Summary of Answer Final PDF

Question 1 Keyword: Personal Information Protection Act is incorrect? Answer: Gives consideration to rights to know and privacy rights. Question 2 Keyword: ISMS Conformity Assessment Scheme incorrect? Answer: Certification required for entire organization; divisions can't be certified independently. Question 3 Keyword: "Personal Information" correct? Answer: Information in electronic tags, if easily integrated, is considered "Personal Information." Question 4 Keyword: Individual identification codes count? Answer: Three. Question 5 Keyword: "Special care-required personal information" incorrect? Answer: Personal information from criminal investigations or witnesses isn't considered "special care-required." Question 6 Keyword: "Personal Information database etc." incorrect? Answer: Meeting minutes with names of participants are considered a database. 1 Question 7 Keyword: "Business operators handling personal information" incorrect? Answer: Individual business owners primarily using databases are not considered operators. Question 8 Keyword: "Personal Data" and "Retained Personal Data" incorrect? Answer: Residential map personal info is considered "Personal Data." Question 9 Keyword: "Anonymously Processed Information" incorrect? Answer: Must delete all identifying methods to ensure anonymity. Question 10 Keyword: "Anonymously Processed Information handling business operator" incorrect? Answer: Organizations creating anonymized databases for others are not included. Question 11 Keyword: Changing purpose of personal information use incorrect? Answer: Original purpose can’t change unless logically connected. Question 12 Keyword: Restrictions on personal information use incorrect? Answer: Approval doesn’t allow usage beyond defined purpose. 2 Question 13 Keyword: "Proper acquisition of personal information" incorrect? Answer: Buying lists knowingly from unlawful brokers is not illegal. Question 14 Keyword: "Special care-required personal information" correct? Answer: Permission required from guardian for disabled persons' data. Question 15 Keyword: Notification for use purpose incorrect? Answer: Not needed when data is legally acquired from a name list. Question 16 Keyword: Notification/publication definition? Answer: Posters in staff areas are not considered "publication." Question 17 Keyword: Maintaining accuracy of data incorrect? Answer: Address changes in company B can't update data in company A. Question 18 Keyword: "Small and medium-sized enterprises" definition correct? Answer: Over 5000 people identified in a database qualifies. 3 Question 19 Keyword: Employee supervision incorrect? Answer: Directors aren’t included in the supervision definition. Question 20 Keyword: Supervision of consignments incorrect? Answer: Written pledges or statements aren’t consignment agreements. Question 21 Keyword: Providing personal data internally correct? Answer: Sharing within departments isn’t considered provision to third parties. Question 22 Keyword: Opt-out provision to third parties incorrect? Answer: Report must include third-party names. Question 23 Keyword: Consignment and succession correct? Answer: Permission needed to transfer data to international organizations. Question 24 Keyword: Shared use of personal data incorrect? Answer: Responsibility title refers to internal data managers. 4 Question 25 Keyword: Provision to third party outside Japan? Answer: (1) Includes, (2) Not considered, (3) Considered. Question 26 Keyword: EU/UK personal data handling? Answer: (1) Court, (2) Including specified purpose. Question 27 Keyword: Record creation for third-party provision incorrect? Answer: "Details of acquisition" must be in writing. Question 28 Keyword: Retained personal data incorrect? Answer: Notify even if purpose of use is already publicized. Question 29 Keyword: Disclosure of retained data incorrect? Answer: Immediate phone disclosure is prohibited. Question 30 Keyword: Corrections precedence? Answer: Other laws don’t override the Personal Information Protection Act. 5 Question 31 Keyword: Suspension of use for retained data incorrect? Answer: Suspend immediately upon request if data management fails. Question 32 Keyword: Handling fees incorrect? Answer: Can’t charge for correcting retained personal data. Question 33 Keyword: Anonymously processed information creation incorrect? Answer: Must publicize use purpose via guidelines. Question 34 Keyword: Personal Information Protection Commission supervision incorrect? Answer: Can only act on violations after emergency actions. Question 35 Keyword: Complaints handling incorrect? Answer: Recommendations for compliance are allowed but not instructions. Would you like me to continue with the next set of questions? Question 36 Keyword: Personal Information Protection Commission membership? 6 Answer: Members can’t engage in political activities. Question 37 Keyword: Extraterritorial application correct? Answer: Operators relocating abroad must comply with provisions. Question 38 Keyword: Exemptions under the Act incorrect? Answer: Freelance journalists aren’t considered news organizations. Question 39 Keyword: Penalties incorrect? Answer: Employees are also subject to penalties for illegal activities. Question 40 Keyword: Leakage countermeasures correct? Answer: Details and measures must be reported immediately to the Commission. Question 41 Keyword: Numbers Use Act specification correct? Answer: "Specific Personal Information file" includes individual numbers. Question 42 Keyword: Change of individual numbers correct? 7 Answer: Allowed if illegal use or leak is suspected. Question 43 Keyword: Scope of use for individual numbers incorrect? Answer: Consent doesn’t allow use outside defined purposes. Question 44 Keyword: Consignment chain consent correct? Answer: Company C needs Company A’s consent to further consign work. Question 45 Keyword: Identity confirmation incorrect? Answer: Notification card alone isn’t sufficient for confirmation. Question 46 Keyword: Individual number card name change correct? Answer: Report changes to mayor within 14 days. Question 47 Keyword: Specific personal information provision incorrect? Answer: Can’t collect individual numbers for sales management. Question 48 Keyword: Collection of specific personal info incorrect? 8 Answer: Masked or deleted info still retains duties under the Act. Question 49 Keyword: Corporate Numbers incorrect? Answer: Separate numbers aren’t issued for each branch. Question 50 Keyword: Penalties incorrect? Answer: Penalties apply to employees misusing government-collected data. Question 51 Keyword: Elements of information security? Answer: (1) Confidentiality, (2) Reputation, (3) CSR. Question 52 Keyword: Definition of authenticity? Answer: Quality of being what it claims to be. Question 53 Keyword: Definition of accountability? Answer: Managing access logs to track actions. Question 54 Keyword: Not unfair competition under "Unfair Competition Prevention Act"? Answer: Bank intrusion to increase account balance. 9 Question 55 Keyword: Copyright Law incorrect? Answer: "Right to make work public" can’t be transferred. Question 56 Keyword: Restrictions on advertising emails incorrect? Answer: SMS ads are exempt from regulations. Question 57 Keyword: Privacy protection evaluation term? Answer: PIA. Question 58 Keyword: PDCA cycle actions? Answer: Evaluate ISMS measures' effectiveness. Question 59 Keyword: STRIDE model threat example? Answer: Pretending to be another user by stealing credentials. Question 60 Keyword: Risk evaluation process action? Answer: Calculate risk levels based on acceptability criteria. 10 Question 61 Keyword: The method of risk assessment referred to as the informal approach by MICTS Answer: This is the informal approach shown by MICTS (GMITCS). Question 62 Keyword: Combinations of terms for risk countermeasures examples Answer: (1) Risk transfer (2) Risk retention (3) Risk reduction (4) Risk avoidance. Question 63 Keyword: Incorrect statement about "detailed risk analysis" method Answer: When determining the risk level, the formula "Risk level = value of resource x size of threat x degree of vulnerability" must not be influenced by rules of thumb. Question 64 Keyword: Identifying personal information and examples of their records Answer: (1) Customer lists (2) Identification cards (3) Training tests. Question 65 Keyword: Status of handling personal data and recognition of risks Answer: (1) Do regular inventories (2) Life cycle (3) Residual risk. Question 66 Keyword: Contents not included in "Personal Information Protection Policy for External Use" Answer: Titles and types of personal information databases. 11 Question 67 Keyword: Most appropriate statement about company regulation documents Answer: The "Basic Policy" shows management's stance on information security, announced throughout the company with a security committee at the executive level. Question 68 Keyword: Inapplicable authority and role of the CPO Answer: This person should select who handles the audits and oversee all audit members. Question 69 Keyword: Flow of personal information protection audit Answer: (1) Audit procedure (2) Audit record sheets (3) Audit report. Question 70 Keyword: Ineffective countermeasure for personal data leakage Answer: Posting the incident contents on a restricted site and only accepting questions via email. Question 71 Keyword: Incorrect clause in the "Pledge on Confidentiality and Protection of Personal Information" Answer: The seventh article (Duration of pledge). Question 72 12 Keyword: Incorrect training policy for employees on information security Answer: Excluding directors, presidents, or temporary staff; training should respect employee autonomy and not be forced. Question 73 Keyword: Incorrect management of consignments Answer: To maintain completeness, all information should be provided to consignees. Question 74 Keyword: Incorrect "Supervision of consignees" according to JIS Q 15001:2017 Answer: Keeping the existence and content of the consignment confidential regardless of business scale. Question 75 Keyword: Incorrect principle in JIS Q 10002:2019 on handling complaints Answer: Sharing identifiable information about complainants with all employees for improvement. Question 76 Keyword: Incorrect physical measure for inside the office Answer: Setting up guest areas inside the office with glass walls or low partitions for visibility. Question 77 Keyword: Function of entrance/exit management system described Answer: Two-person control. 13 Question 78 Keyword: Incorrect statement about data backup Answer: Frequency and procedures must be implemented; backups should be encrypted and tested for restoration. Question 79 Keyword: Incorrect statement about PIN usage on devices Answer: Risk of unauthorized use across multiple devices when the PIN is leaked. Question 80 Keyword: RAID 1 description Answer: Data is written to multiple hard disks simultaneously (mirroring); if one disk fails, the other acts as a backup. Question 81 Keyword: Incorrect countermeasure for multifunction machines Answer: All employees are authorized to view and delete temporarily stored data. Question 82 Keyword: Security measures for mobile devices during work Answer: (1) BYOD (2) Shadow IT (3) MDM. Question 83 Keyword: System redundancy method described Answer: Duplex system, hot standby. 14 Question 84 Keyword: Terms for "Information Security Continuity" Answer: (1) BCM (2) DRM (3) Business Impact Analysis. Question 85 Keyword: Methods of encryption Answer: (1) Algorithm (2) Stream cipher (3) Block cipher (4) Stream cipher. Question 86 Keyword: Flow for digital signatures Answer: (1) Hash (2) User A's secret key (3) User A's public key. Question 87 Keyword: Action after completing the digital signature process Answer: Confirm that user A sent the document and no impersonation occurred. Question 88 Keyword: Benefit of one-time passwords Answer: Automatically changed passwords reduce illicit use if stolen. Question 89 Keyword: Incorrect statement about IEEE 802.1X authentication Answer: Excels in authentication and encrypts data for high-security transmission. 15 Question 90 Keyword: Incorrect statement about firewalls Answer: Application gateway type allows detailed access control and high-speed processing. Question 91 Keyword: Description of UTM in network security Answer: Comprehensive security method with devices that include firewalls, antivirus, and spam filters. Question 92 Keyword: Handling of personal information in a published passage Answer: (1) SSL (2) Cookie (3) Web beacon. Question 93 Keyword: Effective countermeasure against brute force attacks Answer: Avoid passwords that are easy to guess or too short. Question 94 Keyword: Description of RAT Answer: Illicit program for remote operation, often used in targeted attacks. Question 95 Keyword: Terms for network attack methods Answer: (1) DOS (2) Mail bomb (3) Reload attack. 16 Question 96 Keyword: Countermeasure based on "need to know" principle Answer: Restrict permissions to print or output data for employees who only need viewing access. Question 97 Keyword: Inappropriate measure for working from home Answer: Employees independently decide if unfamiliar emails are safe to open. Question 98 Keyword: Definition of "Rootkit" Answer: Software tools used by attackers to remain undetected while creating backdoors or stealing data. Question 99 Keyword: Definition of "Cache poisoning" Answer: An attack placing falsified information in a DNS server to lead users to fake websites. Question 100 Keyword: Definition of "Footprinting" Answer: Investigating and gathering information about a target system to plan an attack. Question 101 Keyword: Incorrect statement about the 2020 Amendment Act of the Personal Information Protection Act 17 Answer: Penalties for organizations increased to 1,000,000 yen, effective December 12, 2020. Question 102 Keyword: Incorrect statement about the Privacy Mark System Answer: The Privacy Mark is conferred by the Privacy Mark System Committee. Question 103 Keyword: Correct statement about "Personal Information" Answer: Corporate financial information without names of directors or employees is not personal information. Question 104 Keyword: Number of individual identification codes Answer: Three of the above. Question 105 Keyword: Incorrect statement about "Special care-required personal information" Answer: Personal information stating a person was found innocent of a crime is not "Special care-required personal information." Question 106 Keyword: Incorrect statement about "Personal Information Database, etc." Answer: Unorganized security camera footage with identifiable images is considered a personal information database. 18 Question 107 Keyword: Correct statement about "Business operators handling personal information" Answer: Welfare officers using personal information databases for social work are not considered business operators. Question 108 Keyword: Incorrect statement about "Personal Data" and "Retained Personal Data" Answer: Consigned personal data is considered retained personal information of the consignee. Question 109 Keyword: Incorrect statement about "Anonymously Processed Information" Answer: Deleting part of individual identification codes is sufficient for anonymization. Question 110 Keyword: Incorrect statement about "Anonymously processed information handling business operator" Answer: Includes local government agencies using anonymized information databases. Question 111 Keyword: Incorrect statement about specifying and changing the purpose of use of personal information Answer: Statistically processed data still requires specifying the purpose of use. Question 112 Keyword: Incorrect statement about restrictions on the purpose for use of personal information Answer: Merged companies require consent to use personal information for purposes 19 necessary to achieve the original purpose. Question 113 Keyword: Incorrect statement about the proper acquisition of personal information Answer: Browsing publicly available information online may violate proper acquisition regulations. Question 114 Keyword: Correct statement about acquiring "Special care-required personal information" Answer: Consent is required to record a disability for customer assistance. Question 115 Keyword: Incorrect statement about notification or publication for the purpose of use Answer: Publicized online information doesn’t require purpose notification or publication. Question 116 Keyword: Incorrect statement about acquiring personal information in written documents Answer: In urgent situations, no explanation or notification of the purpose of use is required. Question 117 Keyword: Incorrect statement about maintaining data accuracy Answer: Data must always be accurate and up-to-date. Question 118 Keyword: Incorrect statement about "Safety Control Action" guidelines 20 Answer: Measures should clarify handling roles for each employee but are not required. Question 119 Keyword: Incorrect statement about supervision of employees Answer: Directors or auditors are exempt from proper and necessary supervision. Question 120 Keyword: Correct statement about supervision of consignees Answer: Providing a compliance memorandum for regulations is unnecessary if secure measures are verified. Question 121 Keyword: Correct statement about restriction on providing personal data to third parties Answer: Organizations must obtain advance consent from employees to share their contact details with third parties. Question 122 Keyword: Incorrect statement about provision to a third party by opt-out Answer: Opt-out provisions before the Amendment Act remain valid after the Amendment Act. Question 123 Keyword: Correct statement about consignment of personal data and succession of business Answer: No consent or opt-out procedures are required before completing a succession agreement. Question 124 21 Keyword: Incorrect statement about "fixed set of data" in shared use Answer: Includes the purpose of use and must notify or make it accessible to the individual. Question 125 Keyword: Incorrect statement about providing personal data to a third party outside Japan Answer: Consent is unnecessary if laws and regulations permit the transfer. Question 126 Keyword: Incorrect statement about providing personal data to a foreign third party Answer: A Japanese company providing data to an unincorporated foreign office does not make it a foreign third party. Question 127 Keyword: Incorrect statement about records for providing data to a third party Answer: Records are unnecessary when consent is obtained to provide personal data to a foreign third party. Question 128 Keyword: Incorrect statement about confirming provisions from third parties Answer: Details of data acquisition must include circumstances from the party prior to the third party. Question 129 Keyword: Incorrect statement about publishing retained personal data Answer: If the purpose of use is evident, there’s no need to fully inform the individual. 22 Question 130 Keyword: Incorrect statement about disclosure of retained personal data Answer: Disclosing all retained personal data requires notifying the individual without delay. Question 131 Keyword: Incorrect statement about corrections to retained personal data Answer: Corrections are unnecessary even if the evaluation is based on incorrect facts. Question 132 Keyword: Incorrect statement about suspending use of retained personal data Answer: Even if suspension resolves the issue, deletion of all data is mandatory. Question 133 Keyword: Incorrect statement about fees for disclosure requests Answer: Fees for corrections or suspensions must be reasonable and based on actual costs. Question 134 Keyword: Correct statement about duties for anonymized information Answer: Proper measures and complaint handling must be ensured, with efforts to publicize them. Question 135 Keyword: Incorrect statement about Personal Information Protection Commission supervision Answer: Penalties may apply for not following guidance or advice. 23 Question 136 Keyword: Incorrect statement about "Authorized Personal Information Protection Organization" Answer: Accreditation removal is allowed if guidance isn’t followed. Question 137 Keyword: Incorrect statement about the Personal Information Protection Commission Answer: Authority for guidance, recommendations, or orders can be delegated to the minister. Question 138 Keyword: Correct statement about extraterritorial application Answer: Guidance can be provided to foreign organizations violating the Personal Information Protection Act. Question 139 Keyword: Incorrect statement about exemptions under the Personal Information Protection Act Answer: Joint university and private enterprise research for profit is exempt from operator duties. Question 140 Keyword: Correct statement about countermeasures for personal data leakage Answer: Operators must report leakage details and preventive measures to the Personal Information Protection Commission immediately. Question 141 Keyword: Incorrect purpose of the Numbers Use Act Answer: Protecting citizen rights by maintaining fairness and transparency in government 24 operations. Question 142 Keyword: Incorrect specification under the Numbers Use Act Answer: "Specific personal information" excludes numbers or codes used in place of individual numbers. Question 143 Keyword: Incorrect statement about assigning and notifying individual numbers Answer: The mayor must get the person's permission before changing their number. Question 144 Keyword: Incorrect statement about restrictions on using individual numbers Answer: Individual numbers cannot be used for other work types, even with consent. Question 145 Keyword: Incorrect statement about handling consignments Answer: Consent from company B is needed for company C to consign work to company D. Question 146 Keyword: Correct statement about individual number cards Answer: When reporting a move, the individual must submit their number card to the mayor, who updates and returns it. Question 147 25 Keyword: Incorrect statement about restrictions on specific personal information provision Answer: Employee individual numbers can be transferred directly between companies during a transfer. Question 148 Keyword: Incorrect statement about specific personal information collection Answer: Retention of specific personal information isn’t allowed for employees on indefinite leave. Question 149 Keyword: Incorrect statement about Corporate Numbers Answer: Consent is required before publishing a corporate number online. Question 150 Keyword: Terms for penalties under the Numbers Use Act Answer: (1) For similar offenses (2) Newly established penalties (3) Outside of Japan (4) Fines. Question 151 Keyword: Incorrect statement about PMS and personal information security Answer: PMS success depends entirely on employees handling personal information. Question 152 Keyword: Elements of information security Answer: (1) Confidentiality (2) Completeness (3) Availability. 26 Question 153 Keyword: Example of nonrepudiation Answer: Keeping an unalterable log of server access. Question 154 Keyword: Term for governance in privacy protection Answer: Privacy governance. Question 155 Keyword: Incorrect statement about laws related to information security Answer: Unauthorized access due to a software flaw is not considered illicit under the Unauthorized Access Prohibition Law. Question 156 Keyword: Terms for the Unfair Competition Prevention Act Answer: (1) Usability (2) All (3) Be aware of. Question 157 Keyword: Model of PMS elements Answer: (1) Preparations for emergencies (2) Training of employees (3) Handling complaints and inquiries (4) Corrective and preventive actions. Question 158 Keyword: Incorrect statement about internal control Answer: Internal control operates independently, separate from daily tasks. 27 Question 159 Keyword: Penal code for illegal production of electronic records Answer: Illicitly changing data on cash or prepaid cards. Question 160 Keyword: STRIDE model threat example Answer: Illicitly obtaining access permissions and impersonating a user. Question 161 Keyword: Method of risk assessment described as setting security levels Answer: Baseline approach in MICTS (GMITS). Question 162 Keyword: Action in the "risk identification" process Answer: Examine and evaluate information assets, then clarify threats and vulnerabilities. Question 163 Keyword: Example of "transfer of risk" Answer: Moving work systems to a high-security external cloud service. Question 164 Keyword: Incorrect identification of personal information Answer: Backup data and secondary management documents do not need identification. 28 Question 165 Keyword: Incorrect method for handling personal information under JIS Q 15001:2017 Answer: Store-bought telephone books and memos with names must be recorded in personal data management. Question 166 Keyword: Incorrect statement about personal information protection policies Answer: Formulating a protection policy is mandatory under the Personal Information Protection Act. Question 167 Keyword: Terms for creating company regulation documents Answer: (1) In a top-down manner (2) Security policy (3) At the department head level. Question 168 Keyword: Terms in PMS system structure Answer: (1) Audit Manager (2) Personal Information Protection Manager (3) Secretariat. Question 169 Keyword: Incorrect inspection of PMS operational status Answer: Checking the record of the last person leaving the office only when noticed. Question 170 Keyword: Incorrect statement about information security audit procedures Answer: Exclude third-party documents from audit reports. 29 Question 171 Keyword: Terms for supervising employees Answer: (1) NDAs (2) Until a given period after resignation (3) Monitoring. Question 172 Keyword: Inappropriate acceptance of temporary staff Answer: Clients should ask temporary staff for their home addresses and phone numbers. Question 173 Keyword: Incorrect training for personal information protection Answer: Only direct employees must receive training, determined by position and level. Question 174 Keyword: Incorrect measures for consignees in information security Answer: Notify the consignor only after solving a problem causing classified information leakage. Question 175 Keyword: Incorrect statement about objectivity in complaint handling Answer: Inform complainants that their information may be disclosed to discourage complaints. Question 176 Keyword: Zoning examples for threats and countermeasures Answer: (1) Confidential area (2) Server rooms, backup storage. 30 Question 177 Keyword: Entrance/exit management system function Answer: Anti-pass back function. Question 178 Keyword: Incorrect statement about backups in operational security Answer: Only system information is needed; applications and data aren’t included. Question 179 Keyword: Terms for RASIS elements Answer: (1) Reliability (2) Serviceability (3) Integrity. Question 180 Keyword: Example of clear screen/desk policy violation Answer: Leaving operation manuals and documents on the desk when stepping away. Question 181 Keyword: Incorrect countermeasure for multifunction machines Answer: Always connect to external networks for successive data reception and transmission. Question 182 Keyword: Terms for managing smartphones Answer: (1) PINs (2) Remote wipe (3) Separated from. 31 Question 183 Keyword: Inappropriate disposal of media containing personal information Answer: Moving files to the "Recycle Bin" and emptying it before returning leased devices. Question 184 Keyword: Terms for business continuation standards Answer: (1) BCMS (2) Operates under (3) BIA. Question 185 Keyword: Incorrect statement about common key encryption Answer: RSA, Elliptic-curve cryptography, and Diffie-Hellman are examples of common key encryption. Question 186 Keyword: Characteristics of digital signatures Answer: (1) Based on the sender's intention (2) Hash functions (3) PKI. Question 187 Keyword: Inappropriate statement about one-time passwords Answer: Generated by analyzing history and trends of previous passwords. Question 188 Keyword: Inappropriate countermeasure against unauthorized logins Answer: Skip login alerts for successful authentication, but notify on failed attempts. 32 Question 189 Keyword: Terms for countermeasures against unauthorized access Answer: (1) MAC address (2) Vendor ID (3) Can be falsified by software. Question 190 Keyword: Terms for firewall types Answer: (1) ACL (2) Proxy (3) Application gateway. Question 191 Keyword: Incorrect statement about illegal access countermeasures Answer: IDS blocks detected communication in addition to monitoring and detection. Question 192 Keyword: Characteristics of malware Answer: (1) Designed to infect computers (2) Doesn’t require a program to infect (3) Doesn’t infect other computers. Question 193 Keyword: Definition of spyware Answer: Illicit program collecting personal data and access history, often sending it externally. Question 194 Keyword: Effective countermeasure against SQL injections Answer: Escape processes to replace special characters when handling programs. 33 Question 195 Keyword: Definition of footprinting Answer: Gathering information on a target system for planned network attacks. Question 196 Keyword: Inappropriate measure for working from home Answer: Using default settings and WEP encryption on home Wi-Fi routers. Question 197 Keyword: Incorrect statement about "access control" Answer: Encourage recording passwords in multiple places to prevent forgetting them. Question 198 Keyword: Description of UTM Answer: Security device with integrated measures, simplifying installation and management. Question 199 Keyword: Standards for email encryption and digital signatures Answer: Encrypt contents with public/private keys to prevent unauthorized reading. Question 200 Keyword: Communication protocol for authentication and authorization Answer: Manages network authentication and use records, also used for wireless LANs. 34

Summary of Answer Final PDF

Document Details

Tags

Related

Summary

Full Transcript