CISA-JPN 試験問題 106
仮想化環境にとって最も重要な制御は次のどれですか?
正解: B
The most important control for virtualized environments is hardening for the hypervisor and guest machines.
Hardening is the process of applying security measures and configurations to reduce the vulnerabilities and risks of a system or device. Hardening for the hypervisor and guest machines is essential for protecting the virtualized environments from attacks, as they are exposed to various threats from both the physical and virtual layers. Hardening for the hypervisor and guest machines involves the following steps:
* Applying the latest patches and updates for the hypervisor and guest operating systems, as well as the applications and drivers running on them.
* Configuring the firewall and network settings for the hypervisor and guest machines, to restrict and monitor the network traffic and prevent unauthorized access or communication.
* Disabling or removing any unnecessary or unused features, services, accounts, or ports on the hypervisor and guest machines, to minimize the attack surface and reduce the potential entry points for attackers.
* Enforcing strong authentication and authorization policies for the hypervisor and guest machines, to ensure that only authorized users or administrators can access or manage them.
* Encrypting the data and communication for the hypervisor and guest machines, to protect the confidentiality and integrity of the information stored or transmitted on them.
* Implementing logging and auditing mechanisms for the hypervisor and guest machines, to record and track any activities or events that occur on them, and enable detection and investigation of any incidents or anomalies.
Hardening for the hypervisor and guest machines can help prevent or mitigate common attacks on virtualized environments, such as:
* Hypervisor escape: An attack where a malicious guest machine breaks out of its isolated environment and gains access to the hypervisor or other guest machines.
* Hypervisor compromise: An attack where an attacker exploits a vulnerability or misconfiguration in the hypervisor to gain control over it or its resources.
* Guest compromise: An attack where an attacker exploits a vulnerability or misconfiguration in a guest machine to gain access to its data or applications.
* Guest impersonation: An attack where an attacker creates a fake or cloned guest machine to trick other guests or users into interacting with it.
* Guest denial-of-service: An attack where an attacker consumes or exhausts the resources of a guest machine to disrupt its availability or performance.
Therefore, hardening for the hypervisor and guest machines is the most important control for virtualized environments, as it can enhance their security, reliability, and performance. For more information about hardening for virtualized environments, you can refer to some of these web sources:
* Hypervisor security on the Azure fleet
* Chapter 2: Hardening the Hyper-V host
* Plan for Hyper-V security in Windows Server
Hardening is the process of applying security measures and configurations to reduce the vulnerabilities and risks of a system or device. Hardening for the hypervisor and guest machines is essential for protecting the virtualized environments from attacks, as they are exposed to various threats from both the physical and virtual layers. Hardening for the hypervisor and guest machines involves the following steps:
* Applying the latest patches and updates for the hypervisor and guest operating systems, as well as the applications and drivers running on them.
* Configuring the firewall and network settings for the hypervisor and guest machines, to restrict and monitor the network traffic and prevent unauthorized access or communication.
* Disabling or removing any unnecessary or unused features, services, accounts, or ports on the hypervisor and guest machines, to minimize the attack surface and reduce the potential entry points for attackers.
* Enforcing strong authentication and authorization policies for the hypervisor and guest machines, to ensure that only authorized users or administrators can access or manage them.
* Encrypting the data and communication for the hypervisor and guest machines, to protect the confidentiality and integrity of the information stored or transmitted on them.
* Implementing logging and auditing mechanisms for the hypervisor and guest machines, to record and track any activities or events that occur on them, and enable detection and investigation of any incidents or anomalies.
Hardening for the hypervisor and guest machines can help prevent or mitigate common attacks on virtualized environments, such as:
* Hypervisor escape: An attack where a malicious guest machine breaks out of its isolated environment and gains access to the hypervisor or other guest machines.
* Hypervisor compromise: An attack where an attacker exploits a vulnerability or misconfiguration in the hypervisor to gain control over it or its resources.
* Guest compromise: An attack where an attacker exploits a vulnerability or misconfiguration in a guest machine to gain access to its data or applications.
* Guest impersonation: An attack where an attacker creates a fake or cloned guest machine to trick other guests or users into interacting with it.
* Guest denial-of-service: An attack where an attacker consumes or exhausts the resources of a guest machine to disrupt its availability or performance.
Therefore, hardening for the hypervisor and guest machines is the most important control for virtualized environments, as it can enhance their security, reliability, and performance. For more information about hardening for virtualized environments, you can refer to some of these web sources:
* Hypervisor security on the Azure fleet
* Chapter 2: Hardening the Hyper-V host
* Plan for Hyper-V security in Windows Server
CISA-JPN 試験問題 107
災害後にデータ センターが代替サイトでコンピューティング設備を復旧しようとする場合、最初に復旧する必要があるのは次のどれですか。
正解: C
When a data center is attempting to restore computing facilities at an alternative site following a disaster, the operating system should be restored FIRST. Here's why:
1. Operating System (OS):
The OS is the foundation of any computing environment. It manages hardware resources, provides essential services, and allows applications to run.
Restoring the OS ensures that the infrastructure is operational and ready for further recovery steps.
Without a functional OS, applications cannot execute, and data backups cannot be effectively restored.
2. Data Backups:
While data backups are critical for recovery, they depend on a working infrastructure.
If the OS is not operational, restoring data backups becomes challenging.
Data backups should follow the OS restoration.
3. Applications:
Applications rely on the OS to function.
Restoring applications before the OS may lead to compatibility issues or incomplete functionality.
Applications should be restored after ensuring a stable OS environment.
4. Decision Support System (DSS):
DSS is an application category.
It should follow the restoration of both the OS and critical applications.
In summary, prioritize restoring the operating system, which forms the basis for subsequent recovery steps12.
Once the OS is functional, proceed with data backups, applications, and other systems as needed.
1. Operating System (OS):
The OS is the foundation of any computing environment. It manages hardware resources, provides essential services, and allows applications to run.
Restoring the OS ensures that the infrastructure is operational and ready for further recovery steps.
Without a functional OS, applications cannot execute, and data backups cannot be effectively restored.
2. Data Backups:
While data backups are critical for recovery, they depend on a working infrastructure.
If the OS is not operational, restoring data backups becomes challenging.
Data backups should follow the OS restoration.
3. Applications:
Applications rely on the OS to function.
Restoring applications before the OS may lead to compatibility issues or incomplete functionality.
Applications should be restored after ensuring a stable OS environment.
4. Decision Support System (DSS):
DSS is an application category.
It should follow the restoration of both the OS and critical applications.
In summary, prioritize restoring the operating system, which forms the basis for subsequent recovery steps12.
Once the OS is functional, proceed with data backups, applications, and other systems as needed.
CISA-JPN 試験問題 108
異なるセキュリティ分類のデータを含むサーバーで最小権限の原則を適用する最良の方法はどれですか?
正解: C
The best way to enforce the principle of least privilege on a server containing data with different security classifications is to apply access controls determined by the data owner. The principle of least privilege states that users should only have the minimum level of access required to perform their tasks. The data owner is the person who has the authority and responsibility to classify, label, and protect the data according to its sensitivity and value. The data owner can define the access rights and permissions for each user or role based on the data classification policy and the business needs. This will ensure that only authorized and appropriate users can access the data and prevent unauthorized or excessive access that could compromise the confidentiality, integrity, or availability of the data. References:
* CISA Review Manual (Digital Version)
* CISA Questions, Answers & Explanations Database
* CISA Review Manual (Digital Version)
* CISA Questions, Answers & Explanations Database
CISA-JPN 試験問題 109
機密データを保存していたフラッシュ ドライブを廃棄するのに最適な方法はどれですか?
正解: D
CISA-JPN 試験問題 110
効果的な IT 投資管理を最もよく示す指標は次のどれですか?
正解: B
This means that the IT investments are aligned with the strategic goals and priorities of the organization, and that they deliver value and benefits to the business. Mapping IT investments to specific business objectives can help ensure that the IT investments are relevant, justified, and measurable, and that they support the organization's mission and vision.
IT investments are implemented and monitored following a system development life cycle (SDLC) is an indication of effective IT project management, but not necessarily of effective IT investment management.
The SDLC is a framework that guides the development and implementation of IT systems and applications, but it does not address the alignment, justification, or measurement of the IT investments.
Key performance indicators (KPIs) are defined for each business requiring IT investment is an indication of effective IT performance management, but not necessarily of effective IT investment management. KPIs are metrics that measure the outcomes and results of IT activities and processes, but they do not address the alignment, justification, or value of the IT investments.
The IT investment budget is significantly below industry benchmarks is not an indication of effective IT investment management, but rather of low IT spending. The IT investment budget should be based on the organization's needs and capabilities, and not on external comparisons. A low IT investment budget may indicate that the organization is underinvesting in IT, which could limit its potential for growth and innovation.
IT investments are implemented and monitored following a system development life cycle (SDLC) is an indication of effective IT project management, but not necessarily of effective IT investment management.
The SDLC is a framework that guides the development and implementation of IT systems and applications, but it does not address the alignment, justification, or measurement of the IT investments.
Key performance indicators (KPIs) are defined for each business requiring IT investment is an indication of effective IT performance management, but not necessarily of effective IT investment management. KPIs are metrics that measure the outcomes and results of IT activities and processes, but they do not address the alignment, justification, or value of the IT investments.
The IT investment budget is significantly below industry benchmarks is not an indication of effective IT investment management, but rather of low IT spending. The IT investment budget should be based on the organization's needs and capabilities, and not on external comparisons. A low IT investment budget may indicate that the organization is underinvesting in IT, which could limit its potential for growth and innovation.
- 他のバージョン
- 1178ISACA.CISA-JPN.v2025-06-05.q596
- 1112ISACA.CISA-JPN.v2025-05-16.q572
- 2171ISACA.CISA-JPN.v2023-04-10.q297
- 2042ISACA.CISA-JPN.v2023-04-03.q306
- 2177ISACA.CISA-JPN.v2023-03-20.q319
- 2226ISACA.CISA-JPN.v2022-08-01.q273
- 2286ISACA.CISA-JPN.v2022-05-28.q253
- 最新アップロード
- 156Peoplecert.MSP-Practitioner.v2026-06-24.q75
- 183PaloAltoNetworks.SecOps-Generalist.v2026-06-23.q81
- 180NetworkAppliance.NS0-005.v2026-06-23.q110
- 149Google.Generative-AI-Leader.v2026-06-23.q31
- 174Google.Google-Workspace-Administrator.v2026-06-23.q111
- 216Databricks.Databricks-Certified-Professional-Data-Engineer.v2026-06-22.q208
- 194Oracle.1z0-1054-25.v2026-06-22.q64
- 166Fortinet.NSE5_FSW_AD-7.6.v2026-06-22.q41
- 172Salesforce.MC-202.v2026-06-22.q57
- 160Nutanix.NCA-6.10.v2026-06-22.q43