[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"article:gijutsu-jisshi":3},{"meta":4,"markdown":270,"quiz":271},{"type":5,"articleId":6,"slug":7,"title":8,"titleEn":9,"category":10,"order":11,"seriesLabel":12,"summary":13,"publishedAt":14,"image":15,"tags":16,"vocabulary":19,"quizId":266,"source":267},"article","kjh-k2-h04-gijutsu-jisshi","gijutsu-jisshi","課題Ⅱ 第４編② 技術的安全管理措置の実施項目","Implementation Items for Technical Safety Management Measures","kojin-joho-hogo\u002Fkadai-2",2042,"課題Ⅱ 第４編②","Comprehensive coverage of technical safety management measure implementation items per guideline 10-6: (a) access control and privilege management, (b) ID management, password policy (NIST SP 800-63B influence), account lock, and MFA, (c) firewalls, antivirus, vulnerability management (JVN\u002FCVE), WAF, IDS\u002FIPS, (d) TLS encryption, VPN, email security (S\u002FMIME, PGP, send prevention), USB restrictions, DLP. Also covers log management (types, WORM storage, SIEM correlation), malware countermeasures (pattern matching, heuristic, behavior analysis, EDR, sandbox, incident response flow), and telework\u002Fcloud security (VDI, BYOD\u002FMDM\u002FMAM, shared responsibility model, Article 28, ISO 27017\u002F27018).","2026-04-26T00:00:00Z","https:\u002F\u002Fimages.yamiyomi.com\u002Fkjh-k2-h04-gijutsu-jisshi.png",[17,18],"exam:個人情報保護士","topic:技術的安全管理",[20,25,30,34,38,42,46,50,54,58,62,66,70,74,78,82,86,90,94,98,102,106,110,114,118,122,126,130,134,138,142,146,150,154,158,162,166,170,174,178,182,186,190,194,198,202,206,210,214,218,222,226,230,234,238,242,246,250,254,258,262],{"word":21,"reading":22,"meaning":23,"level":24},"安全管理措置","あんぜんかんりそち","safety management measures","N1",{"word":26,"reading":27,"meaning":28,"level":29},"実施","じっし","implementation","N2",{"word":31,"reading":32,"meaning":33,"level":24},"通則編","つうそくへん","general rules edition",{"word":35,"reading":36,"meaning":37,"level":29},"担当者","たんとうしゃ","person in charge",{"word":39,"reading":40,"meaning":41,"level":29},"権限","けんげん","privilege, authority",{"word":43,"reading":44,"meaning":45,"level":24},"棚卸し","たなおろし","inventory check",{"word":47,"reading":48,"meaning":49,"level":29},"端末","たんまつ","terminal, device",{"word":51,"reading":52,"meaning":53,"level":29},"識別","しきべつ","identification",{"word":55,"reading":56,"meaning":57,"level":29},"認証","にんしょう","authentication, certification",{"word":59,"reading":60,"meaning":61,"level":24},"一意","いちい","unique",{"word":63,"reading":64,"meaning":65,"level":24},"付与","ふよ","granting, assignment",{"word":67,"reading":68,"meaning":69,"level":24},"無効化","むこうか","deactivation, invalidation",{"word":71,"reading":72,"meaning":73,"level":24},"複雑性","ふくざつせい","complexity",{"word":75,"reading":76,"meaning":77,"level":24},"多要素","たようそ","multi-factor",{"word":79,"reading":80,"meaning":81,"level":29},"生体","せいたい","biometric, living body",{"word":83,"reading":84,"meaning":85,"level":29},"境界","きょうかい","boundary",{"word":87,"reading":88,"meaning":89,"level":24},"遮断","しゃだん","blocking, shutoff",{"word":91,"reading":92,"meaning":93,"level":24},"脆弱性","ぜいじゃくせい","vulnerability",{"word":95,"reading":96,"meaning":97,"level":29},"放置","ほうち","neglect, leaving unattended",{"word":99,"reading":100,"meaning":101,"level":29},"侵入","しんにゅう","intrusion",{"word":103,"reading":104,"meaning":105,"level":24},"併用","へいよう","combined use",{"word":107,"reading":108,"meaning":109,"level":29},"暗号化","あんごうか","encryption",{"word":111,"reading":112,"meaning":113,"level":29},"送受信","そうじゅしん","transmission and reception",{"word":115,"reading":116,"meaning":117,"level":29},"経路","けいろ","route, path",{"word":119,"reading":120,"meaning":121,"level":24},"非推奨","ひすいしょう","deprecated",{"word":123,"reading":124,"meaning":125,"level":24},"誤送信","ごそうしん","erroneous transmission",{"word":127,"reading":128,"meaning":129,"level":24},"上長","じょうちょう","superior, manager",{"word":131,"reading":132,"meaning":133,"level":29},"承認","しょうにん","approval",{"word":135,"reading":136,"meaning":137,"level":29},"添付","てんぷ","attachment",{"word":139,"reading":140,"meaning":141,"level":24},"媒体","ばいたい","media, medium",{"word":143,"reading":144,"meaning":145,"level":29},"持ち出し","もちだし","taking out, removal",{"word":147,"reading":148,"meaning":149,"level":24},"過失","かしつ","negligence",{"word":151,"reading":152,"meaning":153,"level":24},"改ざん","かいざん","falsification, tampering",{"word":155,"reading":156,"meaning":157,"level":29},"廃棄","はいき","disposal",{"word":159,"reading":160,"meaning":161,"level":24},"相関","そうかん","correlation",{"word":163,"reading":164,"meaning":165,"level":24},"発報","はっぽう","issuing alarm, alerting",{"word":167,"reading":168,"meaning":169,"level":24},"兆候","ちょうこう","sign, indication",{"word":171,"reading":172,"meaning":173,"level":24},"照合","しょうごう","matching, collation",{"word":175,"reading":176,"meaning":177,"level":29},"推定","すいてい","estimation, presumption",{"word":179,"reading":180,"meaning":181,"level":24},"検知率","けんちりつ","detection rate",{"word":183,"reading":184,"meaning":185,"level":24},"補完","ほかん","supplementation",{"word":187,"reading":188,"meaning":189,"level":24},"標的型","ひょうてきがた","targeted (attack)",{"word":191,"reading":192,"meaning":193,"level":24},"挙動","きょどう","behavior",{"word":195,"reading":196,"meaning":197,"level":24},"隔離","かくり","isolation, quarantine",{"word":199,"reading":200,"meaning":201,"level":24},"駆除","くじょ","removal, extermination",{"word":203,"reading":204,"meaning":205,"level":24},"復旧","ふっきゅう","recovery, restoration",{"word":207,"reading":208,"meaning":209,"level":29},"再発","さいはつ","recurrence",{"word":211,"reading":212,"meaning":213,"level":29},"紛失","ふんしつ","loss (of an item)",{"word":215,"reading":216,"meaning":217,"level":29},"盗難","とうなん","theft",{"word":219,"reading":220,"meaning":221,"level":29},"仮想","かそう","virtual",{"word":223,"reading":224,"meaning":225,"level":29},"基盤","きばん","infrastructure, foundation",{"word":227,"reading":228,"meaning":229,"level":29},"分離","ぶんり","separation",{"word":231,"reading":232,"meaning":233,"level":24},"責任共有","せきにんきょうゆう","shared responsibility",{"word":235,"reading":236,"meaning":237,"level":29},"事業者","じぎょうしゃ","provider, business operator",{"word":239,"reading":240,"meaning":241,"level":29},"所在地","しょざいち","location",{"word":243,"reading":244,"meaning":245,"level":29},"第三者","だいさんしゃ","third party",{"word":247,"reading":248,"meaning":249,"level":24},"委託先","いたくさき","outsourcing destination",{"word":251,"reading":252,"meaning":253,"level":24},"選定","せんてい","selection",{"word":255,"reading":256,"meaning":257,"level":24},"管理策","かんりさく","controls (management measures)",{"word":259,"reading":260,"meaning":261,"level":24},"実効性","じっこうせい","effectiveness",{"word":263,"reading":264,"meaning":265,"level":24},"網羅","もうら","comprehensive coverage","kjh-k2-h04-quiz",{"name":268,"url":269},"個人情報保護士試験対策","https:\u002F\u002Fwww.joho-gakushu.or.jp\u002Fpiip\u002F","\n::para\n[技術的]{ぎじゅつてき:technical:N2}[安全]{あんぜん:safety:N3}[管理]{かんり:management:N2}[措置]{そち:measure:N1}の[実施]{じっし:implementation:N1}[項目]{こうもく:item:N1}として、ガイドライン[通則編]{つうそくへん:general rules edition:N2}10-6では[大]{おお:large:N5}きく4つの[柱]{はしら:pillar:N2}を[定めて]{さだめて:to establish:N3}います。(a)アクセス[制御]{せいぎょ:control:N3}、(b)アクセス[者]{しゃ:person:N4}の[識別]{しきべつ:identification:N3}と[認証]{にんしょう:authentication:N1}、(c)[外部]{がいぶ:external:N3}からの[不正]{ふせい:unauthorized:N4}アクセス[等]{とう:etc.:N3}の[防止]{ぼうし:prevention:N2}、(d)[情報]{じょうほう:information:N3}システムの[使用]{しよう:use:N4}に[伴う]{ともなう:accompanying:N1}[漏]{ろう:leakage:N1}えい[等]{とう:etc.:N3}の[防止]{ぼうし:prevention:N2}です。[本]{ほん:this:N5}[記事]{きじ:article:N3}では、これらの[具体的]{ぐたいてき:specific:N3}な[実施]{じっし:implementation:N1}[内容]{ないよう:content:N3}に[加え]{くわえ:in addition:N3}、ログ[管理]{かんり:management:N2}・マルウェア[対策]{たいさく:countermeasure:N1}・テレワーク／クラウドセキュリティまで[網羅]{もうら:comprehensive coverage:N1}します。\n\n#en\nThe guideline general rules edition 10-6 establishes four main pillars as implementation items for technical safety management measures: (a) access control, (b) identification and authentication of access persons, (c) prevention of unauthorized external access, and (d) prevention of leaks accompanying information system use. This article covers the specific implementation details of each, plus log management, malware countermeasures, and telework\u002Fcloud security.\n::\n\n::heading\n(a) アクセス[制御]{せいぎょ:control:N3}\n\n#en\n(a) Access Control\n::\n\n::para\nまず(a)アクセス[制御]{せいぎょ:control:N3}について。[個人]{こじん:individual:N2}データを[取り扱う]{とりあつかう:to handle:N1}[端末]{たんまつ:terminal:N1}と[情報]{じょうほう:information:N3}システムを[限定]{げんてい:restriction:N3}することが[出発点]{しゅっぱつてん:starting point:N3}です。[業務上]{ぎょうむじょう:for business purposes:N3}[必要]{ひつよう:necessary:N3}のない[従業員]{じゅうぎょういん:employee:N1}が[個人]{こじん:individual:N2}データに[触れ]{ふれ:to touch:N2}られないよう、[担当者]{たんとうしゃ:person in charge:N2}ごとにアクセス[権限]{けんげん:privilege:N3}を[設定]{せってい:configuration:N2}します。[異動]{いどう:transfer:N1}・[退職]{たいしょく:resignation:N3}などで[不要]{ふよう:unnecessary:N3}になった[権限]{けんげん:privilege:N3}は[速やか]{すみやか:promptly:N3}に[削除]{さくじょ:deletion:N1}しなければなりません。さらに、[権限]{けんげん:privilege:N3}の[定期的]{ていきてき:regular:N3}な[棚卸し]{たなおろし:inventory check:N1}を[行い]{おこない:to conduct:N5}、[過剰]{かじょう:excessive:N1}な[権限]{けんげん:privilege:N3}が[残って]{のこって:to remain:N3}いないかを[確認]{かくにん:confirmation:N3}します。[最小]{さいしょう:minimum:N3}[権限]{けんげん:privilege:N3}の[原則]{げんそく:principle:N2}（Principle of Least Privilege）に[基づく]{もとづく:to be based on:N1}[運用]{うんよう:operation:N4}が[求められます]{もとめられます:required:N3}。\n\n#en\nFirst, regarding (a) access control. The starting point is limiting the terminals and information systems that handle personal data. Access privileges are set per person in charge so that employees without a business need cannot touch personal data. Privileges that become unnecessary due to transfer or resignation must be promptly deleted. Furthermore, regular inventory checks of privileges are conducted to confirm no excessive permissions remain. Operation based on the Principle of Least Privilege is required.\n::\n\n::callout\n[試験]{しけん:exam:N4}のポイント：[最小]{さいしょう:minimum:N3}[権限]{けんげん:privilege:N3}の[原則]{げんそく:principle:N2}と[権限]{けんげん:privilege:N3}の[棚卸し]{たなおろし:inventory:N1}が[頻出]{ひんしゅつ:frequently appearing:N1}。「[業務]{ぎょうむ:business:N3}[上]{じょう:on:N5}[必要]{ひつよう:necessary:N3}な[範囲]{はんい:scope:N1}に[限定]{げんてい:limited:N3}」が[正解]{せいかい:correct answer:N3}（[全]{ぜん:all:N3}[従業員]{じゅうぎょういん:employee:N1}に[共通]{きょうつう:common:N3}[権限]{けんげん:privilege:N3}は×）。[異動]{いどう:transfer:N1}・[退職]{たいしょく:resignation:N3}[時]{じ:time:N5}の[権限]{けんげん:privilege:N3}[削除]{さくじょ:deletion:N1}は「[速やか]{すみやか:promptly:N3}に」（[翌]{よく:next:N2}[月]{げつ:month:N5}[末]{まつ:end:N3}など×）が[問われ]{とわれ:asked:N4}ます。\n\n#en\nExam point: The Principle of Least Privilege and privilege inventory checks frequently appear. \"Limited to the scope necessary for business\" is the correct answer (granting common privileges to all employees is wrong). Privilege deletion at time of transfer\u002Fresignation must be done \"promptly\" (deferring to end of next month etc. is wrong) — this is asked.\n::\n\n::heading\n(b) アクセス[者]{しゃ:person:N4}の[識別]{しきべつ:identification:N3}と[認証]{にんしょう:authentication:N1}\n\n#en\n(b) Identification and Authentication of Access Persons\n::\n\n::para\n(b)アクセス[者]{しゃ:person:N4}の[識別]{しきべつ:identification:N3}と[認証]{にんしょう:authentication:N1}では、まずID[管理]{かんり:management:N2}が[基盤]{きばん:foundation:N1}となります。[共有]{きょうゆう:shared:N3}IDの[使用]{しよう:use:N4}は[禁止]{きんし:prohibition:N2}し、[従業員]{じゅうぎょういん:employee:N1}[一人]{ひとり:one person:N5}ひとりに[一意]{いちい:unique:N4}のIDを[付与]{ふよ:granting:N3}します。[退職者]{たいしょくしゃ:former employee:N3}・[異動者]{いどうしゃ:transferred person:N1}のIDは[速やか]{すみやか:promptly:N3}に[無効化]{むこうか:deactivation:N2}・[削除]{さくじょ:deletion:N1}し、[不正]{ふせい:unauthorized:N4}[利用]{りよう:use:N3}を[防ぎます]{ふせぎます:to prevent:N2}。\n\n#en\nIn (b) identification and authentication of access persons, ID management forms the foundation. Shared IDs are prohibited, and a unique ID is assigned to each individual employee. IDs of former employees and transferred personnel are promptly deactivated or deleted to prevent unauthorized use.\n::\n\n::para\nパスワードポリシーについては、[最新]{さいしん:latest:N3}の[動向]{どうこう:trend:N3}を[踏まえる]{ふまえる:to take into account:N1}[必要]{ひつよう:necessity:N3}があります。NIST SP 800-63Bの[影響]{えいきょう:influence:N1}を[受け]{うけ:to receive:N3}、[従来]{じゅうらい:conventional:N1}の「[定期的]{ていきてき:regular:N3}なパスワード[変更]{へんこう:change:N3}」よりも、[十分]{じゅうぶん:sufficient:N5}な[長]{なが:length:N5}さ（[最低]{さいてい:minimum:N2}8[文字]{もじ:character:N4}[以上]{いじょう:or more:N4}、[推奨]{すいしょう:recommendation:N1}12[文字]{もじ:character:N4}[以上]{いじょう:or more:N4}）と[複雑性]{ふくざつせい:complexity:N2}を[重視]{じゅうし:emphasis:N1}する[方向]{ほうこう:direction:N3}にシフトしています。[一定]{いってい:fixed:N3}[回数]{かいすう:number of times:N3}の[認証]{にんしょう:authentication:N1}[失敗]{しっぱい:failure:N3}でアカウントをロックする[仕組み]{しくみ:mechanism:N3}（アカウントロック）も[必須]{ひっす:mandatory:N1}です。さらに、[多要素]{たようそ:multi-factor:N1}[認証]{にんしょう:authentication:N1}（MFA）の[導入]{どうにゅう:introduction:N2}が[強く]{つよく:strongly:N4}[推奨]{すいしょう:recommendation:N1}されており、[知識]{ちしき:knowledge:N3}[要素]{ようそ:factor:N1}（パスワード）・[所持]{しょじ:possession:N3}[要素]{ようそ:factor:N1}（トークン、スマートフォン）・[生体]{せいたい:biometric:N4}[要素]{ようそ:factor:N1}（[指紋]{しもん:fingerprint:N1}、[顔]{かお:face:N3}[認証]{にんしょう:authentication:N1}）のうち2つ[以上]{いじょう:or more:N4}を[組み合わせます]{くみあわせます:to combine:N3}。\n\n#en\nRegarding password policy, it is necessary to take into account the latest trends. Under the influence of NIST SP 800-63B, the emphasis has shifted from conventional \"regular password changes\" toward sufficient length (minimum 8 characters, recommended 12 or more) and complexity. A mechanism that locks accounts after a fixed number of authentication failures (account lock) is also mandatory. Furthermore, introduction of multi-factor authentication (MFA) is strongly recommended, combining two or more of: knowledge factors (password), possession factors (token, smartphone), and biometric factors (fingerprint, facial recognition).\n::\n\n::para\n[認証]{にんしょう:authentication:N1}[要素]{ようそ:factor:N1}は3[種類]{しゅるい:type:N3}に[分類]{ぶんるい:classified:N3}されます。[知識]{ちしき:knowledge:N3}[要素]{ようそ:factor:N1}（something you know）はパスワード・PIN・[秘密]{ひみつ:secret:N1}の[質問]{しつもん:question:N4}など「[本人]{ほんにん:the person:N5}しか[知らない]{しらない:know:N4}[情報]{じょうほう:information:N3}」です。[所持]{しょじ:possession:N3}[要素]{ようそ:factor:N1}（something you have）はICカード・[物理]{ぶつり:physical:N4}トークン・[登録]{とうろく:registered:N2}[済み]{ずみ:completed:N3}スマートフォンへのプッシュ[通知]{つうち:notification:N4}など「[本人]{ほんにん:the person:N5}が[物理的]{ぶつりてき:physically:N4}に[持つ]{もつ:possess:N4}[もの]{もの:thing}」です。[生体]{せいたい:biometric:N4}[要素]{ようそ:factor:N1}（something you are）は[指紋]{しもん:fingerprint:N1}・[顔]{かお:face:N3}・[虹彩]{こうさい:iris:N1}・[静脈]{じょうみゃく:vein:N1}など「[本人]{ほんにん:the person:N5}そのものの[身体]{しんたい:body:N4}[特徴]{とくちょう:characteristic:N1}」です。MFA（[多要素]{たようそ:multi-factor:N1}[認証]{にんしょう:authentication:N1}）と[呼ぶ]{よぶ:call:N3}には、[異なる]{ことなる:different:N1}[種類]{しゅるい:type:N3}の[要素]{ようそ:factor:N1}を[組み合わせる]{くみあわせる:combine:N3}[必要]{ひつよう:necessary:N3}があり、「パスワード＋[秘密]{ひみつ:secret:N1}の[質問]{しつもん:question:N4}」のように[同一]{どういつ:same:N4}[要素]{ようそ:factor:N1}（[共]{とも:both:N3}に[知識]{ちしき:knowledge:N3}）の[組み合わせ]{くみあわせ:combination:N3}は[多要素]{たようそ:multi-factor:N1}とは[呼びません]{よびません:not called:N3}（[多段階]{ただんかい:multi-step:N2}[認証]{にんしょう:authentication:N1}）。\n\n#en\nAuthentication factors are classified into three types. Knowledge factor (something you know): passwords, PINs, secret questions — \"information only the person knows.\" Possession factor (something you have): IC cards, physical tokens, push notifications to a registered smartphone — \"things the person physically possesses.\" Biometric factor (something you are): fingerprint, face, iris, vein — \"physical characteristics of the person themselves.\" To be called MFA (multi-factor authentication), different categories of factors must be combined; combinations of the same factor type (both knowledge), like \"password + secret question,\" are not multi-factor (this is multi-step authentication).\n::\n\n::callout\n[試験]{しけん:exam:N4}のポイント：MFAと[多段階]{ただんかい:multi-step:N2}[認証]{にんしょう:authentication:N1}の[違い]{ちがい:difference:N3}は[鉄板]{てっぱん:classic:N2}[問題]{もんだい:question:N4}。「パスワード＋[秘密]{ひみつ:secret:N1}の[質問]{しつもん:question:N4}」は[共]{とも:both:N3}に[知識]{ちしき:knowledge:N3}[要素]{ようそ:factor:N1}なのでMFAではない（×）。「パスワード＋ICカード」は[知識]{ちしき:knowledge:N3}＋[所持]{しょじ:possession:N3}でMFA（〇）。NIST SP 800-63Bの[影響]{えいきょう:influence:N1}で、「[定期的]{ていきてき:regular:N3}なパスワード[変更]{へんこう:change:N3}の[強制]{きょうせい:forced:N3}は[非推奨]{ひすいしょう:deprecated:N1}」（[漏洩]{ろうえい:leakage:N1}[時]{じ:time:N5}のみ[変更]{へんこう:change:N3}）」も[押さえ]{おさえ:grasp:N3}ましょう。\n\n#en\nExam point: The distinction between MFA and multi-step authentication is a classic question. \"Password + secret question\" are both knowledge factors so it is NOT MFA (wrong). \"Password + IC card\" is knowledge + possession, so it IS MFA (correct). Also grasp that under NIST SP 800-63B influence, \"forced regular password changes are deprecated\" (change only on leak).\n::\n\n::heading\n(c) [外部]{がいぶ:external:N3}からの[不正]{ふせい:unauthorized:N4}アクセス[等]{とう:etc.:N3}の[防止]{ぼうし:prevention:N2}\n\n#en\n(c) Prevention of Unauthorized External Access\n::\n\n::para\n(c)[外部]{がいぶ:external:N3}からの[不正]{ふせい:unauthorized:N4}アクセス[等]{とう:etc.:N3}の[防止]{ぼうし:prevention:N2}では、ファイアウォールが[基本]{きほん:fundamental:N1}[中]{ちゅう:of:N5}の[基本]{きほん:fundamental:N1}です。[外部]{がいぶ:external:N3}ネットワークとの[境界]{きょうかい:boundary:N2}に[設置]{せっち:installation:N2}し、[許可]{きょか:permission:N3}された[通信]{つうしん:communication:N3}だけを[通過]{つうか:passage:N3}させるルールを[設定]{せってい:configuration:N2}・[管理]{かんり:management:N2}します。[不要]{ふよう:unnecessary:N3}なポートは[閉鎖]{へいさ:closure:N1}し、ルールは[定期的]{ていきてき:regular:N3}に[見直します]{みなおします:to review:N3}。ウイルス[対策]{たいさく:countermeasure:N1}ソフトを[導入]{どうにゅう:introduction:N2}し、パターンファイルの[自動]{じどう:automatic:N4}[更新]{こうしん:update:N3}とリアルタイムスキャンを[有効]{ゆうこう:effective:N2}にしておくことが[前提]{ぜんてい:prerequisite:N1}です。\n\n#en\nFor (c) prevention of unauthorized external access, the firewall is the most fundamental measure. It is installed at the boundary with external networks, with rules configured and managed to allow only permitted communication through. Unnecessary ports are closed, and rules are reviewed regularly. Introducing antivirus software with automatic pattern file updates and real-time scanning enabled is a prerequisite.\n::\n\n::para\n[脆弱性]{ぜいじゃくせい:vulnerability:N1}[管理]{かんり:management:N2}も[重要]{じゅうよう:important:N3}な[柱]{はしら:pillar:N2}です。OS・ミドルウェア・アプリケーションのセキュリティパッチを[適時]{てきじ:timely:N3}[適用]{てきよう:application:N3}し、[既知]{きち:known:N1}の[脆弱性]{ぜいじゃくせい:vulnerability:N1}を[放置]{ほうち:neglect:N3}しないことが[鉄則]{てっそく:iron rule:N2}です。[脆弱性]{ぜいじゃくせい:vulnerability:N1}[情報]{じょうほう:information:N3}はJVN（Japan Vulnerability Notes）やCVE（Common Vulnerabilities and Exposures）から[収集]{しゅうしゅう:collection:N3}します。Webサービスを[提供]{ていきょう:provision:N1}する[場合]{ばあい:case:N3}はWAF（Web Application Firewall）を[導入]{どうにゅう:introduction:N2}してSQLインジェクションやクロスサイトスクリプティングなどの[攻撃]{こうげき:attack:N1}を[防御]{ぼうぎょ:defense:N2}します。IDS（[侵入]{しんにゅう:intrusion:N1}[検知]{けんち:detection:N1}システム）やIPS（[侵入]{しんにゅう:intrusion:N1}[防止]{ぼうし:prevention:N2}システム）を[併用]{へいよう:combined use:N1}することで、ネットワーク[上]{じょう:on:N5}の[不審]{ふしん:suspicious:N1}な[通信]{つうしん:communication:N3}を[検知]{けんち:detection:N1}・[遮断]{しゃだん:blocking:N1}できます。\n\n#en\nVulnerability management is also a key pillar. Timely application of security patches for OS, middleware, and applications — never leaving known vulnerabilities unaddressed — is an iron rule. Vulnerability information is collected from JVN (Japan Vulnerability Notes) and CVE (Common Vulnerabilities and Exposures). When providing web services, WAF (Web Application Firewall) is introduced to defend against attacks such as SQL injection and cross-site scripting. By also deploying IDS (Intrusion Detection System) and IPS (Intrusion Prevention System), suspicious communication on the network can be detected and blocked.\n::\n\n::para\n[標的型]{ひょうてきがた:targeted:N1}[攻撃]{こうげき:attack:N1}（APT：Advanced Persistent Threat）は、[特定]{とくてい:specific:N3}の[組織]{そしき:organization:N1}を[狙って]{ねらって:targeting:N2}[長期間]{ちょうきかん:long-term:N3}にわたり[潜伏]{せんぷく:lurk:N1}・[情報]{じょうほう:information:N3}[窃取]{せっしゅ:theft:N1}を[行う]{おこなう:conduct:N5}[攻撃]{こうげき:attack:N1}です。[典型]{てんけい:typical:N1}[的]{てき:classic:N4}な[入口]{いりぐち:entry point:N4}は[標的型]{ひょうてきがた:targeted:N1}メール（spear phishing）で、[業務]{ぎょうむ:business:N3}[関連]{かんれん:related:N3}を[装った]{よそおった:disguised:N2}[添付]{てんぷ:attachment:N1}ファイルやリンクから[感染]{かんせん:infection:N1}します。[対策]{たいさく:countermeasure:N1}は[単]{たん:single:N3}[一]{いち:one:N5}の[技術]{ぎじゅつ:technology:N2}では[不十分]{ふじゅうぶん:insufficient:N4}で、[入口]{いりぐち:entry:N4}[対策]{たいさく:countermeasure:N1}（メール[フィルタ]{フィルタ:filter}・サンドボックス）、[内部]{ないぶ:internal:N3}[対策]{たいさく:countermeasure:N1}（[権限]{けんげん:privilege:N3}[分離]{ぶんり:separation:N1}・[特権]{とっけん:privileged:N3}ID[管理]{かんり:management:N2}・EDR）、[出口]{でぐち:exit:N4}[対策]{たいさく:countermeasure:N1}（[外部]{がいぶ:external:N3}[通信]{つうしん:communication:N3}[監視]{かんし:monitoring:N1}・DLP）の[多層]{たそう:multi-layer:N2}[防御]{ぼうぎょ:defense:N2}が[必須]{ひっす:mandatory:N1}です。[従業員]{じゅうぎょういん:employee:N1}[教育]{きょういく:training:N3}（[疑わしい]{うたがわしい:suspicious:N3}メールを[開かない]{ひらかない:not open:N4}・[報告]{ほうこく:report:N3}する）も[決定的]{けっていてき:critical:N3}に[重要]{じゅうよう:important:N3}です。\n\n#en\nTargeted attacks (APT: Advanced Persistent Threat) target a specific organization and lurk over long periods to steal information. The typical entry point is targeted email (spear phishing), with infection occurring via attachments or links disguised as business-related. Countermeasures cannot rely on a single technology — multi-layered defense is mandatory: entry-point measures (mail filters, sandboxes), internal measures (privilege separation, privileged ID management, EDR), and exit measures (external communication monitoring, DLP). Employee training (don't open suspicious mail, report it) is also critically important.\n::\n\n::para\nゼロトラスト（Zero Trust）は、[社内]{しゃない:inside the company:N3}ネットワークも[信頼]{しんらい:trust:N3}しないという[考え方]{かんがえかた:philosophy:N4}に[基づく]{もとづく:based on:N1}セキュリティモデルです。[従来]{じゅうらい:traditional:N1}の[境界]{きょうかい:perimeter:N2}[防御]{ぼうぎょ:defense:N2}（ファイアウォールで[内]{うち:inside:N3}と[外]{そと:outside:N5}を[分け]{わけ:separate:N5}、[内側]{うちがわ:inside:N3}は[信頼]{しんらい:trusted:N3}）が、テレワーク・クラウド[普及]{ふきゅう:spread:N1}・[内部]{ないぶ:internal:N3}[不正]{ふせい:fraud:N4}[増加]{ぞうか:increase:N3}により[機能]{きのう:function:N3}しなくなったことが[背景]{はいけい:background:N3}にあります。「Never Trust, Always Verify（[決して]{けっして:never:N3}[信頼]{しんらい:trust:N3}せず、[常に]{つねに:always:N3}[検証]{けんしょう:verify:N1}せよ）」を[原則]{げんそく:principle:N2}とし、[全]{すべ:every:N3}てのアクセス[要求]{ようきゅう:request:N3}を[毎回]{まいかい:every time:N3}[認証]{にんしょう:authenticate:N1}・[認可]{にんか:authorize:N3}します。[実装]{じっそう:implementation:N2}には、[継続的]{けいぞくてき:continuous:N1}な[認証]{にんしょう:authentication:N1}（[機器]{きき:device:N1}[状態]{じょうたい:state:N1}・[場所]{ばしょ:location:N3}・[時刻]{じこく:time:N3}の[動的]{どうてき:dynamic:N4}[評価]{ひょうか:evaluation:N1}）、[最小]{さいしょう:minimum:N3}[権限]{けんげん:privilege:N3}、マイクロセグメンテーション（ネットワーク[細分化]{さいぶんか:fine-grained segmentation:N2}）が[用いられ]{もちいられ:used:N4}ます。\n\n#en\nZero Trust is a security model based on the philosophy of not trusting even the internal network. The background is that traditional perimeter defense (firewalls separating inside from outside, with inside trusted) has stopped functioning due to telework, cloud adoption, and increasing internal fraud. Its principle is \"Never Trust, Always Verify\" — every access request is authenticated and authorized every time. Implementation uses continuous authentication (dynamic evaluation of device state, location, time), least privilege, and micro-segmentation (fine-grained network segmentation).\n::\n\n::heading\n(d) [情報]{じょうほう:information:N3}システムの[使用]{しよう:use:N4}に[伴う]{ともなう:accompanying:N1}[漏]{ろう:leakage:N1}えい[等]{とう:etc.:N3}の[防止]{ぼうし:prevention:N2}\n\n#en\n(d) Prevention of Leaks Accompanying Information System Use\n::\n\n::para\n(d)[情報]{じょうほう:information:N3}システムの[使用]{しよう:use:N4}に[伴う]{ともなう:accompanying:N1}[漏]{ろう:leakage:N1}えい[等]{とう:etc.:N3}の[防止]{ぼうし:prevention:N2}では、まず[通信]{つうしん:communication:N3}の[暗号化]{あんごうか:encryption:N3}が[基本]{きほん:fundamental:N1}です。[個人]{こじん:individual:N2}データを[送受信]{そうじゅしん:transmission and reception:N3}する[際]{さい:occasion:N3}はTLS 1.2[以上]{いじょう:or more:N4}を[使用]{しよう:use:N4}し、[社外]{しゃがい:outside the company:N4}からの[接続]{せつぞく:connection:N2}にはVPN（[仮想]{かそう:virtual:N1}プライベートネットワーク）を[利用]{りよう:use:N3}して[通信]{つうしん:communication:N3}[経路]{けいろ:route:N3}を[保護]{ほご:protection:N1}します。TLS 1.0\u002F1.1は[既]{すで:already:N1}に[非推奨]{ひすいしょう:deprecated:N1}であり、[使用]{しよう:use:N4}を[停止]{ていし:cessation:N2}すべきです。\n\n#en\nIn (d) prevention of leaks accompanying information system use, communication encryption is fundamental. TLS 1.2 or higher is used when transmitting and receiving personal data, and VPN (Virtual Private Network) is used to protect the communication route for connections from outside the company. TLS 1.0\u002F1.1 are already deprecated and their use should be ceased.\n::\n\n::para\nメールセキュリティも[重要]{じゅうよう:important:N3}な[対策]{たいさく:countermeasure:N1}[領域]{りょういき:area:N2}です。[個人]{こじん:individual:N2}データを[含む]{ふくむ:to contain:N2}[添付]{てんぷ:attachment:N1}ファイルはS\u002FMIMEやPGPで[暗号化]{あんごうか:encryption:N3}し、[誤送信]{ごそうしん:erroneous transmission:N3}[防止]{ぼうし:prevention:N2}[策]{さく:measure:N1}として[送信先]{そうしんさき:destination:N3}[確認]{かくにん:confirmation:N3}ダイアログや[上長]{じょうちょう:superior:N5}[承認]{しょうにん:approval:N2}フローを[導入]{どうにゅう:introduction:N2}します。[外部]{がいぶ:external:N3}[記録]{きろく:recording:N2}[媒体]{ばいたい:media:N1}（USBメモリ[等]{とう:etc.:N3}）の[利用]{りよう:use:N3}も[制限]{せいげん:restriction:N3}すべきであり、USB[制御]{せいぎょ:control:N3}ソフトやデバイス[制御]{せいぎょ:control:N3}ポリシーで[許可]{きょか:permission:N3}されていない[媒体]{ばいたい:media:N1}の[接続]{せつぞく:connection:N2}を[禁止]{きんし:prohibition:N2}します。\n\n#en\nEmail security is also an important countermeasure area. Attachments containing personal data are encrypted with S\u002FMIME or PGP, and as erroneous transmission prevention measures, destination confirmation dialogs and superior approval flows are introduced. Use of external recording media (USB drives, etc.) should also be restricted, using USB control software and device control policies to prohibit connection of unauthorized media.\n::\n\n::para\nDLP（Data Loss Prevention）は、[個人]{こじん:individual:N2}データの[不正]{ふせい:unauthorized:N4}な[持ち出し]{もちだし:taking out:N4}を[防ぐ]{ふせぐ:to prevent:N2}[仕組み]{しくみ:mechanism:N3}です。コンテンツインスペクション[機能]{きのう:function:N3}により、メール[本文]{ほんぶん:body text:N4}・[添付]{てんぷ:attachment:N1}ファイル・クラウドストレージへのアップロードなどを[監視]{かんし:monitoring:N1}し、[個人]{こじん:individual:N2}データに[該当]{がいとう:applicable:N1}する[情報]{じょうほう:information:N3}が[含まれて]{ふくまれて:to be contained:N2}いれば[送信]{そうしん:transmission:N3}をブロックまたは[警告]{けいこく:warning:N3}します。[意図的]{いとてき:intentional:N4}な[内部]{ないぶ:internal:N3}[不正]{ふせい:fraud:N4}と[過失]{かしつ:negligence:N3}による[漏]{ろう:leakage:N1}えいの[両方]{りょうほう:both:N3}に[対応]{たいおう:response:N1}できる[点]{てん:point:N3}が[強み]{つよみ:strength:N4}です。\n\n#en\nDLP (Data Loss Prevention) is a mechanism for preventing unauthorized removal of personal data. Through content inspection functionality, it monitors email body text, attachments, uploads to cloud storage, etc., and blocks or warns transmission when information applicable to personal data is detected. Its strength is that it can address both intentional internal fraud and leaks caused by negligence.\n::\n\n::para\n[暗号化]{あんごうか:encryption:N3}アルゴリズムは[共通]{きょうつう:symmetric:N3}[鍵]{かぎ:key:N1}[暗号]{あんごう:encryption:N3}と[公開]{こうかい:public:N4}[鍵]{かぎ:key:N1}[暗号]{あんごう:encryption:N3}に[大別]{たいべつ:broadly classified:N4}されます。[共通]{きょうつう:symmetric:N3}[鍵]{かぎ:key:N1}[暗号]{あんごう:encryption:N3}（AES、3DES[等]{とう:etc.:N3}）は[暗号]{あんごう:encryption:N3}と[復号]{ふくごう:decryption:N2}に[同一]{どういつ:same:N4}の[鍵]{かぎ:key:N1}を[使用]{しよう:use:N4}し、[処理]{しょり:processing:N3}が[高速]{こうそく:fast:N3}ですが、[鍵]{かぎ:key:N1}[配送]{はいそう:distribution:N3}[問題]{もんだい:problem:N4}があります。[現行]{げんこう:current:N3}[推奨]{すいしょう:recommended:N1}はAES-256で、3DESやDESは[既]{すで:already:N1}に[非推奨]{ひすいしょう:deprecated:N1}です。[公開]{こうかい:public:N4}[鍵]{かぎ:key:N1}[暗号]{あんごう:encryption:N3}（RSA、楕円[曲線]{きょくせん:curve:N2}[暗号]{あんごう:encryption:N3}＝ECC[等]{とう:etc.:N3}）は[公開]{こうかい:public:N4}[鍵]{かぎ:key:N1}と[秘密]{ひみつ:private:N1}[鍵]{かぎ:key:N1}の[対]{つい:pair:N3}を[用い]{もちい:use:N4}、[処理]{しょり:processing:N3}は[遅い]{おそい:slow:N3}が[鍵]{かぎ:key:N1}[配送]{はいそう:distribution:N3}[問題]{もんだい:problem:N4}を[解決]{かいけつ:solve:N3}します。[実務]{じつむ:practice:N3}では[両者]{りょうしゃ:both:N3}を[組み合わせる]{くみあわせる:combine:N3}ハイブリッド[方式]{ほうしき:method:N3}（TLSなど）が[一般的]{いっぱんてき:common:N2}で、[共通]{きょうつう:symmetric:N3}[鍵]{かぎ:key:N1}を[公開]{こうかい:public:N4}[鍵]{かぎ:key:N1}で[安全]{あんぜん:securely:N3}に[交換]{こうかん:exchange:N2}します。[鍵]{かぎ:key:N1}[管理]{かんり:management:N2}は[暗号化]{あんごうか:encryption:N3}[以上]{いじょう:as much as:N4}に[重要]{じゅうよう:important:N3}で、HSM（Hardware Security Module）や[鍵]{かぎ:key:N1}[管理]{かんり:management:N2}サービス（KMS）で[集中]{しゅうちゅう:centralized:N4}[管理]{かんり:manage:N2}し、[定期的]{ていきてき:regularly:N3}に[更新]{こうしん:rotation:N3}します。\n\n#en\nEncryption algorithms are broadly classified into symmetric-key and public-key encryption. Symmetric-key encryption (AES, 3DES, etc.) uses the same key for encryption and decryption — fast processing but with key distribution problems. Currently AES-256 is recommended; 3DES and DES are already deprecated. Public-key encryption (RSA, Elliptic Curve Cryptography = ECC, etc.) uses a public\u002Fprivate key pair — slow processing but solves the key distribution problem. In practice, hybrid methods combining both (such as TLS) are common, securely exchanging the symmetric key via the public key. Key management is even more important than encryption itself: centrally managed via HSM (Hardware Security Module) or KMS (Key Management Service), with regular rotation.\n::\n\n::callout\n[試験]{しけん:exam:N4}のポイント：[共通]{きょうつう:symmetric:N3}[鍵]{かぎ:key:N1}＝[高速]{こうそく:fast:N3}・[鍵]{かぎ:key:N1}[配送]{はいそう:distribution:N3}に[課題]{かだい:issue:N2}、[公開]{こうかい:public:N4}[鍵]{かぎ:key:N1}＝[低速]{ていそく:slow:N2}・[鍵]{かぎ:key:N1}[配送]{はいそう:distribution:N3}[問題]{もんだい:problem:N4}を[解決]{かいけつ:solve:N3}、という[対比]{たいひ:contrast:N2}は[鉄板]{てっぱん:classic:N2}。「[大量]{たいりょう:large volume:N2}データの[暗号化]{あんごうか:encryption:N3}には[共通]{きょうつう:symmetric:N3}[鍵]{かぎ:key:N1}」「[鍵]{かぎ:key:N1}[交換]{こうかん:exchange:N2}や[電子]{でんし:electronic:N5}[署名]{しょめい:signature:N2}には[公開]{こうかい:public:N4}[鍵]{かぎ:key:N1}」という[用途]{ようと:use case:N3}[別]{べつ:distinction:N4}も[頻出]{ひんしゅつ:frequently appearing:N1}。DES／3DESは[非推奨]{ひすいしょう:deprecated:N1}、AES-256が[現行]{げんこう:current:N3}[標準]{ひょうじゅん:standard:N1}という[点]{てん:point:N3}も[押さえ]{おさえ:grasp:N3}ましょう。\n\n#en\nExam point: The contrast \"symmetric-key = fast, key distribution problem; public-key = slow, solves key distribution\" is a classic. Use-case distinction also frequently appears: \"symmetric for bulk data encryption\" \u002F \"public-key for key exchange and digital signatures.\" Also memorize: DES\u002F3DES are deprecated, AES-256 is the current standard.\n::\n\n::heading\nログ[管理]{かんり:management:N2}\n\n#en\nLog Management\n::\n\n::para\n[技術的]{ぎじゅつてき:technical:N2}[安全]{あんぜん:safety:N3}[管理]{かんり:management:N2}[措置]{そち:measure:N1}を[実効的]{じっこうてき:effective:N2}にするためには、ログ[管理]{かんり:management:N2}が[不可欠]{ふかけつ:indispensable:N3}です。[取得]{しゅとく:acquisition:N3}すべきログは[多岐]{たき:wide-ranging:N1}にわたります。アクセスログ（[誰]{だれ:who:N3}がいつどのデータに[触れた]{ふれた:touched:N2}か）、[操作]{そうさ:operation:N1}ログ（ファイル[操作]{そうさ:operation:N1}・[印刷]{いんさつ:printing:N2}・コピー）、[認証]{にんしょう:authentication:N1}ログ（ログイン[成功]{せいこう:success:N1}／[失敗]{しっぱい:failure:N3}）、[通信]{つうしん:communication:N3}ログ（[送受信]{そうじゅしん:transmission and reception:N3}[記録]{きろく:recording:N2}）の4[種類]{しゅるい:type:N3}が[代表的]{だいひょうてき:representative:N3}です。\n\n#en\nLog management is indispensable for making technical safety management measures effective. The logs that should be collected are wide-ranging: access logs (who touched which data and when), operation logs (file operations, printing, copying), authentication logs (login successes\u002Ffailures), and communication logs (transmission and reception records) are the four representative types.\n::\n\n::para\nログの[保管]{ほかん:storage:N1}にも[注意]{ちゅうい:caution:N4}が[必要]{ひつよう:necessary:N3}です。[改ざん]{かいざん:falsification:N2}[防止]{ぼうし:prevention:N2}のため、WORM（Write Once Read Many）[媒体]{ばいたい:media:N1}への[書き込み]{かきこみ:writing:N3}や、[運用]{うんよう:operation:N4}サーバとは[別]{べつ:separate:N4}のログ[専用]{せんよう:dedicated:N2}サーバへの[転送]{てんそう:transfer:N4}が[推奨]{すいしょう:recommendation:N1}されます。[保管]{ほかん:storage:N1}[期間]{きかん:period:N3}は[法令]{ほうれい:laws and regulations:N2}や[社内]{しゃない:inside the company:N3}[規程]{きてい:regulation:N3}に[従い]{したがい:to follow:N1}[設定]{せってい:configuration:N2}しますが、[最低]{さいてい:minimum:N2}でも1[年]{ねん:year:N5}[以上]{いじょう:or more:N4}の[保存]{ほぞん:storage:N1}が[望ましい]{のぞましい:desirable:N3}とされています。ログ[管理]{かんり:management:N2}[規程]{きてい:regulation:N3}を[整備]{せいび:preparation:N1}し、[取得]{しゅとく:acquisition:N3}・[保管]{ほかん:storage:N1}・[廃棄]{はいき:disposal:N1}のルールを[明文化]{めいぶんか:putting in writing:N3}しておくことが[大切]{たいせつ:important:N4}です。\n\n#en\nCaution is also needed for log storage. To prevent falsification, writing to WORM (Write Once Read Many) media or transferring to a dedicated log server separate from the operation server is recommended. The retention period is set according to laws, regulations, and internal rules, but a minimum of one year or more is considered desirable. It is important to prepare log management regulations and codify rules for acquisition, storage, and disposal.\n::\n\n::para\nログの[定期的]{ていきてき:regular:N3}なレビューにより、[不審]{ふしん:suspicious:N1}なパターンを[早期]{そうき:early:N3}に[発見]{はっけん:discovery:N4}できます。[大量]{たいりょう:large volume:N2}のログを[効率的]{こうりつてき:efficient:N1}に[分析]{ぶんせき:analysis:N1}するには、SIEM（Security Information and Event Management）の[導入]{どうにゅう:introduction:N2}が[有効]{ゆうこう:effective:N2}です。SIEMは[複数]{ふくすう:multiple:N2}のログを[統合]{とうごう:integration:N1}・[相関]{そうかん:correlation:N3}[分析]{ぶんせき:analysis:N1}し、[単体]{たんたい:standalone:N3}のログでは[見]{み:to see:N5}えない[攻撃]{こうげき:attack:N1}パターンを[検出]{けんしゅつ:detection:N1}してアラートを[発報]{はっぽう:issuing alarm:N3}します。[例えば]{たとえば:for example:N3}、[深夜]{しんや:late at night:N3}の[大量]{たいりょう:large volume:N2}ダウンロードと[直後]{ちょくご:immediately after:N3}のUSB[接続]{せつぞく:connection:N2}という[組み合わせ]{くみあわせ:combination:N3}は、[内部]{ないぶ:internal:N3}[不正]{ふせい:fraud:N4}の[兆候]{ちょうこう:sign:N2}として[検知]{けんち:detection:N1}できます。\n\n#en\nRegular log reviews enable early discovery of suspicious patterns. SIEM (Security Information and Event Management) is effective for efficiently analyzing large volumes of logs. SIEM integrates and performs correlation analysis on multiple logs, detecting attack patterns invisible in standalone logs and issuing alerts. For example, a combination of mass downloads late at night followed immediately by a USB connection can be detected as a sign of internal fraud.\n::\n\n::heading\nマルウェア[対策]{たいさく:countermeasure:N1}\n\n#en\nMalware Countermeasures\n::\n\n::para\nマルウェア[対策]{たいさく:countermeasure:N1}の[第一歩]{だいいっぽ:first step:N1}はウイルス[対策]{たいさく:countermeasure:N1}ソフトです。[検知]{けんち:detection:N1}[方式]{ほうしき:method:N3}は[大]{おお:large:N5}きく3つあります。パターンマッチング（[既知]{きち:known:N1}のマルウェアの[特徴]{とくちょう:characteristic:N1}を[定義]{ていぎ:definition:N1}ファイルと[照合]{しょうごう:matching:N2}）、ヒューリスティック[検知]{けんち:detection:N1}（[未知]{みち:unknown:N3}のマルウェアを[構造的]{こうぞうてき:structural:N2}[特徴]{とくちょう:characteristic:N1}から[推定]{すいてい:estimation:N1}）、ビヘイビア[分析]{ぶんせき:analysis:N1}＝[振る舞い]{ふるまい:behavior:N1}[検知]{けんち:detection:N1}（[実行]{じっこう:execution:N3}[時]{じ:time:N5}の[動作]{どうさ:operation:N4}を[監視]{かんし:monitoring:N1}し[不審]{ふしん:suspicious:N1}な[挙動]{きょどう:behavior:N1}を[検知]{けんち:detection:N1}）です。これら3つの[方式]{ほうしき:method:N3}を[組み合わせる]{くみあわせる:to combine:N3}ことで[検知率]{けんちりつ:detection rate:N1}を[高めます]{たかめます:to enhance:N5}。\n\n#en\nThe first step in malware countermeasures is antivirus software. There are three main detection methods: pattern matching (comparing against definition files of known malware characteristics), heuristic detection (estimating unknown malware from structural characteristics), and behavior analysis (monitoring operations during execution to detect suspicious behavior). Combining these three methods enhances the detection rate.\n::\n\n::para\nEDR（Endpoint Detection and Response）は、[従来]{じゅうらい:conventional:N1}のウイルス[対策]{たいさく:countermeasure:N1}ソフトを[補完]{ほかん:supplementation:N2}する[仕組み]{しくみ:mechanism:N3}です。[端末]{たんまつ:terminal:N1}の[挙動]{きょどう:behavior:N1}を[常時]{じょうじ:always:N3}[監視]{かんし:monitoring:N1}し、[不審]{ふしん:suspicious:N1}な[挙動]{きょどう:behavior:N1}を[検知]{けんち:detection:N1}した[場合]{ばあい:case:N3}に[自動]{じどう:automatic:N4}で[隔離]{かくり:isolation:N1}・[対応]{たいおう:response:N1}します。[未知]{みち:unknown:N3}のマルウェアや[標的型]{ひょうてきがた:targeted:N1}[攻撃]{こうげき:attack:N1}にも[対応]{たいおう:response:N1}できる[点]{てん:point:N3}が[強み]{つよみ:strength:N4}です。サンドボックスは、[未知]{みち:unknown:N3}の[疑わしい]{うたがわしい:suspicious:N3}ファイルを[仮想]{かそう:virtual:N1}[環境]{かんきょう:environment:N1}で[実行]{じっこう:execution:N3}し、[安全]{あんぜん:safety:N3}に[挙動]{きょどう:behavior:N1}を[確認]{かくにん:confirmation:N3}する[技術]{ぎじゅつ:technology:N2}です。[本番]{ほんばん:production:N3}[環境]{かんきょう:environment:N1}に[影響]{えいきょう:influence:N1}を[与えず]{あたえず:without giving:N3}にマルウェアかどうかを[判定]{はんてい:judgment:N3}できます。\n\n#en\nEDR (Endpoint Detection and Response) is a mechanism that supplements conventional antivirus software. It constantly monitors terminal behavior and automatically isolates and responds when suspicious behavior is detected. Its strength is the ability to handle unknown malware and targeted attacks. A sandbox is a technology that executes unknown suspicious files in a virtual environment to safely confirm their behavior, enabling malware determination without affecting the production environment.\n::\n\n::para\nマルウェアに[感染]{かんせん:infection:N1}した[場合]{ばあい:case:N3}の[対応]{たいおう:response:N1}[手順]{てじゅん:procedure:N2}も[事前]{じぜん:in advance:N4}に[定めて]{さだめて:to establish:N3}おきます。[第一]{だいいち:first:N1}に、[感染]{かんせん:infection:N1}した[端末]{たんまつ:terminal:N1}をネットワークから[隔離]{かくり:isolation:N1}します。[次]{つぎ:next:N3}に[責任者]{せきにんしゃ:responsible person:N3}に[報告]{ほうこく:report:N3}し、[感染]{かんせん:infection:N1}[範囲]{はんい:scope:N1}と[原因]{げんいん:cause:N3}を[調査]{ちょうさ:investigation:N2}します。その[後]{ご:after:N5}、マルウェアの[駆除]{くじょ:removal:N1}とシステムの[復旧]{ふっきゅう:recovery:N2}を[行い]{おこない:to conduct:N5}、[最後]{さいご:last:N3}に[再発]{さいはつ:recurrence:N2}[防止]{ぼうし:prevention:N2}[策]{さく:measure:N1}を[講じます]{こうじます:to take measures:N2}。つまり「[隔離]{かくり:isolation:N1}→[報告]{ほうこく:report:N3}→[調査]{ちょうさ:investigation:N2}→[駆除]{くじょ:removal:N1}→[復旧]{ふっきゅう:recovery:N2}→[再発]{さいはつ:recurrence:N2}[防止]{ぼうし:prevention:N2}」の[流れ]{ながれ:flow:N3}です。\n\n#en\nResponse procedures in case of malware infection must also be established in advance. First, the infected terminal is isolated from the network. Next, the responsible person is notified and the scope of infection and cause are investigated. After that, malware removal and system recovery are performed, and finally recurrence prevention measures are taken. In other words, the flow is: isolation → report → investigation → removal → recovery → recurrence prevention.\n::\n\n::heading\nテレワーク・クラウドセキュリティ\n\n#en\nTelework and Cloud Security\n::\n\n::para\nテレワーク[環境]{かんきょう:environment:N1}では、[社外]{しゃがい:outside the company:N4}から[社内]{しゃない:inside the company:N3}システムへ[安全]{あんぜん:safely:N3}に[接続]{せつぞく:connection:N2}する[手段]{しゅだん:means:N3}が[必要]{ひつよう:necessary:N3}です。VPN、リモートデスクトップ、VDI（[仮想]{かそう:virtual:N1}デスクトップ[基盤]{きばん:infrastructure:N1}）が[主]{おも:main:N4}な[選択肢]{せんたくし:option:N1}です。VDIでは[端末]{たんまつ:terminal:N1}にデータが[残ら]{のこら:to not remain:N3}ないため、[紛失]{ふんしつ:loss:N1}・[盗難]{とうなん:theft:N3}[時]{じ:time:N5}の[漏]{ろう:leakage:N1}えいリスクを[低減]{ていげん:reduction:N2}できます。BYOD（Bring Your Own Device）に[対して]{たいして:regarding:N3}は、MDM（Mobile Device Management）で[端末]{たんまつ:terminal:N1}を[一元]{いちげん:centralized:N4}[管理]{かんり:management:N2}し、MAM（Mobile Application Management）で[業務]{ぎょうむ:business:N3}アプリを[個人]{こじん:individual:N2}[領域]{りょういき:area:N2}と[分離]{ぶんり:separation:N1}するコンテナ[化]{か:conversion:N3}が[有効]{ゆうこう:effective:N2}です。\n\n#en\nIn telework environments, means for safely connecting to internal systems from outside are necessary. VPN, remote desktop, and VDI (Virtual Desktop Infrastructure) are the main options. With VDI, no data remains on the terminal, so leakage risk in case of loss or theft can be reduced. For BYOD (Bring Your Own Device), MDM (Mobile Device Management) for centralized terminal management and MAM (Mobile Application Management) with containerization to separate business apps from the personal area are effective.\n::\n\n::para\nクラウドサービス[利用]{りよう:use:N3}[時]{じ:time:N5}は、[責任]{せきにん:responsibility:N3}[共有]{きょうゆう:shared:N3}モデルの[理解]{りかい:understanding:N3}が[不可欠]{ふかけつ:indispensable:N3}です。IaaSでは、[事業者]{じぎょうしゃ:provider:N4}は[物理]{ぶつり:physical:N4}[基盤]{きばん:infrastructure:N1}の[管理]{かんり:management:N2}[責任]{せきにん:responsibility:N3}を[負い]{おい:to bear:N3}、OS・ミドルウェア・アプリケーション・データの[管理]{かんり:management:N2}は[利用者]{りようしゃ:user:N3}の[責任]{せきにん:responsibility:N3}です。PaaSではOS・ミドルウェアまで[事業者]{じぎょうしゃ:provider:N4}が[管理]{かんり:management:N2}し、SaaSではアプリケーションまで[事業者]{じぎょうしゃ:provider:N4}[側]{がわ:side:N3}の[責任]{せきにん:responsibility:N3}となります。ただし、SaaSでもデータの[入力]{にゅうりょく:input:N4}[内容]{ないよう:content:N3}やアクセス[権限]{けんげん:privilege:N3}の[設定]{せってい:configuration:N2}は[利用者]{りようしゃ:user:N3}の[責任]{せきにん:responsibility:N3}です。データの[所在地]{しょざいち:location:N3}が[外国]{がいこく:foreign country:N5}サーバの[場合]{ばあい:case:N3}は、[個人情報保護法]{こじんじょうほうほごほう:Personal Information Protection Act:N1}[第]{だい:number:N1}28[条]{じょう:article:N1}（[外国]{がいこく:foreign country:N5}にある[第三者]{だいさんしゃ:third party:N1}への[提供]{ていきょう:provision:N1}の[制限]{せいげん:restriction:N3}）の[適用]{てきよう:application:N3}を[検討]{けんとう:consideration:N1}しなければなりません。\n\n#en\nWhen using cloud services, understanding the shared responsibility model is indispensable. In IaaS, the provider bears responsibility for managing the physical infrastructure, while management of OS, middleware, applications, and data is the user's responsibility. In PaaS, the provider manages up to the OS and middleware; in SaaS, the provider is responsible up to the application. However, even in SaaS, data input content and access privilege settings remain the user's responsibility. When data is located on foreign servers, application of Article 28 of the Personal Information Protection Act (restrictions on provision to third parties in foreign countries) must be considered.\n::\n\n::callout\nクラウドの[責任]{せきにん:responsibility:N3}[共有]{きょうゆう:shared:N3}モデルは[試験]{しけん:exam:N4}[頻出]{ひんしゅつ:frequently appearing:N1}です。IaaS／PaaS／SaaSの[各]{かく:each:N2}レベルで、[利用者]{りようしゃ:user:N3}と[事業者]{じぎょうしゃ:provider:N4}の[責任]{せきにん:responsibility:N3}[範囲]{はんい:scope:N1}がどう[異なる]{ことなる:to differ:N1}かを[整理]{せいり:organization:N1}しておきましょう。IaaS: [物理]{ぶつり:physical:N4}[基盤]{きばん:infrastructure:N1}のみ[事業者]{じぎょうしゃ:provider:N4}。PaaS: OS・ミドルウェアまで[事業者]{じぎょうしゃ:provider:N4}。SaaS: アプリまで[事業者]{じぎょうしゃ:provider:N4}、ただしデータ[管理]{かんり:management:N2}・アクセス[設定]{せってい:configuration:N2}は[利用者]{りようしゃ:user:N3}の[責任]{せきにん:responsibility:N3}。\n\n#en\nThe cloud shared responsibility model appears frequently on exams. Organize how the scope of responsibility differs between user and provider at each level: IaaS: provider responsible for physical infrastructure only. PaaS: provider up to OS\u002Fmiddleware. SaaS: provider up to application, but data management and access settings remain the user's responsibility.\n::\n\n::para\nクラウドセキュリティの[国際]{こくさい:international:N3}[規格]{きかく:standard:N3}として、ISO 27017（クラウドセキュリティ[管理策]{かんりさく:controls:N1}）とISO 27018（クラウド[上]{じょう:on:N5}の[個人]{こじん:individual:N2}[識別]{しきべつ:identification:N3}[可能]{かのう:possible:N3}[情報]{じょうほう:information:N3}の[保護]{ほご:protection:N1}）があります。[委託先]{いたくさき:outsourcing destination:N1}のクラウド[事業者]{じぎょうしゃ:provider:N4}がこれらの[認証]{にんしょう:certification:N1}を[取得]{しゅとく:acquisition:N3}しているかどうかは、[選定]{せんてい:selection:N3}[時]{じ:time:N5}の[重要]{じゅうよう:important:N3}な[判断]{はんだん:judgment:N3}[基準]{きじゅん:criterion:N1}となります。これらの[技術的]{ぎじゅつてき:technical:N2}[措置]{そち:measure:N1}を[組織的]{そしきてき:organizational:N1}・[人的]{じんてき:human:N4}・[物理的]{ぶつりてき:physical:N4}な[安全]{あんぜん:safety:N3}[管理]{かんり:management:N2}[措置]{そち:measure:N1}と[併せて]{あわせて:together with:N1}[実施]{じっし:implementation:N1}することが、[個人情報保護法]{こじんじょうほうほごほう:Personal Information Protection Act:N1}の[求める]{もとめる:to require:N3}[安全]{あんぜん:safety:N3}[管理]{かんり:management:N2}[措置]{そち:measure:N1}の[実現]{じつげん:realization:N3}につながります。\n\n#en\nAs international standards for cloud security, there are ISO 27017 (cloud security controls) and ISO 27018 (protection of personally identifiable information in the cloud). Whether the outsourcing cloud provider has obtained these certifications is an important selection criterion. Implementing these technical measures together with organizational, human, and physical safety management measures leads to realizing the safety management measures required by the Personal Information Protection Act.\n::\n",{"id":266,"title":272,"titleEn":273,"topicPath":274,"questions":275},"第４編 情報システムセキュリティ 確認テスト","Chapter 4: Information System Security — Practice Test","software\u002Fkojin-joho-hogo\u002Fkadai-2\u002Fhen-04-jouhou-system",[276,305,329,352,376,400,424,448,470,493,513,538,562,586],{"id":277,"articleId":278,"question":279,"options":282,"correctLabel":292,"explanation":299,"tags":302},"kjh-k2-h04-q01","kjh-k2-h04-gijutsu-kiso",{"en":280,"jp":281},"Which of the following correctly compares shared-key (symmetric) encryption and public-key (asymmetric) encryption?","[共通鍵]{きょうつうかぎ:shared key}[暗号]{あんごう:encryption}[方式]{ほうしき:method}と[公開鍵]{こうかいかぎ:public key}[暗号]{あんごう:encryption}[方式]{ほうしき:method}の[比較]{ひかく:comparison}として[正]{ただ:correct}しいものはどれか。",[283,287,291,295],{"label":284,"jp":285,"en":286},"ア","[共通鍵]{きょうつうかぎ:shared key}[暗号]{あんごう:encryption}は[処理]{しょり:processing}[速度]{そくど:speed}が[遅]{おそ:slow}いが、[鍵]{かぎ:key}[配送]{はいそう:distribution}[問題]{もんだい:problem}がない","Shared-key encryption is slow but has no key distribution problem",{"label":288,"jp":289,"en":290},"イ","[公開鍵]{こうかいかぎ:public key}[暗号]{あんごう:encryption}は[処理]{しょり:processing}[速度]{そくど:speed}が[速]{はや:fast}いが、[鍵]{かぎ:key}[配送]{はいそう:distribution}[問題]{もんだい:problem}がある","Public-key encryption is fast but has a key distribution problem",{"label":292,"jp":293,"en":294},"ウ","[共通鍵]{きょうつうかぎ:shared key}[暗号]{あんごう:encryption}は[処理]{しょり:processing}[速度]{そくど:speed}が[速]{はや:fast}いが、[鍵]{かぎ:key}[配送]{はいそう:distribution}[問題]{もんだい:problem}がある","Shared-key encryption is fast but has a key distribution problem",{"label":296,"jp":297,"en":298},"エ","[両者]{りょうしゃ:both}とも[同]{おな:same}じ[鍵]{かぎ:key}を[使]{つか:use}って[暗号化]{あんごうか:encryption}・[復号]{ふくごう:decryption}を[行]{おこな:perform}う","Both use the same key for encryption and decryption",{"en":300,"jp":301},"Shared-key encryption (e.g., AES) is fast but requires both parties to share the same key, creating a key distribution problem. Public-key encryption (e.g., RSA) solves the distribution problem but is slower. Options A and B have the characteristics reversed. Option D only describes shared-key encryption.","[共通鍵]{きょうつうかぎ:shared key}[暗号]{あんごう:encryption}（AES[等]{とう:etc.}）は[処理]{しょり:processing}が[高速]{こうそく:high speed}だが、[送信者]{そうしんしゃ:sender}と[受信者]{じゅしんしゃ:receiver}で[同]{おな:same}じ[鍵]{かぎ:key}を[共有]{きょうゆう:share}する[必要]{ひつよう:need}があり、[鍵]{かぎ:key}[配送]{はいそう:distribution}[問題]{もんだい:problem}が[生]{しょう:arise}じる。[公開鍵]{こうかいかぎ:public key}[暗号]{あんごう:encryption}（RSA[等]{とう:etc.}）は[鍵]{かぎ:key}[配送]{はいそう:distribution}[問題]{もんだい:problem}を[解決]{かいけつ:solve}するが[処理]{しょり:processing}が[遅]{おそ:slow}い。ア・イは[特徴]{とくちょう:characteristic}が[逆]{ぎゃく:reverse}。エは[共通鍵]{きょうつうかぎ:shared key}のみの[説明]{せつめい:explanation}。",[109,303,304],"symmetric","asymmetric",{"id":306,"articleId":278,"question":307,"options":310,"correctLabel":288,"explanation":323,"tags":326},"kjh-k2-h04-q02",{"en":308,"jp":309},"Which of the following correctly explains multi-factor authentication?","[多]{た:multi}[要素]{ようそ:factor}[認証]{にんしょう:authentication}の[説明]{せつめい:explanation}として[正]{ただ:correct}しいものはどれか。",[311,314,317,320],{"label":284,"jp":312,"en":313},"パスワードを2[回]{かい:times}[入力]{にゅうりょく:input}させること","Requiring a password to be entered twice",{"label":288,"jp":315,"en":316},"[知識]{ちしき:knowledge}・[所持]{しょじ:possession}・[生体]{せいたい:biometric}[情報]{じょうほう:information}のうち、2つ[以上]{いじょう:or more}の[異]{こと:different}なる[要素]{ようそ:factor}を[組]{く:combine}み[合]{あ:combine}わせた[認証]{にんしょう:authentication}","Authentication combining two or more different factors from knowledge, possession, and biometrics",{"label":292,"jp":318,"en":319},"IDとパスワードに[加]{くわ:add}え、[秘密]{ひみつ:secret}の[質問]{しつもん:question}を[使]{つか:use}う[認証]{にんしょう:authentication}","Authentication using an ID, password, and a secret question",{"label":296,"jp":321,"en":322},"[複数]{ふくすう:multiple}のパスワードを[使]{つか:use}い[分]{わ:separate}けること","Using multiple different passwords",{"en":324,"jp":325},"Multi-factor authentication combines 2 or more of the 3 factors: knowledge (passwords etc.), possession (smartphones, IC cards etc.), and biometrics (fingerprints etc.). Option A repeats the same factor. Option C combines password and secret question — both are \"knowledge\" factors, so it is not multi-factor. Option D also repeats the same factor type.","[多]{た:multi}[要素]{ようそ:factor}[認証]{にんしょう:authentication}は「[知識]{ちしき:knowledge}（パスワード[等]{とう:etc.}）」「[所持]{しょじ:possession}（スマートフォン・ICカード[等]{とう:etc.}）」「[生体]{せいたい:biometric}[情報]{じょうほう:information}（[指紋]{しもん:fingerprint}[等]{とう:etc.}）」の3[要素]{ようそ:factors}のうち2つ[以上]{いじょう:or more}を[組]{く:combine}み[合]{あ:combine}わせる。アはパスワードの2[回]{かい:times}[入力]{にゅうりょく:input}で[同]{おな:same}じ[要素]{ようそ:factor}。ウは[秘密]{ひみつ:secret}の[質問]{しつもん:question}もパスワードも「[知識]{ちしき:knowledge}」[要素]{ようそ:factor}なので[多]{た:multi}[要素]{ようそ:factor}ではない。エも[同]{おな:same}じ[要素]{ようそ:factor}の[繰]{く:repeat}り[返]{かえ:return}し。",[327,328],"authentication","MFA",{"id":330,"articleId":278,"question":331,"options":334,"correctLabel":292,"explanation":347,"tags":350},"kjh-k2-h04-q03",{"en":332,"jp":333},"Which type of firewall inspects packet contents at the application layer?","ファイアウォールの[種類]{しゅるい:types}のうち、アプリケーション[層]{そう:layer}でパケットの[内容]{ないよう:content}を[検査]{けんさ:inspect}するものはどれか。",[335,338,341,344],{"label":284,"jp":336,"en":337},"パケットフィルタリング","Packet filtering",{"label":288,"jp":339,"en":340},"ステートフルインスペクション","Stateful inspection",{"label":292,"jp":342,"en":343},"アプリケーションゲートウェイ（プロキシ[型]{がた:type}）","Application gateway (proxy type)",{"label":296,"jp":345,"en":346},"NAT（ネットワークアドレス[変換]{へんかん:translation}）","NAT (Network Address Translation)",{"en":348,"jp":349},"An application gateway (proxy type) inspects communication content at the application layer for detailed control. Packet filtering controls by IP address and port number. Stateful inspection manages communication state for decision-making. NAT is an address translation technology, not a type of firewall.","アプリケーションゲートウェイ（プロキシ[型]{がた:type}）はアプリケーション[層]{そう:layer}で[通信]{つうしん:communication}[内容]{ないよう:content}を[検査]{けんさ:inspect}し、[詳細]{しょうさい:detailed}な[制御]{せいぎょ:control}が[可能]{かのう:possible}。パケットフィルタリングはIPアドレスやポート[番号]{ばんごう:number}で[制御]{せいぎょ:control}する[方式]{ほうしき:method}。ステートフルインスペクションは[通信]{つうしん:communication}の[状態]{じょうたい:state}を[管理]{かんり:manage}して[判断]{はんだん:judge}する[方式]{ほうしき:method}。NATはアドレス[変換]{へんかん:translation}[技術]{ぎじゅつ:technology}でありファイアウォールの[種類]{しゅるい:type}ではない。",[351],"firewall",{"id":353,"articleId":278,"question":354,"options":357,"correctLabel":288,"explanation":370,"tags":373},"kjh-k2-h04-q04",{"en":355,"jp":356},"Which of the following correctly describes the difference between IDS (Intrusion Detection System) and IPS (Intrusion Prevention System)?","IDS（[侵入]{しんにゅう:intrusion}[検知]{けんち:detection}システム）とIPS（[侵入]{しんにゅう:intrusion}[防止]{ぼうし:prevention}システム）の[違]{ちが:difference}いとして[正]{ただ:correct}しいものはどれか。",[358,361,364,367],{"label":284,"jp":359,"en":360},"IDSは[不正]{ふせい:unauthorized}アクセスを[検知]{けんち:detect}し[自動]{じどう:automatically}[遮断]{しゃだん:block}する。IPSは[検知]{けんち:detect}のみ[行]{おこな:perform}う","IDS detects and automatically blocks unauthorized access. IPS only detects",{"label":288,"jp":362,"en":363},"IDSは[不正]{ふせい:unauthorized}アクセスの[検知]{けんち:detection}・[通知]{つうち:notification}を[行]{おこな:perform}い、IPSは[検知]{けんち:detection}に[加]{くわ:add}え[自動]{じどう:automatically}[遮断]{しゃだん:block}まで[行]{おこな:perform}う","IDS detects and notifies of unauthorized access; IPS detects and also automatically blocks it",{"label":292,"jp":365,"en":366},"[両者]{りょうしゃ:both}とも[検知]{けんち:detection}のみで[遮断]{しゃだん:blocking}[機能]{きのう:function}はない","Both only detect and have no blocking function",{"label":296,"jp":368,"en":369},"IPSはファイアウォールの[別名]{べつめい:alias}である","IPS is another name for a firewall",{"en":371,"jp":372},"IDS detects unauthorized communication and notifies the administrator (detection only). IPS also automatically blocks the relevant traffic. Option A is reversed. Option C ignores the blocking function of IPS. Option D is wrong — IPS and firewalls are separate mechanisms.","IDSは[不正]{ふせい:unauthorized}な[通信]{つうしん:communication}を[検知]{けんち:detect}して[管理者]{かんりしゃ:administrator}に[通知]{つうち:notify}する（[検知]{けんち:detection}のみ）。IPSは[検知]{けんち:detection}に[加]{くわ:add}えて[該当]{がいとう:relevant}[通信]{つうしん:communication}を[自動的]{じどうてき:automatically}に[遮断]{しゃだん:block}する。アは[逆]{ぎゃく:reverse}。ウはIPSの[遮断]{しゃだん:blocking}[機能]{きのう:function}を[無視]{むし:ignore}している。エはIPSとファイアウォールは[別]{べつ:separate}の[仕組]{しくみ:mechanism}み。",[374,375],"IDS","IPS",{"id":377,"articleId":6,"question":378,"options":381,"correctLabel":284,"explanation":394,"tags":397},"kjh-k2-h04-q05",{"en":379,"jp":380},"Which of the following best describes the main function of SIEM (Security Information and Event Management)?","SIEM（Security Information and Event Management）の[主]{おも:main}な[機能]{きのう:function}として[最]{もっと:most}も[適切]{てきせつ:appropriate}なものはどれか。",[382,385,388,391],{"label":284,"jp":383,"en":384},"[各種]{かくしゅ:various}ログを[一元的]{いちげんてき:centrally}に[収集]{しゅうしゅう:collect}・[分析]{ぶんせき:analyze}し、セキュリティ[脅威]{きょうい:threat}を[可視化]{かしか:visualize}する","Centrally collecting and analyzing various logs to visualize security threats",{"label":288,"jp":386,"en":387},"ウイルスを[検知]{けんち:detect}・[駆除]{くじょ:remove}する","Detecting and removing viruses",{"label":292,"jp":389,"en":390},"ネットワーク[通信]{つうしん:communication}を[暗号化]{あんごうか:encrypt}する","Encrypting network communication",{"label":296,"jp":392,"en":393},"[外部]{がいぶ:external}からの[不正]{ふせい:unauthorized}アクセスを[遮断]{しゃだん:block}する","Blocking unauthorized access from outside",{"en":395,"jp":396},"SIEM is a tool that centrally collects and correlates logs from firewalls, IDS\u002FIPS, servers, etc. to support early detection of security incidents. Option B describes antivirus software, C describes VPN functionality, and D describes firewall\u002FIPS functionality.","SIEMはファイアウォール、IDS\u002FIPS、サーバ[等]{とう:etc.}の[各種]{かくしゅ:various}ログを[一元的]{いちげんてき:centrally}に[収集]{しゅうしゅう:collect}・[相関]{そうかん:correlate}[分析]{ぶんせき:analyze}し、セキュリティインシデントの[早期]{そうき:early}[発見]{はっけん:discovery}を[支援]{しえん:support}するツール。イはアンチウイルスソフト、ウはVPN[等]{とう:etc.}の[機能]{きのう:function}、エはファイアウォールやIPSの[機能]{きのう:function}。",[398,399],"SIEM","log-management",{"id":401,"articleId":6,"question":402,"options":405,"correctLabel":292,"explanation":418,"tags":421},"kjh-k2-h04-q06",{"en":403,"jp":404},"Which of the following correctly explains the shared responsibility model in cloud services?","クラウドサービスにおける[責任]{せきにん:responsibility}[共有]{きょうゆう:shared}モデルの[説明]{せつめい:explanation}として[正]{ただ:correct}しいものはどれか。",[406,409,412,415],{"label":284,"jp":407,"en":408},"セキュリティの[全]{すべ:all}ての[責任]{せきにん:responsibility}はクラウド[事業者]{じぎょうしゃ:provider}にある","All security responsibility lies with the cloud provider",{"label":288,"jp":410,"en":411},"セキュリティの[全]{すべ:all}ての[責任]{せきにん:responsibility}は[利用者]{りようしゃ:user}にある","All security responsibility lies with the user",{"label":292,"jp":413,"en":414},"クラウド[事業者]{じぎょうしゃ:provider}はインフラ[部分]{ぶぶん:portion}、[利用者]{りようしゃ:user}はデータやアクセス[管理]{かんり:management}[等]{とう:etc.}をそれぞれ[分担]{ぶんたん:share}する","The cloud provider is responsible for the infrastructure portion, while the user is responsible for data and access management, etc.",{"label":296,"jp":416,"en":417},"IaaSではアプリケーションの[管理]{かんり:management}もクラウド[事業者]{じぎょうしゃ:provider}の[責任]{せきにん:responsibility}である","In IaaS, application management is also the cloud provider's responsibility",{"en":419,"jp":420},"Under the shared responsibility model, the cloud provider handles infrastructure (network, physical servers, etc.) and the user handles data, access management, applications, etc. Options A and B incorrectly place all responsibility on one party. Option D is wrong because in IaaS, the user must manage OS and applications.","[責任]{せきにん:responsibility}[共有]{きょうゆう:shared}モデルでは、クラウド[事業者]{じぎょうしゃ:provider}がインフラ（ネットワーク・[物理]{ぶつり:physical}サーバ[等]{とう:etc.}）を、[利用者]{りようしゃ:user}がデータ・アクセス[管理]{かんり:management}・アプリケーション[等]{とう:etc.}を[分担]{ぶんたん:share}する。ア・イのように[片方]{かたほう:one side}だけに[全]{すべ:all}[責任]{せきにん:responsibility}があるわけではない。エはIaaSでは[利用者]{りようしゃ:user}がOS・アプリケーションまで[管理]{かんり:manage}する[必要]{ひつよう:need}がある。",[422,423],"cloud","shared-responsibility",{"id":425,"articleId":6,"question":426,"options":429,"correctLabel":292,"explanation":442,"tags":445},"kjh-k2-h04-q07",{"en":427,"jp":428},"Among antivirus detection methods, which monitors operations during execution to detect suspicious behavior?","アンチウイルスソフトの[検知]{けんち:detection}[方式]{ほうしき:methods}のうち、[実行]{じっこう:execution}[時]{じ:time}の[動作]{どうさ:behavior}を[監視]{かんし:monitor}して[不審]{ふしん:suspicious}な[挙動]{きょどう:activities}を[検知]{けんち:detect}する[方式]{ほうしき:method}はどれか。",[430,433,436,439],{"label":284,"jp":431,"en":432},"パターンマッチング","Pattern matching",{"label":288,"jp":434,"en":435},"ヒューリスティック[検知]{けんち:detection}","Heuristic detection",{"label":292,"jp":437,"en":438},"ビヘイビア（[振る舞い]{ふるまい:behavior}）[分析]{ぶんせき:analysis}","Behavior analysis",{"label":296,"jp":440,"en":441},"[定義]{ていぎ:definition}ファイル[更新]{こうしん:update}","Definition file update",{"en":443,"jp":444},"Behavior analysis monitors operations during execution to detect suspicious behavior. Pattern matching compares against definition files of known malware. Heuristic detection estimates unknown malware from structural characteristics. Option D is operational task, not a detection method. Combining the three methods enhances detection rate.","ビヘイビア（[振る舞い]{ふるまい:behavior}）[分析]{ぶんせき:analysis}は[実行]{じっこう:execution}[時]{じ:time}の[動作]{どうさ:operation}を[監視]{かんし:monitor}し[不審]{ふしん:suspicious}な[挙動]{きょどう:behavior}を[検知]{けんち:detect}する。パターンマッチングは[既知]{きち:known}マルウェアの[特徴]{とくちょう:characteristic}[定義]{ていぎ:definition}ファイルとの[照合]{しょうごう:comparison}、ヒューリスティック[検知]{けんち:detection}は[構造的]{こうぞうてき:structural}[特徴]{とくちょう:characteristics}から[未知]{みち:unknown}マルウェアを[推定]{すいてい:estimate}する[方式]{ほうしき:method}。エは[検知]{けんち:detection}[方式]{ほうしき:method}ではなく[運用]{うんよう:operational}[作業]{さぎょう:task}。3[方式]{ほうしき:methods}を[組]{く:combine}み[合]{あ:combine}わせて[検知]{けんち:detection}[率]{りつ:rate}を[高]{たか:enhance}める。",[446,447],"antivirus","behavior-analysis",{"id":449,"articleId":6,"question":450,"options":453,"correctLabel":284,"explanation":464,"tags":467},"kjh-k2-h04-q08",{"en":451,"jp":452},"Which is the representative Japanese information source for collecting vulnerability information?","[脆弱性]{ぜいじゃくせい:vulnerability}[情報]{じょうほう:information}を[収集]{しゅうしゅう:collect}する[際]{さい:when}に[参照]{さんしょう:refer}される[情報]{じょうほう:information}[源]{げん:source}として[日本]{にほん:Japan}の[代表]{だいひょう:representative}[的]{てき:-ical}なものはどれか。",[454,457,460,462],{"label":284,"jp":455,"en":456},"JVN（Japan Vulnerability Notes）","JVN (Japan Vulnerability Notes)",{"label":288,"jp":458,"en":459},"CVSS（Common Vulnerability Scoring System）","CVSS (Common Vulnerability Scoring System)",{"label":292,"jp":461,"en":461},"NIST CSF",{"label":296,"jp":463,"en":463},"ISO\u002FIEC 27017",{"en":465,"jp":466},"JVN (Japan Vulnerability Notes) is the Japanese vulnerability information portal jointly operated by IPA and JPCERT\u002FCC. Internationally, CVE (Common Vulnerabilities and Exposures) is used. CVSS is a severity evaluation standard; NIST CSF is the Cybersecurity Framework; ISO\u002FIEC 27017 is a cloud security standard.","JVN（Japan Vulnerability Notes）はIPAとJPCERT\u002FCCが[共同]{きょうどう:jointly}[運営]{うんえい:operate}する[日本]{にほん:Japan}の[脆弱性]{ぜいじゃくせい:vulnerability}[情報]{じょうほう:information}ポータル。[国際]{こくさい:international}[的]{てき:-ically}にはCVE（Common Vulnerabilities and Exposures）が[利用]{りよう:used}される。CVSSは[脆弱性]{ぜいじゃくせい:vulnerability}の[深刻度]{しんこくど:severity}を[評価]{ひょうか:evaluate}する[基準]{きじゅん:standard}、NIST CSFはサイバーセキュリティフレームワーク、ISO\u002FIEC 27017はクラウド[セキュリティ]{セキュリティ:security}[規格]{きかく:standard}。",[468,469],"vulnerability-management","JVN",{"id":471,"articleId":6,"question":472,"options":475,"correctLabel":288,"explanation":487,"tags":490},"kjh-k2-h04-q09",{"en":473,"jp":474},"Which best describes the primary role of WAF (Web Application Firewall)?","WAF（Web Application Firewall）の[主]{おも:primary}な[役割]{やくわり:role}として[最]{もっと:most}も[適切]{てきせつ:appropriate}なものはどれか。",[476,479,482,484],{"label":284,"jp":477,"en":478},"IPアドレスやポート[番号]{ばんごう:number}でパケットを[制御]{せいぎょ:control}する","Control packets by IP address and port number",{"label":288,"jp":480,"en":481},"SQLインジェクションやクロスサイトスクリプティングなどWebアプリケーション[層]{そう:layer}の[攻撃]{こうげき:attacks}から[防御]{ぼうぎょ:defend}する","Defend against web application layer attacks such as SQL injection and cross-site scripting",{"label":292,"jp":386,"en":483},"Detect and remove viruses",{"label":296,"jp":485,"en":486},"[利用者]{りようしゃ:user}の[認証]{にんしょう:authentication}[情報]{じょうほう:information}を[管理]{かんり:manage}する","Manage user authentication information",{"en":488,"jp":489},"WAF is a dedicated firewall that detects and defends against attacks on web applications at the application layer (OSI Layer 7) — SQL injection, XSS, CSRF, etc. Option A is an ordinary packet-filtering firewall, C is antivirus, and D is an identity management system.","WAFはアプリケーション[層]{そう:layer}（OSI[第]{だい:Layer}7[層]{そう:layer}）でWebアプリケーションへの[攻撃]{こうげき:attacks}（SQLインジェクション、XSS、CSRF[等]{とう:etc.}）を[検知]{けんち:detect}・[防御]{ぼうぎょ:defend}する[専用]{せんよう:dedicated}ファイアウォール。アは[通常]{つうじょう:ordinary}のパケットフィルタリング[型]{がた:type}ファイアウォール、ウはアンチウイルス、エはID[管理]{かんり:management}システムの[役割]{やくわり:role}である。",[491,492],"WAF","web-application",{"id":494,"articleId":6,"question":495,"options":498,"correctLabel":296,"explanation":508,"tags":511},"kjh-k2-h04-q10",{"en":496,"jp":497},"Which is the correct minimum version of encryption protocol that should be used when transmitting\u002Freceiving personal data?","[個人]{こじん:personal}データを[送受信]{そうじゅしん:transmit and receive}する[際]{さい:when}に[使用]{しよう:use}すべき[暗号]{あんごう:encryption}[プロトコル]{プロトコル:protocol}の[最低]{さいてい:minimum}[バージョン]{バージョン:version}として[正]{ただ:correct}しいものはどれか。",[499,501,503,505],{"label":284,"jp":500,"en":500},"SSL 3.0",{"label":288,"jp":502,"en":502},"TLS 1.0",{"label":292,"jp":504,"en":504},"TLS 1.1",{"label":296,"jp":506,"en":507},"TLS 1.2 [以上]{いじょう:or higher}","TLS 1.2 or higher",{"en":509,"jp":510},"TLS 1.2 or higher should be used for transmitting personal data. SSL 3.0 and TLS 1.0\u002F1.1 are already deprecated and have known vulnerabilities — their use should be ceased. For connections from outside the company, VPN is used together to protect the communication route.","[個人]{こじん:personal}データの[送受信]{そうじゅしん:transmission}にはTLS 1.2[以上]{いじょう:or higher}を[使用]{しよう:use}する。SSL 3.0・TLS 1.0\u002F1.1は[既]{すで:already}に[非推奨]{ひすいしょう:deprecated}で[既知]{きち:known}の[脆弱性]{ぜいじゃくせい:vulnerabilities}が[存在]{そんざい:exist}するため[使用]{しよう:use}を[停止]{ていし:cease}すべき。[社外]{しゃがい:outside the company}からの[接続]{せつぞく:connection}にはVPNを[併用]{へいよう:use together}して[通信]{つうしん:communication}[経路]{けいろ:route}を[保護]{ほご:protect}する。",[512,109],"TLS",{"id":514,"articleId":278,"question":515,"options":518,"correctLabel":292,"explanation":531,"tags":534},"kjh-k2-h04-q11",{"en":516,"jp":517},"Which is correct about types of VPN?","VPNの[種類]{しゅるい:types}に[関]{かん:related}する[説明]{せつめい:description}として[正]{ただ:correct}しいものはどれか。",[519,522,525,528],{"label":284,"jp":520,"en":521},"IPsec VPNはOSI[第]{だい:Layer}7[層]{そう:layer}で[動作]{どうさ:operate}し、ウェブブラウザのみで[利用]{りよう:use}できる","IPsec VPN operates at OSI Layer 7 and works only with a web browser",{"label":288,"jp":523,"en":524},"SSL-VPNはOSI[第]{だい:Layer}3[層]{そう:layer}で[動作]{どうさ:operate}し、[拠点]{きょてん:base}[間]{かん:between}[接続]{せつぞく:connection}に[適]{てき:suitable}する","SSL-VPN operates at OSI Layer 3 and is suitable for site-to-site connections",{"label":292,"jp":526,"en":527},"IPsec VPNはOSI[第]{だい:Layer}3[層]{そう:layer}で[動作]{どうさ:operate}し[拠点]{きょてん:base}[間]{かん:between}（site-to-site）[接続]{せつぞく:connection}に[適]{てき:suitable}し、SSL-VPNは[第]{だい:Layer}4〜7[層]{そう:layer}で[動作]{どうさ:operate}しリモートアクセスに[広く]{ひろく:widely}[普及]{ふきゅう:used}している","IPsec VPN operates at OSI Layer 3 and suits site-to-site connections; SSL-VPN operates at Layers 4-7 and is widely used for remote access",{"label":296,"jp":529,"en":530},"[両者]{りょうしゃ:both}とも[暗号化]{あんごうか:encryption}[機能]{きのう:function}を[持]{も:have}たない","Neither has encryption functionality",{"en":532,"jp":533},"IPsec VPN operates at OSI Layer 3 (network) and is suitable for site-to-site connections. SSL-VPN operates at Layers 4-7 and is widely used for remote access since it works with just a web browser. Both construct an encrypted communication path over public networks.","IPsec VPNはOSI[第]{だい:Layer}3[層]{そう:layer}（ネットワーク[層]{そう:layer}）で[動作]{どうさ:operates}し、[拠点]{きょてん:site}[間]{かん:between}[接続]{せつぞく:connection}（site-to-site）に[適]{てき:suitable}する。SSL-VPNは[第]{だい:Layer}4〜7[層]{そう:layer}で[動作]{どうさ:operates}し、ウェブブラウザだけで[利用]{りよう:use}できるためリモートアクセスに[広く]{ひろく:widely}[普及]{ふきゅう:used}。[両者]{りょうしゃ:both}とも[公衆]{こうしゅう:public}ネットワーク[上]{じょう:on}に[暗号化]{あんごうか:encrypted}[通信]{つうしん:communication}[経路]{けいろ:path}を[構築]{こうちく:construct}する。",[535,536,537],"VPN","IPsec","SSL-VPN",{"id":539,"articleId":6,"question":540,"options":543,"correctLabel":284,"explanation":556,"tags":559},"kjh-k2-h04-q12",{"en":541,"jp":542},"Which best describes EDR (Endpoint Detection and Response)?","EDR（Endpoint Detection and Response）の[特徴]{とくちょう:characteristic}として[最]{もっと:most}も[適切]{てきせつ:appropriate}なものはどれか。",[544,547,550,553],{"label":284,"jp":545,"en":546},"[端末]{たんまつ:endpoint}での[挙動]{きょどう:behavior}を[継続]{けいぞく:continuously}[的]{てき:-ly}に[監視]{かんし:monitor}し、インシデント[発生]{はっせい:occurrence}[時]{じ:time}の[検知]{けんち:detection}・[調査]{ちょうさ:investigation}・[対応]{たいおう:response}を[支援]{しえん:support}する","Continuously monitors endpoint behavior to support detection, investigation, and response when incidents occur",{"label":288,"jp":548,"en":549},"ネットワーク[境界]{きょうかい:boundary}でパケットを[検査]{けんさ:inspect}する","Inspects packets at the network boundary",{"label":292,"jp":551,"en":552},"[既知]{きち:known}マルウェアを[定義]{ていぎ:definition}ファイルとの[照合]{しょうごう:comparison}で[検知]{けんち:detect}するのみ","Only detects known malware via comparison with definition files",{"label":296,"jp":554,"en":555},"クラウドサービスの[暗号化]{あんごうか:encryption}[鍵]{かぎ:key}を[管理]{かんり:manage}する","Manages encryption keys for cloud services",{"en":557,"jp":558},"EDR complements conventional antivirus, continuously recording and monitoring endpoint (PC, server) behavior to support early detection, root cause investigation, and containment when incidents occur. A characteristic feature is the ability to handle unknown attacks.","EDRは[従来]{じゅうらい:conventional}のアンチウイルスを[補完]{ほかん:complement}し、[端末]{たんまつ:endpoint}（PC・サーバ）での[挙動]{きょどう:behavior}を[継続]{けいぞく:continuously}[的]{てき:-ly}に[記録]{きろく:record}・[監視]{かんし:monitor}し、インシデント[発生]{はっせい:occurrence}[時]{じ:time}の[早期]{そうき:early}[検知]{けんち:detection}・[原因]{げんいん:cause}[調査]{ちょうさ:investigation}・[封じ込め]{ふうじこめ:containment}を[支援]{しえん:support}する[仕組み]{しくみ:mechanism}。[未知]{みち:unknown}[攻撃]{こうげき:attacks}にも[対応]{たいおう:respond}できる[点]{てん:point}が[特徴]{とくちょう:characteristic}。",[560,561],"EDR","endpoint",{"id":563,"articleId":278,"question":564,"options":567,"correctLabel":288,"explanation":580,"tags":583},"kjh-k2-h04-q13",{"en":565,"jp":566},"Which is correct about digital signatures?","デジタル[署名]{しょめい:signature}に[関]{かん:related}する[説明]{せつめい:explanation}として[正]{ただ:correct}しいものはどれか。",[568,571,574,577],{"label":284,"jp":569,"en":570},"[送信者]{そうしんしゃ:sender}が[自]{みずか:own}らの[公開鍵]{こうかいかぎ:public key}でハッシュ[値]{ち:value}を[暗号化]{あんごうか:encrypt}する","The sender encrypts the hash value with their own public key",{"label":288,"jp":572,"en":573},"[送信者]{そうしんしゃ:sender}が[自]{みずか:own}らの[秘密鍵]{ひみつかぎ:private key}でハッシュ[値]{ち:value}を[暗号化]{あんごうか:encrypt}し、[受信者]{じゅしんしゃ:recipient}が[送信者]{そうしんしゃ:sender}の[公開鍵]{こうかいかぎ:public key}で[検証]{けんしょう:verify}する","The sender encrypts the hash value with their private key, and the recipient verifies with the sender's public key",{"label":292,"jp":575,"en":576},"[共通鍵]{きょうつうかぎ:shared key}で[文書]{ぶんしょ:document}[全体]{ぜんたい:entire}を[暗号化]{あんごうか:encrypt}する","Encrypts the entire document with a shared key",{"label":296,"jp":578,"en":579},"デジタル[署名]{しょめい:signature}は[機密性]{きみつせい:confidentiality}を[確保]{かくほ:ensure}する[技術]{ぎじゅつ:technology}である","Digital signatures are a technology for ensuring confidentiality",{"en":581,"jp":582},"A digital signature works by the sender encrypting the document's hash value with their own private key, and the recipient verifying with the sender's public key. This ensures integrity (tamper detection) and non-repudiation. It is not for confidentiality (encryption) purposes.","デジタル[署名]{しょめい:signature}は[送信者]{そうしんしゃ:sender}が[文書]{ぶんしょ:document}のハッシュ[値]{ち:value}を[自]{みずか:own}らの[秘密鍵]{ひみつかぎ:private key}で[暗号化]{あんごうか:encrypt}し、[受信者]{じゅしんしゃ:recipient}が[送信者]{そうしんしゃ:sender}の[公開鍵]{こうかいかぎ:public key}で[検証]{けんしょう:verify}する[仕組み]{しくみ:mechanism}。これにより[完全性]{かんぜんせい:integrity}（[改ざん]{かいざん:tamper}[検出]{けんしゅつ:detection}）と[否認]{ひにん:non-}[防止]{ぼうし:repudiation}を[確保]{かくほ:ensure}する。[機密性]{きみつせい:confidentiality}（[暗号化]{あんごうか:encryption}）[目的]{もくてき:purpose}ではない。",[584,585],"digital-signature","PKI",{"id":587,"articleId":6,"question":588,"options":591,"correctLabel":292,"explanation":600,"tags":603},"kjh-k2-h04-q14",{"en":589,"jp":590},"Which international standard for cloud security is a reference when outsourcing personal data handling to a cloud provider?","[個人]{こじん:personal}データを[扱]{あつか:handle}う[業務]{ぎょうむ:business}をクラウド[事業者]{じぎょうしゃ:provider}に[委託]{いたく:outsource}する[際]{さい:when}に[参考]{さんこう:reference}となるクラウドセキュリティの[国際]{こくさい:international}[規格]{きかく:standard}はどれか。",[592,594,596,598],{"label":284,"jp":593,"en":593},"ISO\u002FIEC 27001",{"label":288,"jp":595,"en":595},"ISO\u002FIEC 27002",{"label":292,"jp":597,"en":597},"ISO\u002FIEC 27017 \u002F 27018",{"label":296,"jp":599,"en":599},"ISO\u002FIEC 9001",{"en":601,"jp":602},"ISO\u002FIEC 27017 is a cloud security control guideline; ISO\u002FIEC 27018 is the standard for protecting personal information (PII) in the cloud. When outsourcing, fulfill the outsourcing partner supervision obligation under Article 28 of the amended Act and reference these standards. 27001 is ISMS requirements, 27002 is a code of practice for controls, and 9001 is quality management.","ISO\u002FIEC 27017はクラウドセキュリティの[管理策]{かんりさく:controls}[指針]{ししん:guidelines}、ISO\u002FIEC 27018はクラウド[上]{じょう:on}の[個人]{こじん:personal}[情報]{じょうほう:information}（PII）[保護]{ほご:protection}[規格]{きかく:standard}。[委託]{いたく:outsourcing}[時]{じ:time}は[改正]{かいせい:amended}[法]{ほう:Act}[第]{だい:Article}28[条]{じょう:article}に[基]{もと:based}づく[委託先]{いたくさき:outsourcing partner}[監督]{かんとく:supervision}[義務]{ぎむ:obligation}を[果]{は:fulfill}たし、これら[規格]{きかく:standards}を[参照]{さんしょう:reference}する。27001はISMS[要求]{ようきゅう:requirements}、27002は[管理策]{かんりさく:controls}[実践]{じっせん:practice}[規範]{きはん:code}、9001は[品質]{ひんしつ:quality}[管理]{かんり:management}システム。",[422,604,605],"ISO27017","ISO27018"]