-Engineer.v2026-06-22.q208
- 150Oracle.1z0-1054-25.v2026-06-22.q64
- 132Fortinet.NSE5_FSW_AD-7.6.v2026-06-22.q41
- 134Salesforce.MC-202.v2026-06-22.q57
- 125Nutanix.NCA-6.10.v2026-06-22.q43
- 145Workday.Workday-Pro-Talent-and-Performance.v2026-06-20.q18