[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"article:gijutsu-kiso":3},{"meta":4,"markdown":231,"quiz":232},{"type":5,"articleId":6,"slug":7,"title":8,"titleEn":9,"category":10,"order":11,"seriesLabel":12,"summary":13,"publishedAt":14,"image":15,"tags":16,"vocabulary":19,"quizId":227,"source":228},"article","kjh-k2-h04-gijutsu-kiso","gijutsu-kiso","課題Ⅱ 第４編① 技術的セキュリティ対策の基礎知識","Fundamentals of Technical Security Countermeasures","kojin-joho-hogo\u002Fkadai-2",2041,"課題Ⅱ 第４編①","Comprehensive coverage of technical security for the PIIP exam: symmetric\u002Fasymmetric\u002Fhybrid encryption (AES, DES, 3DES, RSA, ECC), hash functions (SHA-256, SHA-3), digital signatures, PKI (CA, RA, X.509, CRL, OCSP), SSL\u002FTLS, three authentication factors (knowledge\u002Fpossession\u002Fbiometric), password attacks & countermeasures, OTP (TOTP\u002FHOTP), biometric metrics (FAR\u002FFRR), MFA, access control models (DAC\u002FMAC\u002FRBAC), least privilege, separation of duties, need-to-know, firewalls (packet filtering\u002Fstateful\u002Fproxy\u002FNGFW), IDS vs IPS (signature\u002Fanomaly, NIDS\u002FHIDS), WAF, DMZ, and VPN (IPsec\u002FSSL-VPN).","2026-04-26T00:00:00Z","https:\u002F\u002Fimages.yamiyomi.com\u002Fkjh-k2-h04-gijutsu-kiso.png",[17,18],"exam:個人情報保護士","topic:技術的安全管理",[20,25,30,34,38,42,46,50,54,58,62,66,70,74,78,82,86,90,94,98,102,106,111,115,119,123,127,131,135,139,143,147,151,155,159,163,167,171,175,179,183,187,191,195,199,203,207,211,215,219,223],{"word":21,"reading":22,"meaning":23,"level":24},"暗号化","あんごうか","encryption","N2",{"word":26,"reading":27,"meaning":28,"level":29},"共通鍵","きょうつうかぎ","shared key, symmetric key","N1",{"word":31,"reading":32,"meaning":33,"level":29},"公開鍵","こうかいかぎ","public key",{"word":35,"reading":36,"meaning":37,"level":29},"秘密鍵","ひみつかぎ","private key, secret key",{"word":39,"reading":40,"meaning":41,"level":29},"復号","ふくごう","decryption",{"word":43,"reading":44,"meaning":45,"level":29},"平文","ひらぶん","plaintext",{"word":47,"reading":48,"meaning":49,"level":29},"楕円曲線","だえんきょくせん","elliptic curve",{"word":51,"reading":52,"meaning":53,"level":24},"配送","はいそう","delivery, distribution",{"word":55,"reading":56,"meaning":57,"level":29},"衝突耐性","しょうとつたいせい","collision resistance",{"word":59,"reading":60,"meaning":61,"level":29},"脆弱性","ぜいじゃくせい","vulnerability",{"word":63,"reading":64,"meaning":65,"level":29},"電子署名","でんししょめい","digital signature",{"word":67,"reading":68,"meaning":69,"level":29},"否認防止","ひにんぼうし","non-repudiation",{"word":71,"reading":72,"meaning":73,"level":29},"認証局","にんしょうきょく","certificate authority (CA)",{"word":75,"reading":76,"meaning":77,"level":29},"登録局","とうろくきょく","registration authority (RA)",{"word":79,"reading":80,"meaning":81,"level":24},"証明書","しょうめいしょ","certificate",{"word":83,"reading":84,"meaning":85,"level":29},"失効","しっこう","revocation, expiration",{"word":87,"reading":88,"meaning":89,"level":24},"信頼性","しんらいせい","reliability",{"word":91,"reading":92,"meaning":93,"level":29},"機密性","きみつせい","confidentiality",{"word":95,"reading":96,"meaning":97,"level":29},"完全性","かんぜんせい","integrity",{"word":99,"reading":100,"meaning":101,"level":24},"認証","にんしょう","authentication",{"word":103,"reading":104,"meaning":105,"level":29},"多要素認証","たようそにんしょう","multi-factor authentication",{"word":107,"reading":108,"meaning":109,"level":110},"知識","ちしき","knowledge","N3",{"word":112,"reading":113,"meaning":114,"level":29},"所有物","しょゆうぶつ","possession, something owned",{"word":116,"reading":117,"meaning":118,"level":24},"生体","せいたい","biometric, living body",{"word":120,"reading":121,"meaning":122,"level":24},"指紋","しもん","fingerprint",{"word":124,"reading":125,"meaning":126,"level":29},"虹彩","こうさい","iris",{"word":128,"reading":129,"meaning":130,"level":24},"静脈","じょうみゃく","vein",{"word":132,"reading":133,"meaning":134,"level":29},"声紋","せいもん","voiceprint",{"word":136,"reading":137,"meaning":138,"level":29},"閾値","しきいち","threshold",{"word":140,"reading":141,"meaning":142,"level":29},"盗聴","とうちょう","eavesdropping, wiretapping",{"word":144,"reading":145,"meaning":146,"level":29},"辞書攻撃","じしょこうげき","dictionary attack",{"word":148,"reading":149,"meaning":150,"level":24},"権限","けんげん","privilege, authority",{"word":152,"reading":153,"meaning":154,"level":29},"最小権限","さいしょうけんげん","least privilege",{"word":156,"reading":157,"meaning":158,"level":29},"職務分掌","しょくむぶんしょう","separation of duties",{"word":160,"reading":161,"meaning":162,"level":29},"付与","ふよ","granting, assignment",{"word":164,"reading":165,"meaning":166,"level":24},"任意","にんい","discretionary, voluntary",{"word":168,"reading":169,"meaning":170,"level":24},"強制","きょうせい","mandatory, compulsory",{"word":172,"reading":173,"meaning":174,"level":24},"侵入","しんにゅう","intrusion",{"word":176,"reading":177,"meaning":178,"level":24},"検知","けんち","detection",{"word":180,"reading":181,"meaning":182,"level":24},"遮断","しゃだん","blocking, cutoff",{"word":184,"reading":185,"meaning":186,"level":24},"攻撃","こうげき","attack",{"word":188,"reading":189,"meaning":190,"level":24},"防御","ぼうぎょ","defense",{"word":192,"reading":193,"meaning":194,"level":29},"多層的","たそうてき","multi-layered",{"word":196,"reading":197,"meaning":198,"level":24},"制御","せいぎょ","control",{"word":200,"reading":201,"meaning":202,"level":24},"監視","かんし","monitoring, surveillance",{"word":204,"reading":205,"meaning":206,"level":29},"改ざん","かいざん","tampering, falsification",{"word":208,"reading":209,"meaning":210,"level":29},"非武装地帯","ひぶそうちたい","demilitarized zone (DMZ)",{"word":212,"reading":213,"meaning":214,"level":29},"緩衝","かんしょう","buffer",{"word":216,"reading":217,"meaning":218,"level":24},"仮想","かそう","virtual",{"word":220,"reading":221,"meaning":222,"level":24},"拠点","きょてん","base, site",{"word":224,"reading":225,"meaning":226,"level":29},"推奨","すいしょう","recommendation","kjh-k2-h04-quiz",{"name":229,"url":230},"個人情報保護士試験対策","https:\u002F\u002Fwww.joho-gakushu.or.jp\u002Fpiip\u002F","\n::para\n[情報]{じょうほう:information:N3}システムにおける[技術的]{ぎじゅつてき:technical:N2}セキュリティ[対策]{たいさく:countermeasure:N1}は、[個人情報]{こじんじょうほう:personal information:N2}を[守る]{まもる:to protect:N3}ための[根幹]{こんかん:foundation:N1}です。[暗号化]{あんごうか:encryption:N3}[技術]{ぎじゅつ:technology:N2}、[認証]{にんしょう:authentication:N1}[技術]{ぎじゅつ:technology:N2}、アクセス[制御]{せいぎょ:control:N3}、そしてネットワークセキュリティの4つの[柱]{はしら:pillar:N2}を[体系的]{たいけいてき:systematic:N1}に[理解]{りかい:understanding:N3}することが、[個人情報]{こじんじょうほう:personal information:N2}[保護]{ほご:protection:N1}[士]{し:specialist:N1}[認定]{にんてい:certification:N3}[試験]{しけん:examination:N4}の[課題]{かだい:task:N2}IIで[求められます]{もとめられます:is required:N3}。この[編]{へん:section:N2}では、[暗号]{あんごう:cipher:N3}の[仕組み]{しくみ:mechanism:N3}から[鍵]{かぎ:key:N1}[管理]{かんり:management:N2}、ハッシュ[関数]{かんすう:function:N3}、[電子]{でんし:electronic:N5}[署名]{しょめい:signature:N2}、PKI、SSL\u002FTLS、[各種]{かくしゅ:various:N2}[認証]{にんしょう:authentication:N1}[方式]{ほうしき:method:N3}、アクセス[制御]{せいぎょ:control:N3}モデル、そしてファイアウォールやIDS\u002FIPS、VPNまでを[網羅的]{もうらてき:comprehensive:N1}に[扱います]{あつかいます:to cover:N1}。\n\n#en\nTechnical security countermeasures in information systems are the foundation for protecting personal information. A systematic understanding of four pillars -- encryption technology, authentication technology, access control, and network security -- is required for Task II of the Certified Personal Information Protection Specialist examination. This section comprehensively covers cipher mechanisms, key management, hash functions, digital signatures, PKI, SSL\u002FTLS, various authentication methods, access control models, and firewalls, IDS\u002FIPS, and VPN.\n::\n\n::heading\n[暗号化]{あんごうか:encryption:N3}[技術]{ぎじゅつ:technology:N2}\n\n#en\nEncryption Technology\n::\n\n::heading\n[共通鍵]{きょうつうかぎ:shared key:N1}[暗号]{あんごう:cipher:N3}（[対称]{たいしょう:symmetric:N1}[鍵]{かぎ:key:N1}[暗号]{あんごう:cipher:N3}）\n\n#en\nSymmetric-Key Encryption\n::\n\n::para\n[共通鍵]{きょうつうかぎ:shared key:N1}[暗号]{あんごう:cipher:N3}（[対称]{たいしょう:symmetric:N1}[鍵]{かぎ:key:N1}[暗号]{あんごう:cipher:N3}）は、[暗号化]{あんごうか:encryption:N3}と[復号]{ふくごう:decryption:N2}に[同]{おな:same:N4}じ[鍵]{かぎ:key:N1}を[使用]{しよう:use:N4}する[方式]{ほうしき:method:N3}です。[現在]{げんざい:currently:N3}の[標準]{ひょうじゅん:standard:N1}はAES（Advanced Encryption Standard）で、[鍵]{かぎ:key:N1}[長]{ちょう:length:N5}は128ビット、192ビット、256ビットの3[種類]{しゅるい:types:N3}から[選択]{せんたく:selection:N1}できます。かつての[標準]{ひょうじゅん:standard:N1}であったDES（Data Encryption Standard）は[鍵]{かぎ:key:N1}[長]{ちょう:length:N5}がわずか56ビットであり、[現在]{げんざい:currently:N3}は[安全]{あんぜん:safe:N3}ではないとされています。3DES（トリプルDES）はDESを3[回]{かい:times:N3}[繰り返す]{くりかえす:to repeat:N1}ことで[安全性]{あんぜんせい:security:N3}を[高めた]{たかめた:enhanced:N5}ものですが、[処理]{しょり:processing:N3}[速度]{そくど:speed:N3}が[遅く]{おそく:slow:N3}、AESへの[移行]{いこう:transition:N2}が[進んで]{すすんで:advancing:N3}います。[共通鍵]{きょうつうかぎ:shared key:N1}[暗号]{あんごう:cipher:N3}の[最大]{さいだい:biggest:N3}の[利点]{りてん:advantage:N3}は[処理]{しょり:processing:N3}[速度]{そくど:speed:N3}の[速]{はや:fast:N3}さですが、[鍵]{かぎ:key:N1}の[配送]{はいそう:delivery:N3}[問題]{もんだい:problem:N4}（[相手]{あいて:other party:N3}にどうやって[安全]{あんぜん:safely:N3}に[鍵]{かぎ:key:N1}を[届ける]{とどける:to deliver:N2}か）が[根本的]{こんぽんてき:fundamental:N2}な[課題]{かだい:challenge:N2}です。\n\n#en\nShared-key encryption (symmetric-key encryption) uses the same key for both encryption and decryption. The current standard is AES (Advanced Encryption Standard), with key lengths selectable from 128, 192, or 256 bits. DES (Data Encryption Standard), the former standard, has a key length of only 56 bits and is now considered insecure. 3DES (Triple DES) enhanced security by repeating DES three times, but it is slow and migration to AES is underway. The greatest advantage of symmetric encryption is processing speed, but the key distribution problem (how to securely deliver the key to the other party) is a fundamental challenge.\n::\n\n::heading\n[公開鍵]{こうかいかぎ:public key:N1}[暗号]{あんごう:cipher:N3}（[非対称]{ひたいしょう:asymmetric:N1}[鍵]{かぎ:key:N1}[暗号]{あんごう:cipher:N3}）\n\n#en\nAsymmetric-Key Encryption\n::\n\n::para\n[公開鍵]{こうかいかぎ:public key:N1}[暗号]{あんごう:cipher:N3}（[非対称]{ひたいしょう:asymmetric:N1}[鍵]{かぎ:key:N1}[暗号]{あんごう:cipher:N3}）は、[暗号化]{あんごうか:encryption:N3}に[公開鍵]{こうかいかぎ:public key:N1}、[復号]{ふくごう:decryption:N2}に[秘密鍵]{ひみつかぎ:private key:N1}と、[異なる]{ことなる:different:N1}2つの[鍵]{かぎ:key:N1}を[使用]{しよう:use:N4}します。[代表的]{だいひょうてき:representative:N3}なアルゴリズムにRSAがあり、[鍵]{かぎ:key:N1}[長]{ちょう:length:N5}は2048ビット[以上]{いじょう:or more:N4}が[推奨]{すいしょう:recommended:N1}されています。[楕円]{だえん:elliptic:N1}[曲線]{きょくせん:curve:N2}[暗号]{あんごう:cipher:N3}（ECC）は、RSAより[短い]{みじかい:shorter:N2}[鍵]{かぎ:key:N1}[長]{ちょう:length:N5}で[同等]{どうとう:equivalent:N3}の[安全性]{あんぜんせい:security:N3}を[実現]{じつげん:realization:N3}できるため、モバイル[端末]{たんまつ:terminal:N1}やIoT[機器]{きき:device:N1}で[注目]{ちゅうもく:attention:N4}されています。[公開鍵]{こうかいかぎ:public key:N1}[暗号]{あんごう:cipher:N3}は[鍵]{かぎ:key:N1}の[配送]{はいそう:delivery:N3}[問題]{もんだい:problem:N4}を[解決]{かいけつ:resolution:N3}しますが、[共通鍵]{きょうつうかぎ:shared key:N1}[暗号]{あんごう:cipher:N3}に[比べて]{くらべて:compared to:N2}[処理]{しょり:processing:N3}[速度]{そくど:speed:N3}は[大幅]{おおはば:significantly:N2}に[遅く]{おそく:slow:N3}なります。\n\n#en\nPublic-key encryption (asymmetric-key encryption) uses two different keys: a public key for encryption and a private key for decryption. A representative algorithm is RSA, and key lengths of 2048 bits or more are recommended. Elliptic Curve Cryptography (ECC) can achieve equivalent security with shorter key lengths than RSA, making it attractive for mobile terminals and IoT devices. Public-key encryption solves the key distribution problem, but processing speed is significantly slower compared to symmetric encryption.\n::\n\n::heading\nハイブリッド[暗号]{あんごう:cipher:N3}[方式]{ほうしき:method:N3}\n\n#en\nHybrid Encryption Method\n::\n\n::para\nハイブリッド[暗号]{あんごう:cipher:N3}[方式]{ほうしき:method:N3}は、[公開鍵]{こうかいかぎ:public key:N1}[暗号]{あんごう:cipher:N3}と[共通鍵]{きょうつうかぎ:shared key:N1}[暗号]{あんごう:cipher:N3}の[長所]{ちょうしょ:strength:N3}を[組]{く:to combine:N3}み[合]{あ:together:N3}わせた[方式]{ほうしき:method:N3}です。まず[公開鍵]{こうかいかぎ:public key:N1}[暗号]{あんごう:cipher:N3}を[使って]{つかって:using:N4}[共通鍵]{きょうつうかぎ:shared key:N1}（セッション[鍵]{かぎ:key:N1}）を[安全]{あんぜん:safely:N3}に[交換]{こうかん:exchange:N2}し、その[後]{あと:after:N5}の[実際]{じっさい:actual:N3}のデータ[通信]{つうしん:communication:N3}は[高速]{こうそく:high speed:N3}な[共通鍵]{きょうつうかぎ:shared key:N1}[暗号]{あんごう:cipher:N3}で[行います]{おこないます:to carry out:N5}。SSL\u002FTLSがこの[方式]{ほうしき:method:N3}の[代表的]{だいひょうてき:representative:N3}な[実装]{じっそう:implementation:N2}です。\n\n#en\nThe hybrid encryption method combines the strengths of public-key and shared-key encryption. First, public-key encryption is used to securely exchange a shared key (session key), and then the actual data communication is performed using fast shared-key encryption. SSL\u002FTLS is a representative implementation of this method.\n::\n\n::callout\n[試験]{しけん:exam:N4}では[共通鍵]{きょうつうかぎ:shared key:N1}[暗号]{あんごう:cipher:N3}と[公開鍵]{こうかいかぎ:public key:N1}[暗号]{あんごう:cipher:N3}の[比較]{ひかく:comparison:N1}が[頻出]{ひんしゅつ:frequently appears:N1}します。[速度]{そくど:speed:N3}は[共通鍵]{きょうつうかぎ:shared key:N1}が[速い]{はやい:fast:N3}。[必要]{ひつよう:necessary:N3}な[鍵]{かぎ:key:N1}の[数]{かず:number:N3}は、n[人]{にん:people:N5}の[場合]{ばあい:case:N3}、[共通鍵]{きょうつうかぎ:shared key:N1}ではn(n-1)\u002F2[個]{こ:counter:N2}、[公開鍵]{こうかいかぎ:public key:N1}では2n[個]{こ:counter:N2}です。[例]{たと:example:N3}えば100[人]{にん:people:N5}なら[共通鍵]{きょうつうかぎ:shared key:N1}は4,950[個]{こ:counter:N2}、[公開鍵]{こうかいかぎ:public key:N1}はわずか200[個]{こ:counter:N2}。この[差]{さ:difference:N3}を[問う]{とう:to ask:N4}[計算]{けいさん:calculation:N2}[問題]{もんだい:problem:N4}が[出題]{しゅつだい:to be set as a question:N4}されます。\n\n#en\nThe exam frequently tests comparisons between symmetric and asymmetric encryption. Speed: symmetric is faster. Number of keys required: for n people, symmetric needs n(n-1)\u002F2 keys, asymmetric needs 2n keys. For example, with 100 people, symmetric requires 4,950 keys while asymmetric requires only 200. Calculation problems testing this difference appear on the exam.\n::\n\n::heading\nハッシュ[関数]{かんすう:function:N3}\n\n#en\nHash Functions\n::\n\n::para\nハッシュ[関数]{かんすう:function:N3}は、[任意]{にんい:arbitrary:N3}の[長]{なが:long:N5}さのデータから[固定]{こてい:fixed:N2}[長]{ちょう:length:N5}のハッシュ[値]{ち:value:N3}（メッセージダイジェスト）を[生成]{せいせい:generation:N3}する[一方向]{いちほうこう:one-way:N3}[関数]{かんすう:function:N3}です。[重要]{じゅうよう:important:N3}な[性質]{せいしつ:property:N3}は3つあります。[第一]{だいいち:first:N1}に[一方向性]{いちほうこうせい:one-wayness:N3}（ハッシュ[値]{ち:value:N3}から[元]{もと:original:N4}のデータを[復元]{ふくげん:restoration:N2}できない）、[第二]{だいに:second:N1}に[固定]{こてい:fixed:N2}[長]{ちょう:length:N5}[出力]{しゅつりょく:output:N4}（[入力]{にゅうりょく:input:N4}の[長]{なが:long:N5}さに[関係]{かんけい:relation:N3}なく[同]{おな:same:N4}じ[長]{なが:long:N5}さの[出力]{しゅつりょく:output:N4}）、[第三]{だいさん:third:N1}に[衝突]{しょうとつ:collision:N1}[耐性]{たいせい:resistance:N1}（[異なる]{ことなる:different:N1}[入力]{にゅうりょく:input:N4}から[同]{おな:same:N4}じハッシュ[値]{ち:value:N3}が[生成]{せいせい:generation:N3}されにくい）です。[現在]{げんざい:currently:N3}の[標準]{ひょうじゅん:standard:N1}はSHA-256やSHA-3で、MD5やSHA-1は[衝突]{しょうとつ:collision:N1}[脆弱性]{ぜいじゃくせい:vulnerability:N1}が[発見]{はっけん:discovery:N4}され[非推奨]{ひすいしょう:deprecated:N1}です。\n\n#en\nA hash function is a one-way function that generates a fixed-length hash value (message digest) from data of arbitrary length. There are three important properties. First, one-wayness (the original data cannot be restored from the hash value). Second, fixed-length output (the same output length regardless of input length). Third, collision resistance (it is difficult for different inputs to produce the same hash value). Current standards are SHA-256 and SHA-3; MD5 and SHA-1 are deprecated due to discovered collision vulnerabilities.\n::\n\n::heading\n[電子]{でんし:electronic:N5}[署名]{しょめい:signature:N2}\n\n#en\nDigital Signatures\n::\n\n::para\n[電子]{でんし:electronic:N5}[署名]{しょめい:signature:N2}は、[送信者]{そうしんしゃ:sender:N3}が[自分]{じぶん:one's own:N4}の[秘密鍵]{ひみつかぎ:private key:N1}でメッセージのハッシュ[値]{ち:value:N3}に[署名]{しょめい:signature:N2}し、[受信者]{じゅしんしゃ:recipient:N3}が[送信者]{そうしんしゃ:sender:N3}の[公開鍵]{こうかいかぎ:public key:N1}で[検証]{けんしょう:verification:N1}する[技術]{ぎじゅつ:technology:N2}です。[電子]{でんし:electronic:N5}[署名]{しょめい:signature:N2}は3つの[機能]{きのう:function:N3}を[提供]{ていきょう:provide:N1}します。[第一]{だいいち:first:N1}に[改]{かい:alteration:N2}ざん[検知]{けんち:detection:N1}（データが[途中]{とちゅう:midway:N3}で[変更]{へんこう:change:N3}されていないことの[確認]{かくにん:confirmation:N3}）、[第二]{だいに:second:N1}に[本人]{ほんにん:identity:N5}[確認]{かくにん:confirmation:N3}（[送信者]{そうしんしゃ:sender:N3}が[確]{たし:certainly:N3}かに[本人]{ほんにん:the person:N5}であること）、[第三]{だいさん:third:N1}に[否認]{ひにん:repudiation:N3}[防止]{ぼうし:prevention:N2}（[送信者]{そうしんしゃ:sender:N3}が[後]{あと:later:N5}から「[送って]{おくって:sent:N4}いない」と[主張]{しゅちょう:claim:N1}できなくなる）です。\n\n#en\nA digital signature is a technology where the sender signs the hash value of a message with their private key, and the recipient verifies it with the sender's public key. Digital signatures provide three functions. First, tamper detection (confirming that data has not been altered in transit). Second, identity confirmation (that the sender is indeed who they claim to be). Third, non-repudiation (the sender cannot later claim they did not send it).\n::\n\n::heading\nPKI（[公開鍵]{こうかいかぎ:public key:N1}[基盤]{きばん:infrastructure:N1}）\n\n#en\nPKI (Public Key Infrastructure)\n::\n\n::para\nPKI（[公開鍵]{こうかいかぎ:public key:N1}[基盤]{きばん:infrastructure:N1}）は、[公開鍵]{こうかいかぎ:public key:N1}の[信頼性]{しんらいせい:reliability:N3}を[担保]{たんぽ:guarantee:N1}するための[仕組み]{しくみ:mechanism:N3}です。[認証]{にんしょう:authentication:N1}[局]{きょく:authority:N3}（CA）は[電子]{でんし:electronic:N5}[証明書]{しょうめいしょ:certificate:N1}を[発行]{はっこう:issuance:N4}し、[登録]{とうろく:registration:N2}[局]{きょく:authority:N3}（RA）は[申請者]{しんせいしゃ:applicant:N1}の[本人]{ほんにん:identity:N5}[確認]{かくにん:confirmation:N3}を[担当]{たんとう:in charge of:N2}します。[電子]{でんし:electronic:N5}[証明書]{しょうめいしょ:certificate:N1}はX.509[形式]{けいしき:format:N3}が[標準]{ひょうじゅん:standard:N1}で、[所有者]{しょゆうしゃ:owner:N3}の[公開鍵]{こうかいかぎ:public key:N1}、[有効]{ゆうこう:valid:N2}[期限]{きげん:period:N3}、[発行者]{はっこうしゃ:issuer:N4}[情報]{じょうほう:information:N3}などが[含まれます]{ふくまれます:included:N2}。[証明書]{しょうめいしょ:certificate:N1}の[失効]{しっこう:revocation:N2}[確認]{かくにん:confirmation:N3}には、CRL（[証明書]{しょうめいしょ:certificate:N1}[失効]{しっこう:revocation:N2}[リスト]{りすと:list}）や、リアルタイムで[確認]{かくにん:confirmation:N3}できるOCSP（Online Certificate Status Protocol）が[使]{つか:use:N4}われます。\n\n#en\nPKI (Public Key Infrastructure) is a mechanism for guaranteeing the reliability of public keys. A Certificate Authority (CA) issues digital certificates, and a Registration Authority (RA) handles identity verification of applicants. Digital certificates use the X.509 format as standard, containing the owner's public key, validity period, issuer information, and more. For certificate revocation checking, CRL (Certificate Revocation List) and OCSP (Online Certificate Status Protocol), which allows real-time checking, are used.\n::\n\n::heading\nSSL\u002FTLS\n\n#en\nSSL\u002FTLS\n::\n\n::para\nSSL\u002FTLSは、インターネット[上]{じょう:on:N5}の[通信]{つうしん:communication:N3}を[暗号化]{あんごうか:encryption:N3}するプロトコルで、ハイブリッド[暗号]{あんごう:cipher:N3}[方式]{ほうしき:method:N3}を[採用]{さいよう:adoption:N2}しています。ハンドシェイク[過程]{かてい:process:N3}では、サーバが[電子]{でんし:electronic:N5}[証明書]{しょうめいしょ:certificate:N1}（サーバ[証明書]{しょうめいしょ:certificate:N1}）を[提示]{ていじ:presentation:N1}し、クライアントがCAの[公開鍵]{こうかいかぎ:public key:N1}で[検証]{けんしょう:verification:N1}した[後]{あと:after:N5}、セッション[鍵]{かぎ:key:N1}を[交渉]{こうしょう:negotiation:N1}します。[現在]{げんざい:currently:N3}はTLS 1.2とTLS 1.3が[有効]{ゆうこう:valid:N2}なバージョンであり、SSL 3.0やTLS 1.0\u002F1.1は[脆弱性]{ぜいじゃくせい:vulnerability:N1}のため[無効化]{むこうか:disabling:N2}が[推奨]{すいしょう:recommended:N1}されています。HTTPS（HTTP + TLS）は、[個人情報]{こじんじょうほう:personal information:N2}を[取り扱う]{とりあつかう:to handle:N1}ウェブサイトで[必須]{ひっす:essential:N1}とされています。\n\n#en\nSSL\u002FTLS is a protocol that encrypts internet communication, adopting the hybrid encryption method. During the handshake process, the server presents a digital certificate (server certificate), the client verifies it with the CA's public key, and then they negotiate a session key. Currently TLS 1.2 and TLS 1.3 are the valid versions; SSL 3.0 and TLS 1.0\u002F1.1 are recommended to be disabled due to vulnerabilities. HTTPS (HTTP + TLS) is considered essential for websites handling personal information.\n::\n\n::heading\n[認証]{にんしょう:authentication:N1}[技術]{ぎじゅつ:technology:N2}\n\n#en\nAuthentication Technology\n::\n\n::heading\n[認証]{にんしょう:authentication:N1}の3[要素]{ようそ:factor:N1}\n\n#en\nThree Authentication Factors\n::\n\n::para\n[認証]{にんしょう:authentication:N1}[技術]{ぎじゅつ:technology:N2}は、[利用者]{りようしゃ:user:N3}が[正当]{せいとう:legitimate:N3}な[本人]{ほんにん:the person in question:N5}であることを[確認]{かくにん:confirmation:N3}する[仕組み]{しくみ:mechanism:N3}であり、3つの[要素]{ようそ:factor:N1}に[分類]{ぶんるい:classification:N3}されます。[知識]{ちしき:knowledge:N3}[要素]{ようそ:factor:N1}（something you know）はパスワードやPIN、[秘密]{ひみつ:secret:N1}の[質問]{しつもん:question:N4}など[本人]{ほんにん:the person:N5}だけが[知って]{しって:to know:N4}いる[情報]{じょうほう:information:N3}です。[所有物]{しょゆうぶつ:possession:N3}[要素]{ようそ:factor:N1}（something you have）はICカードやセキュリティトークンなど[本人]{ほんにん:the person:N5}だけが[持って]{もって:to have:N4}いる[物]{もの:thing:N4}です。[生体]{せいたい:biometric:N4}[要素]{ようそ:factor:N1}（something you are）は[指紋]{しもん:fingerprint:N1}や[虹彩]{こうさい:iris:N1}など[本人]{ほんにん:the person:N5}の[身体的]{しんたいてき:physical:N4}[特徴]{とくちょう:characteristic:N1}です。\n\n#en\nAuthentication technology is a mechanism for confirming that a user is the legitimate person, and is classified into three factors. The knowledge factor (something you know) is information only the person knows, such as passwords, PINs, and secret questions. The possession factor (something you have) is something only the person has, such as IC cards and security tokens. The biometric factor (something you are) is the person's physical characteristics, such as fingerprints and irises.\n::\n\n::heading\n[知識]{ちしき:knowledge:N3}[認証]{にんしょう:authentication:N1}と[攻撃]{こうげき:attack:N1}[手法]{しゅほう:technique:N3}\n\n#en\nKnowledge-Based Authentication and Attack Techniques\n::\n\n::para\n[知識]{ちしき:knowledge:N3}[認証]{にんしょう:authentication:N1}の[代表]{だいひょう:representative:N3}であるパスワード[認証]{にんしょう:authentication:N1}は、[最]{もっと:most:N3}も[普及]{ふきゅう:widespread:N1}した[方法]{ほうほう:method:N3}ですが、[多]{おお:many:N4}くの[攻撃]{こうげき:attack:N1}[手法]{しゅほう:technique:N3}に[晒]{さら:to expose:N1}されます。ブルートフォース[攻撃]{こうげき:attack:N1}は[全]{すべ:all:N3}ての[組]{く:combination:N3}み[合]{あ:together:N3}わせを[試す]{ためす:to try:N4}[総]{そう:total:N2}[当たり]{あたり:hit:N3}[攻撃]{こうげき:attack:N1}、[辞書]{じしょ:dictionary:N3}[攻撃]{こうげき:attack:N1}はよく[使]{つか:use:N4}われる[単語]{たんご:word:N3}リストを[使う]{つかう:to use:N4}[手法]{しゅほう:technique:N3}、レインボーテーブル[攻撃]{こうげき:attack:N1}は[事前]{じぜん:advance:N4}[計算]{けいさん:calculation:N2}されたハッシュ[値]{ち:value:N3}の[対応]{たいおう:correspondence:N1}[表]{ひょう:table:N3}を[使う]{つかう:to use:N4}[手法]{しゅほう:technique:N3}です。[対策]{たいさく:countermeasure:N1}として、パスワードの[複雑性]{ふくざつせい:complexity:N2}[要件]{ようけん:requirements:N3}（[大]{おお:large:N5}[文字]{もじ:character:N4}・[小]{こ:small:N5}[文字]{もじ:character:N4}・[数字]{すうじ:number:N3}・[記号]{きごう:symbol:N3}の[混合]{こんごう:mixing:N2}）、ソルト[付き]{つき:with:N3}ハッシュ[保存]{ほぞん:storage:N1}、[一定]{いってい:certain:N3}[回数]{かいすう:number of times:N3}[失敗]{しっぱい:failure:N3}[時]{じ:at the time of:N5}のアカウントロックが[有効]{ゆうこう:effective:N2}です。\n\n#en\nPassword authentication, the representative of knowledge-based authentication, is the most widespread method but is exposed to many attack techniques. Brute-force attacks try all combinations exhaustively; dictionary attacks use lists of commonly used words; rainbow table attacks use pre-computed hash correspondence tables. As countermeasures, password complexity requirements (mixing uppercase, lowercase, numbers, and symbols), salted hash storage, and account lockout after a certain number of failures are effective.\n::\n\n::heading\n[所有物]{しょゆうぶつ:possession:N3}[認証]{にんしょう:authentication:N1}\n\n#en\nPossession-Based Authentication\n::\n\n::para\n[所有物]{しょゆうぶつ:possession:N3}[認証]{にんしょう:authentication:N1}には、ICカード[認証]{にんしょう:authentication:N1}、ワンタイムパスワード（OTP）、セキュリティトークン、SMS[認証]{にんしょう:authentication:N1}などがあります。ワンタイムパスワードには[時刻]{じこく:time:N3}[同期]{どうき:synchronization:N3}[方式]{ほうしき:method:N3}のTOTP（Time-based OTP）と、イベント[同期]{どうき:synchronization:N3}[方式]{ほうしき:method:N3}のHOTP（HMAC-based OTP）があります。TOTPは[現在]{げんざい:currently:N3}の[時刻]{じこく:time:N3}に[基づいて]{もとづいて:based on:N1}[一定]{いってい:certain:N3}[間隔]{かんかく:interval:N1}（[通常]{つうじょう:usually:N3}30[秒]{びょう:seconds:N2}）で[変化]{へんか:change:N3}するパスワードを[生成]{せいせい:generation:N3}し、Google AuthenticatorやMicrosoft Authenticatorで[広く]{ひろく:widely:N4}[利用]{りよう:use:N3}されています。SMS[認証]{にんしょう:authentication:N1}はSIMスワップ[攻撃]{こうげき:attack:N1}のリスクがあるため、TOTPへの[移行]{いこう:transition:N2}が[推奨]{すいしょう:recommended:N1}される[傾向]{けいこう:tendency:N2}にあります。\n\n#en\nPossession-based authentication includes IC card authentication, one-time passwords (OTP), security tokens, and SMS authentication. One-time passwords include TOTP (Time-based OTP) using time synchronization and HOTP (HMAC-based OTP) using event synchronization. TOTP generates passwords that change at fixed intervals (usually 30 seconds) based on the current time, and is widely used in Google Authenticator and Microsoft Authenticator. SMS authentication carries the risk of SIM swap attacks, so there is a trend toward recommending migration to TOTP.\n::\n\n::heading\n[生体]{せいたい:biometric:N4}[認証]{にんしょう:authentication:N1}\n\n#en\nBiometric Authentication\n::\n\n::para\n[生体]{せいたい:biometric:N4}[認証]{にんしょう:authentication:N1}は、[個人]{こじん:individual:N2}の[身体的]{しんたいてき:physical:N4}[特徴]{とくちょう:characteristic:N1}を[使った]{つかった:using:N4}[認証]{にんしょう:authentication:N1}[方式]{ほうしき:method:N3}で、[指紋]{しもん:fingerprint:N1}[認証]{にんしょう:authentication:N1}、[虹彩]{こうさい:iris:N1}[認証]{にんしょう:authentication:N1}、[静脈]{じょうみゃく:vein:N1}[認証]{にんしょう:authentication:N1}、[顔]{かお:face:N3}[認証]{にんしょう:authentication:N1}、[声紋]{せいもん:voiceprint:N1}[認証]{にんしょう:authentication:N1}などがあります。[精度]{せいど:accuracy:N3}を[測る]{はかる:to measure:N2}[指標]{しひょう:metric:N1}として、FAR（[他人]{たにん:other person:N3}[受入率]{うけいれりつ:acceptance rate:N1} -- False Acceptance Rate）とFRR（[本人]{ほんにん:the person:N5}[拒否率]{きょひりつ:rejection rate:N1} -- False Rejection Rate）があります。FARが[低い]{ひくい:low:N2}ほどセキュリティが[高く]{たかく:high:N5}、FRRが[低い]{ひくい:low:N2}ほど[利便性]{りべんせい:convenience:N3}が[高く]{たかく:high:N5}なります。この2つはトレードオフの[関係]{かんけい:relationship:N3}にあり、[閾値]{しきいち:threshold:N1}を[厳しく]{きびしく:strictly:N1}するとFARは[下がる]{さがる:to decrease:N5}がFRRは[上がります]{あがります:to increase:N5}。\n\n#en\nBiometric authentication is an authentication method using individual physical characteristics, including fingerprint, iris, vein, facial, and voiceprint authentication. Metrics for measuring accuracy include FAR (False Acceptance Rate -- other person acceptance rate) and FRR (False Rejection Rate -- identity rejection rate). The lower the FAR, the higher the security; the lower the FRR, the higher the convenience. These two have a tradeoff relationship: tightening the threshold lowers FAR but raises FRR.\n::\n\n::heading\n[多]{た:multi:N4}[要素]{ようそ:factor:N1}[認証]{にんしょう:authentication:N1}（MFA）\n\n#en\nMulti-Factor Authentication (MFA)\n::\n\n::para\n[多]{た:multi:N4}[要素]{ようそ:factor:N1}[認証]{にんしょう:authentication:N1}（MFA）は、[異なる]{ことなる:different:N1}カテゴリの[認証]{にんしょう:authentication:N1}[要素]{ようそ:factor:N1}を2つ[以上]{いじょう:or more:N4}[組]{く:to combine:N3}み[合]{あ:together:N3}わせる[方式]{ほうしき:method:N3}です。[重要]{じゅうよう:important:N3}なのは「[異なる]{ことなる:different:N1}」カテゴリである[点]{てん:point:N3}です。パスワード＋[秘密]{ひみつ:secret:N1}の[質問]{しつもん:question:N4}は、[両方]{りょうほう:both:N3}とも[知識]{ちしき:knowledge:N3}[要素]{ようそ:factor:N1}なのでMFAでは[ありません]{ありません:is not}。パスワード（[知識]{ちしき:knowledge:N3}）＋ワンタイムパスワード（[所有物]{しょゆうぶつ:possession:N3}）のように[異なる]{ことなる:different:N1}カテゴリを[組]{く:to combine:N3}み[合]{あ:together:N3}わせて[初めて]{はじめて:for the first time:N3}MFAとなります。2[要素]{ようそ:factor:N1}[認証]{にんしょう:authentication:N1}（2FA）はMFAの[最]{もっと:most:N3}も[一般的]{いっぱんてき:common:N2}な[形態]{けいたい:form:N1}です。\n\n#en\nMulti-factor authentication (MFA) is a method that combines two or more authentication factors from different categories. The key point is that they must be from \"different\" categories. Password + secret question is NOT MFA because both are knowledge factors. It only becomes MFA when different categories are combined, such as password (knowledge) + one-time password (possession). Two-factor authentication (2FA) is the most common form of MFA.\n::\n\n::callout\n[試験]{しけん:exam:N4}ではFAR（[他人]{たにん:other person:N3}[受入率]{うけいれりつ:acceptance rate:N1}）とFRR（[本人]{ほんにん:the person:N5}[拒否率]{きょひりつ:rejection rate:N1}）の[関係]{かんけい:relationship:N3}が[問]{と:to ask:N4}われます。FARを[下げる]{さげる:to lower:N5}と[安全性]{あんぜんせい:security:N3}は[向上]{こうじょう:improvement:N3}しますが、[本人]{ほんにん:the person:N5}も[拒否]{きょひ:rejection:N1}されやすくなりFRRが[上昇]{じょうしょう:increase:N2}します。[逆]{ぎゃく:reverse:N2}にFRRを[下げる]{さげる:to lower:N5}と[利便性]{りべんせい:convenience:N3}は[向上]{こうじょう:improvement:N3}しますが、[他人]{たにん:other person:N3}も[受け入れ]{うけいれ:acceptance:N3}やすくなりFARが[上昇]{じょうしょう:increase:N2}します。この「シーソーの[関係]{かんけい:relationship:N3}」を[理解]{りかい:understanding:N3}しておくことが[重要]{じゅうよう:important:N3}です。\n\n#en\nThe exam tests the relationship between FAR (False Acceptance Rate) and FRR (False Rejection Rate). Lowering FAR improves security, but the legitimate person is also more likely to be rejected, raising FRR. Conversely, lowering FRR improves convenience, but other people are also more likely to be accepted, raising FAR. It is important to understand this \"seesaw relationship.\"\n::\n\n::heading\nアクセス[制御]{せいぎょ:control:N3}\n\n#en\nAccess Control\n::\n\n::heading\nDAC（[任意]{にんい:discretionary:N3}アクセス[制御]{せいぎょ:control:N3}）\n\n#en\nDAC (Discretionary Access Control)\n::\n\n::para\nDAC（[任意]{にんい:discretionary:N3}アクセス[制御]{せいぎょ:control:N3}）は、[資源]{しげん:resource:N1}の[所有者]{しょゆうしゃ:owner:N3}が[自]{みずか:oneself:N4}らの[判断]{はんだん:judgment:N3}でアクセス[権]{けん:right:N3}を[設定]{せってい:setting:N2}するモデルです。ファイルの[所有者]{しょゆうしゃ:owner:N3}が[他]{ほか:other:N3}の[利用者]{りようしゃ:user:N3}に[読み取り]{よみとり:read:N3}や[書き込み]{かきこみ:write:N3}の[権限]{けんげん:privilege:N3}を[与える]{あたえる:to give:N3}、WindowsやLinuxの[標準的]{ひょうじゅんてき:standard:N1}なファイル[権限]{けんげん:privilege:N3}システムが[該当]{がいとう:applicable:N1}します。[柔軟性]{じゅうなんせい:flexibility:N2}が[高い]{たかい:high:N5}[反面]{はんめん:on the other hand:N3}、[所有者]{しょゆうしゃ:owner:N3}の[判断]{はんだん:judgment:N3}に[依存]{いぞん:dependence:N2}するためセキュリティ[水準]{すいじゅん:level:N2}にばらつきが[生じます]{しょうじます:to occur:N5}。\n\n#en\nDAC (Discretionary Access Control) is a model where the resource owner sets access rights at their own discretion. Standard file permission systems in Windows and Linux, where file owners grant read or write privileges to other users, fall under this category. While flexibility is high, security levels can vary because they depend on the owner's judgment.\n::\n\n::heading\nMAC（[強制]{きょうせい:mandatory:N3}アクセス[制御]{せいぎょ:control:N3}）\n\n#en\nMAC (Mandatory Access Control)\n::\n\n::para\nMAC（[強制]{きょうせい:mandatory:N3}アクセス[制御]{せいぎょ:control:N3}）は、システムがセキュリティラベル（[機密]{きみつ:confidential:N1}[区分]{くぶん:classification:N2}）と[利用者]{りようしゃ:user:N3}のクリアランス[水準]{すいじゅん:level:N2}に[基づいて]{もとづいて:based on:N1}アクセスを[強制的]{きょうせいてき:compulsorily:N3}に[制御]{せいぎょ:control:N3}するモデルです。[個々]{ここ:individual:N2}の[利用者]{りようしゃ:user:N3}が[権限]{けんげん:privilege:N3}を[変更]{へんこう:change:N3}することは[許可]{きょか:permission:N3}されず、[軍事]{ぐんじ:military:N2}・[政府]{せいふ:government:N2}[機関]{きかん:organization:N3}などの[高]{こう:high:N5}セキュリティ[環境]{かんきょう:environment:N1}で[採用]{さいよう:adoption:N2}されます。\n\n#en\nMAC (Mandatory Access Control) is a model where the system compulsorily controls access based on security labels (confidentiality classifications) and user clearance levels. Individual users are not permitted to change permissions, and it is adopted in high-security environments such as military and government organizations.\n::\n\n::heading\nRBAC（ロールベースアクセス[制御]{せいぎょ:control:N3}）\n\n#en\nRBAC (Role-Based Access Control)\n::\n\n::para\nRBAC（ロールベースアクセス[制御]{せいぎょ:control:N3}）は、[役割]{やくわり:role:N3}（ロール）に[権限]{けんげん:privilege:N3}を[割り当て]{わりあて:assignment:N3}、[利用者]{りようしゃ:user:N3}にロールを[付与]{ふよ:granting:N3}するモデルです。[例]{たと:example:N3}えば「[経理]{けいり:accounting:N3}[担当]{たんとう:in charge:N2}」ロールに[経費]{けいひ:expense:N3}[精算]{せいさん:settlement:N2}システムのアクセス[権]{けん:right:N3}を[定義]{ていぎ:definition:N1}し、[該当]{がいとう:applicable:N1}する[社員]{しゃいん:employee:N4}にそのロールを[付与]{ふよ:granting:N3}します。[人事]{じんじ:personnel:N4}[異動]{いどう:transfer:N1}[時]{じ:at the time of:N5}はロールの[付け替え]{つけかえ:reassignment:N2}だけで[済む]{すむ:to suffice:N3}ため、[管理]{かんり:management:N2}[効率]{こうりつ:efficiency:N1}が[高い]{たかい:high:N5}のが[特徴]{とくちょう:characteristic:N1}です。[企業]{きぎょう:enterprise:N1}の[情報]{じょうほう:information:N3}システムで[最]{もっと:most:N3}も[広く]{ひろく:widely:N4}[採用]{さいよう:adoption:N2}されているモデルです。\n\n#en\nRBAC (Role-Based Access Control) is a model that assigns privileges to roles and grants roles to users. For example, access rights to the expense settlement system are defined for the \"accounting staff\" role, and that role is granted to applicable employees. During personnel transfers, only the role reassignment is needed, making management efficiency a key characteristic. It is the most widely adopted model in enterprise information systems.\n::\n\n::heading\n[最小]{さいしょう:minimum:N3}[権限]{けんげん:privilege:N3}・[職務]{しょくむ:duty:N3}[分掌]{ぶんしょう:separation:N1}・Need-to-Know\n\n#en\nLeast Privilege, Separation of Duties, and Need-to-Know\n::\n\n::para\nアクセス[制御]{せいぎょ:control:N3}を[支える]{ささえる:to support:N3}[重要]{じゅうよう:important:N3}な[原則]{げんそく:principle:N2}が3つあります。[最小]{さいしょう:minimum:N3}[権限]{けんげん:privilege:N3}の[原則]{げんそく:principle:N2}（Principle of Least Privilege）は、[業務]{ぎょうむ:business operations:N3}に[必要]{ひつよう:necessary:N3}な[最低限]{さいていげん:minimum:N2}の[権限]{けんげん:privilege:N3}だけを[付与]{ふよ:granting:N3}し、[不要]{ふよう:unnecessary:N3}な[権限]{けんげん:privilege:N3}は[与えない]{あたえない:not give:N3}[原則]{げんそく:principle:N2}です。[職務]{しょくむ:duty:N3}[分掌]{ぶんしょう:separation:N1}（Separation of Duties）は、[重要]{じゅうよう:important:N3}な[処理]{しょり:processing:N3}を[一人]{ひとり:one person:N5}で[完結]{かんけつ:completion:N1}させず、[複数]{ふくすう:multiple:N2}[人]{にん:people:N5}に[分担]{ぶんたん:sharing:N2}させることで[不正]{ふせい:fraud:N4}を[防止]{ぼうし:prevention:N2}する[原則]{げんそく:principle:N2}です。Need-to-know[原則]{げんそく:principle:N2}は、[業務上]{ぎょうむじょう:for business:N3}[知る]{しる:to know:N4}[必要]{ひつよう:necessity:N3}がある[情報]{じょうほう:information:N3}にのみアクセスを[許可]{きょか:permission:N3}する[原則]{げんそく:principle:N2}で、[個人情報]{こじんじょうほう:personal information:N2}の[取り扱い]{とりあつかい:handling:N1}[範囲]{はんい:scope:N1}を[限定]{げんてい:restriction:N3}する[際]{さい:when:N3}に[特]{とく:especially:N4}に[重要]{じゅうよう:important:N3}です。\n\n#en\nThere are three important principles supporting access control. The Principle of Least Privilege grants only the minimum privileges necessary for business operations and does not give unnecessary privileges. Separation of Duties prevents fraud by having important processes shared among multiple people rather than completed by one person alone. The Need-to-Know principle permits access only to information that is necessary to know for business purposes, and is especially important when limiting the scope of personal information handling.\n::\n\n::heading\nネットワークセキュリティ\n\n#en\nNetwork Security\n::\n\n::heading\nファイアウォールの[種類]{しゅるい:types:N3}\n\n#en\nTypes of Firewalls\n::\n\n::para\nファイアウォールは、ネットワーク[間]{かん:between:N5}の[通信]{つうしん:communication:N3}を[制御]{せいぎょ:control:N3}する[装置]{そうち:device:N2}で、いくつかの[種類]{しゅるい:types:N3}があります。パケットフィルタリング[型]{がた:type:N2}はOSI[参照]{さんしょう:reference:N2}モデルの[第]{だい:number:N1}3[層]{そう:layer:N2}（ネットワーク[層]{そう:layer:N2}）と[第]{だい:number:N1}4[層]{そう:layer:N2}（トランスポート[層]{そう:layer:N2}）でIPアドレスやポート[番号]{ばんごう:number:N3}に[基づいて]{もとづいて:based on:N1}[通信]{つうしん:communication:N3}を[許可]{きょか:permission:N3}・[拒否]{きょひ:rejection:N1}します。ステートフルインスペクション[型]{がた:type:N2}は[通信]{つうしん:communication:N3}の[状態]{じょうたい:state:N1}（コネクション[情報]{じょうほう:information:N3}）を[追跡]{ついせき:tracking:N2}し、[正当]{せいとう:legitimate:N3}な[応答]{おうとう:response:N1}パケットのみを[通過]{つうか:passing:N3}させます。アプリケーションゲートウェイ（プロキシ）[型]{がた:type:N2}は[第]{だい:number:N1}7[層]{そう:layer:N2}（アプリケーション[層]{そう:layer:N2}）で[通信]{つうしん:communication:N3}[内容]{ないよう:content:N3}を[検査]{けんさ:inspection:N1}します。NGFW（[次]{じ:next:N3}[世代]{せだい:generation:N4}ファイアウォール）はこれらの[機能]{きのう:function:N3}に[加えて]{くわえて:in addition:N3}、アプリケーション[識別]{しきべつ:identification:N3}やIPS[機能]{きのう:function:N3}を[統合]{とうごう:integration:N1}した[高度]{こうど:advanced:N4}な[製品]{せいひん:product:N1}です。\n\n#en\nA firewall is a device that controls communication between networks, and comes in several types. Packet filtering type permits or denies communication at OSI reference model Layer 3 (network layer) and Layer 4 (transport layer) based on IP addresses and port numbers. Stateful inspection type tracks communication state (connection information) and allows only legitimate response packets to pass. Application gateway (proxy) type inspects communication content at Layer 7 (application layer). NGFW (Next-Generation Firewall) is an advanced product that integrates application identification and IPS functions in addition to these capabilities.\n::\n\n::heading\nIDS vs IPS\n\n#en\nIDS vs IPS\n::\n\n::para\nIDS（[侵入]{しんにゅう:intrusion:N1}[検知]{けんち:detection:N1}システム）は[不正]{ふせい:unauthorized:N4}なアクセスを[検知]{けんち:detection:N1}して[管理者]{かんりしゃ:administrator:N2}に[通報]{つうほう:notification:N3}しますが、[自動]{じどう:automatic:N4}[遮断]{しゃだん:blocking:N1}は[行いません]{おこないません:does not perform:N5}。IPS（[侵入]{しんにゅう:intrusion:N1}[防止]{ぼうし:prevention:N2}システム）は[検知]{けんち:detection:N1}に[加えて]{くわえて:in addition:N3}[自動的]{じどうてき:automatic:N4}に[通信]{つうしん:communication:N3}を[遮断]{しゃだん:blocking:N1}します。[検知]{けんち:detection:N1}[方式]{ほうしき:method:N3}には、[既知]{きち:known:N1}の[攻撃]{こうげき:attack:N1}パターンと[照合]{しょうごう:matching:N2}するシグネチャベースと、[通常]{つうじょう:normal:N3}の[通信]{つうしん:communication:N3}パターンからの[逸脱]{いつだつ:deviation:N1}を[検知]{けんち:detection:N1}するアノマリベースがあります。[設置]{せっち:installation:N2}[場所]{ばしょ:location:N3}により、ネットワーク[型]{がた:type:N2}（NIDS\u002FNIPS）とホスト[型]{がた:type:N2}（HIDS\u002FHIPS）に[分類]{ぶんるい:classification:N3}されます。ネットワーク[型]{がた:type:N2}はネットワーク[上]{じょう:on:N5}の[通信]{つうしん:communication:N3}を[監視]{かんし:monitoring:N1}し、ホスト[型]{がた:type:N2}は[個々]{ここ:individual:N2}のサーバ[上]{じょう:on:N5}で[動作]{どうさ:operation:N4}します。\n\n#en\nIDS (Intrusion Detection System) detects unauthorized access and notifies the administrator, but does not automatically block it. IPS (Intrusion Prevention System) automatically blocks communication in addition to detection. Detection methods include signature-based, which matches against known attack patterns, and anomaly-based, which detects deviations from normal communication patterns. By installation location, they are classified into network-type (NIDS\u002FNIPS) and host-type (HIDS\u002FHIPS). Network-type monitors communication on the network, while host-type operates on individual servers.\n::\n\n::heading\nWAF\n\n#en\nWAF (Web Application Firewall)\n::\n\n::para\nWAF（ウェブアプリケーションファイアウォール）は、ウェブアプリケーションに[特化]{とっか:specialization:N3}した[防御]{ぼうぎょ:defense:N2}[装置]{そうち:device:N2}です。SQL[注入]{ちゅうにゅう:injection:N4}（SQLインジェクション）、クロスサイトスクリプティング（XSS）、クロスサイトリクエストフォージェリ（CSRF）などのウェブ[特有]{とくゆう:specific:N4}の[攻撃]{こうげき:attack:N1}を[検知]{けんち:detection:N1}・[遮断]{しゃだん:blocking:N1}します。[通常]{つうじょう:usually:N3}のファイアウォールやIPSでは[防]{ふせ:to defend:N2}げないアプリケーション[層]{そう:layer:N2}の[攻撃]{こうげき:attack:N1}に[対応]{たいおう:handling:N1}できるのが[特徴]{とくちょう:characteristic:N1}です。[個人情報]{こじんじょうほう:personal information:N2}を[扱う]{あつかう:to handle:N1}ウェブサービスでは、WAFの[導入]{どうにゅう:introduction:N2}が[強く]{つよく:strongly:N4}[推奨]{すいしょう:recommended:N1}されます。\n\n#en\nWAF (Web Application Firewall) is a defense device specialized for web applications. It detects and blocks web-specific attacks such as SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF). Its distinguishing feature is the ability to handle application-layer attacks that regular firewalls and IPS cannot defend against. For web services handling personal information, WAF deployment is strongly recommended.\n::\n\n::heading\nSQLインジェクション[対策]{たいさく:countermeasure:N1}：プレースホルダ／バインド[変数]{へんすう:variable:N3}／プリペアドステートメント\n\n#en\nSQL Injection Countermeasures: Placeholders \u002F Bind Variables \u002F Prepared Statements\n::\n\n::para\nSQLインジェクション[対策]{たいさく:countermeasure:N1}の[根本]{こんぽん:fundamental:N2}は、ユーザー[入力]{にゅうりょく:input:N4}を[文字列]{もじれつ:string:N3}[連結]{れんけつ:concatenation:N1}でSQL[文]{ぶん:statement:N4}に[組み込まない]{くみこまない:not embed:N3}ことです。[文字列]{もじれつ:string:N3}[連結]{れんけつ:concatenation:N1}では[入力]{にゅうりょく:input:N4}[内]{ない:within:N3}の[引用符]{いんようふ:quotation mark:N2}やセミコロンがSQLの[構文]{こうぶん:syntax:N3}として[解釈]{かいしゃく:interpret:N1}されてしまい、[攻撃者]{こうげきしゃ:attacker:N1}が[任意]{にんい:arbitrary:N3}のSQL[文]{ぶん:statement:N4}を[実行]{じっこう:execute:N3}できる[余地]{よち:room:N3}が[生まれます]{うまれます:to be created:N5}。これに[対し]{たいし:against:N3}、プレースホルダ（[疑問符]{ぎもんふ:question mark:N2}「?」や「:name」など）を[用いた]{もちいた:using:N4}プリペアドステートメント（[準備]{じゅんび:prepared:N2}[済み]{ずみ:completed:N3}SQL[文]{ぶん:statement:N4}）とバインド[変数]{へんすう:variable:N3}[機構]{きこう:mechanism:N3}を[使用]{しよう:use:N4}すると、SQL[文]{ぶん:statement:N4}の[構造]{こうぞう:structure:N2}（[構文]{こうぶん:syntax:N3}[木]{き:tree:N5}）は[事前]{じぜん:in advance:N4}にデータベースサーバ[側]{がわ:side:N3}で[解析]{かいせき:parse:N1}・[確定]{かくてい:finalize:N3}され、[後]{あと:later:N5}から[束縛]{そくばく:bind:N1}される[値]{ち:value:N3}は[純粋]{じゅんすい:purely:N1}に[単]{たん:single:N3}なるデータとしてのみ[扱われ]{あつかわれ:handled:N1}ます。その[結果]{けっか:result:N1}、[入力]{にゅうりょく:input:N4}に[引用符]{いんようふ:quotation mark:N2}や「OR '1'='1'」のような[文字列]{もじれつ:string:N3}が[含まれて]{ふくまれて:contained:N2}いてもSQL[文]{ぶん:statement:N4}の[構造]{こうぞう:structure:N2}を[変更]{へんこう:alter:N3}できず、インジェクションが[原理的]{げんりてき:in principle:N3}に[成立]{せいりつ:be established:N3}しません。[入力]{にゅうりょく:input:N4}[値]{ち:value:N3}の[検証]{けんしょう:validation:N1}（バリデーション）や[特殊]{とくしゅ:special:N1}[文字]{もじ:character:N4}のエスケープも[補助]{ほじょ:auxiliary:N2}[的]{てき:sense:N4}に[有効]{ゆうこう:effective:N2}ですが、[漏れ]{もれ:omission:N1}が[発生]{はっせい:occur:N4}しやすいため、プレースホルダ／バインド[変数]{へんすう:variable:N3}を[用いた]{もちいた:using:N4}プリペアドステートメントが[第一]{だいいち:primary:N1}の[対策]{たいさく:countermeasure:N1}としてIPAの「[安全]{あんぜん:safe:N3}なウェブサイトの[作り方]{つくりかた:creation:N4}」でも[推奨]{すいしょう:recommended:N1}されています。\n\n#en\nThe fundamental SQL injection countermeasure is not embedding user input into SQL statements via string concatenation. With string concatenation, quotation marks and semicolons within input get interpreted as SQL syntax, leaving room for attackers to execute arbitrary SQL statements. In contrast, when prepared statements (pre-prepared SQL statements) using placeholders (such as the question mark \"?\" or \":name\") and the bind variable mechanism are used, the SQL statement structure (syntax tree) is parsed and finalized in advance on the database server side, and the values bound later are treated purely as mere data. As a result, even if input contains quotation marks or strings like \"OR '1'='1'\", they cannot alter the SQL statement structure, and injection cannot be established in principle. Input validation and escaping of special characters are also auxiliary effective measures, but omissions readily occur, so prepared statements using placeholders\u002Fbind variables are recommended as the primary countermeasure even in IPA's \"How to Create Safe Websites.\"\n::\n\n::callout\n[試験]{しけん:exam:N4}ではSQLインジェクションの[最]{もっと:most:N3}も[有効]{ゆうこう:effective:N2}な[対策]{たいさく:countermeasure:N1}が[問われ]{とわれ:asked:N4}ます。[正解]{せいかい:correct answer:N3}＝プレースホルダ／バインド[変数]{へんすう:variable:N3}を[使った]{つかった:using:N4}プリペアドステートメント。[理由]{りゆう:reason:N3}＝SQLの[構文]{こうぶん:syntax:N3}と[値]{ち:value:N3}を[分離]{ぶんり:separate:N1}し、[値]{ち:value:N3}が[構文]{こうぶん:syntax:N3}として[解釈]{かいしゃく:interpret:N1}されないため。[入力]{にゅうりょく:input:N4}[検証]{けんしょう:validation:N1}・エスケープのみは[漏れ]{もれ:omission:N1}リスクがあり「[最]{もっと:most:N3}も[有効]{ゆうこう:effective:N2}」とは[言えない]{いえない:cannot say:N4}ので、[引っ掛け]{ひっかけ:trap:N3}[選択肢]{せんたくし:option:N1}に[注意]{ちゅうい:caution:N4}しましょう。\n\n#en\nExam tip: The most effective SQL injection countermeasure is asked. Correct answer = prepared statements using placeholders\u002Fbind variables. Reason = they separate SQL syntax from values, so values are not interpreted as syntax. Input validation and escaping alone carry omission risk and cannot be called \"most effective\"; watch out for trap options.\n::\n\n::heading\nDMZ（[非武装]{ひぶそう:demilitarized:N2}[地帯]{ちたい:zone:N2}）\n\n#en\nDMZ (Demilitarized Zone)\n::\n\n::para\nDMZ（[非武装]{ひぶそう:demilitarized:N2}[地帯]{ちたい:zone:N2}）は、[外部]{がいぶ:external:N3}ネットワーク（インターネット）と[内部]{ないぶ:internal:N3}ネットワーク（[社内]{しゃない:in-company:N3}LAN）の[間]{あいだ:between:N5}に[設置]{せっち:installation:N2}する[緩衝]{かんしょう:buffer:N1}[地帯]{ちたい:zone:N2}です。ウェブサーバやメールサーバなど、[外部]{がいぶ:external:N3}に[公開]{こうかい:public:N4}する[必要]{ひつよう:necessity:N3}があるサーバをDMZに[配置]{はいち:placement:N3}することで、[万が一]{まんがいち:in the unlikely event:N5}サーバが[侵害]{しんがい:compromise:N1}されても[内部]{ないぶ:internal:N3}ネットワークへの[直接的]{ちょくせつてき:direct:N2}な[被害]{ひがい:damage:N2}を[防ぎます]{ふせぎます:to prevent:N2}。\n\n#en\nA DMZ (Demilitarized Zone) is a buffer zone placed between the external network (internet) and the internal network (company LAN). By placing servers that need to be publicly accessible, such as web servers and mail servers, in the DMZ, direct damage to the internal network is prevented even in the unlikely event that a server is compromised.\n::\n\n::heading\nVPN\n\n#en\nVPN (Virtual Private Network)\n::\n\n::para\nVPN（[仮想]{かそう:virtual:N1}[専用]{せんよう:private:N2}ネットワーク）は、[公衆]{こうしゅう:public:N1}ネットワーク[上]{じょう:on:N5}に[暗号化]{あんごうか:encryption:N3}された[安全]{あんぜん:safe:N3}な[通信]{つうしん:communication:N3}[経路]{けいろ:path:N3}を[構築]{こうちく:construction:N2}する[技術]{ぎじゅつ:technology:N2}です。IPsec VPNはOSI[第]{だい:number:N1}3[層]{そう:layer:N2}で[動作]{どうさ:operation:N4}し、[拠点]{きょてん:base:N1}[間]{かん:between:N5}[接続]{せつぞく:connection:N2}（site-to-site）に[適して]{てきして:suitable:N3}います。SSL-VPNは[第]{だい:number:N1}4〜7[層]{そう:layer:N2}で[動作]{どうさ:operation:N4}し、ウェブブラウザだけで[利用]{りよう:use:N3}できるため、リモートアクセス[用途]{ようと:use case:N3}に[広く]{ひろく:widely:N4}[普及]{ふきゅう:widespread:N1}しています。[在宅]{ざいたく:remote:N3}[勤務]{きんむ:work:N3}で[個人情報]{こじんじょうほう:personal information:N2}を[取り扱う]{とりあつかう:to handle:N1}[場合]{ばあい:case:N3}、VPNによる[通信]{つうしん:communication:N3}の[暗号化]{あんごうか:encryption:N3}は[必須]{ひっす:essential:N1}です。\n\n#en\nVPN (Virtual Private Network) is a technology that constructs an encrypted, secure communication path over a public network. IPsec VPN operates at OSI Layer 3 and is suitable for site-to-site connections between bases. SSL-VPN operates at Layers 4-7 and is widely used for remote access because it can be used with just a web browser. When handling personal information during remote work, encryption of communication via VPN is essential.\n::\n",{"id":227,"title":233,"titleEn":234,"topicPath":235,"questions":236},"第４編 情報システムセキュリティ 確認テスト","Chapter 4: Information System Security — Practice Test","software\u002Fkojin-joho-hogo\u002Fkadai-2\u002Fhen-04-jouhou-system",[237,265,288,311,335,360,384,408,430,453,473,498,522,546],{"id":238,"articleId":6,"question":239,"options":242,"correctLabel":252,"explanation":259,"tags":262},"kjh-k2-h04-q01",{"en":240,"jp":241},"Which of the following correctly compares shared-key (symmetric) encryption and public-key (asymmetric) encryption?","[共通鍵]{きょうつうかぎ:shared key}[暗号]{あんごう:encryption}[方式]{ほうしき:method}と[公開鍵]{こうかいかぎ:public key}[暗号]{あんごう:encryption}[方式]{ほうしき:method}の[比較]{ひかく:comparison}として[正]{ただ:correct}しいものはどれか。",[243,247,251,255],{"label":244,"jp":245,"en":246},"ア","[共通鍵]{きょうつうかぎ:shared key}[暗号]{あんごう:encryption}は[処理]{しょり:processing}[速度]{そくど:speed}が[遅]{おそ:slow}いが、[鍵]{かぎ:key}[配送]{はいそう:distribution}[問題]{もんだい:problem}がない","Shared-key encryption is slow but has no key distribution problem",{"label":248,"jp":249,"en":250},"イ","[公開鍵]{こうかいかぎ:public key}[暗号]{あんごう:encryption}は[処理]{しょり:processing}[速度]{そくど:speed}が[速]{はや:fast}いが、[鍵]{かぎ:key}[配送]{はいそう:distribution}[問題]{もんだい:problem}がある","Public-key encryption is fast but has a key distribution problem",{"label":252,"jp":253,"en":254},"ウ","[共通鍵]{きょうつうかぎ:shared key}[暗号]{あんごう:encryption}は[処理]{しょり:processing}[速度]{そくど:speed}が[速]{はや:fast}いが、[鍵]{かぎ:key}[配送]{はいそう:distribution}[問題]{もんだい:problem}がある","Shared-key encryption is fast but has a key distribution problem",{"label":256,"jp":257,"en":258},"エ","[両者]{りょうしゃ:both}とも[同]{おな:same}じ[鍵]{かぎ:key}を[使]{つか:use}って[暗号化]{あんごうか:encryption}・[復号]{ふくごう:decryption}を[行]{おこな:perform}う","Both use the same key for encryption and decryption",{"en":260,"jp":261},"Shared-key encryption (e.g., AES) is fast but requires both parties to share the same key, creating a key distribution problem. Public-key encryption (e.g., RSA) solves the distribution problem but is slower. Options A and B have the characteristics reversed. Option D only describes shared-key encryption.","[共通鍵]{きょうつうかぎ:shared key}[暗号]{あんごう:encryption}（AES[等]{とう:etc.}）は[処理]{しょり:processing}が[高速]{こうそく:high speed}だが、[送信者]{そうしんしゃ:sender}と[受信者]{じゅしんしゃ:receiver}で[同]{おな:same}じ[鍵]{かぎ:key}を[共有]{きょうゆう:share}する[必要]{ひつよう:need}があり、[鍵]{かぎ:key}[配送]{はいそう:distribution}[問題]{もんだい:problem}が[生]{しょう:arise}じる。[公開鍵]{こうかいかぎ:public key}[暗号]{あんごう:encryption}（RSA[等]{とう:etc.}）は[鍵]{かぎ:key}[配送]{はいそう:distribution}[問題]{もんだい:problem}を[解決]{かいけつ:solve}するが[処理]{しょり:processing}が[遅]{おそ:slow}い。ア・イは[特徴]{とくちょう:characteristic}が[逆]{ぎゃく:reverse}。エは[共通鍵]{きょうつうかぎ:shared key}のみの[説明]{せつめい:explanation}。",[23,263,264],"symmetric","asymmetric",{"id":266,"articleId":6,"question":267,"options":270,"correctLabel":248,"explanation":283,"tags":286},"kjh-k2-h04-q02",{"en":268,"jp":269},"Which of the following correctly explains multi-factor authentication?","[多]{た:multi}[要素]{ようそ:factor}[認証]{にんしょう:authentication}の[説明]{せつめい:explanation}として[正]{ただ:correct}しいものはどれか。",[271,274,277,280],{"label":244,"jp":272,"en":273},"パスワードを2[回]{かい:times}[入力]{にゅうりょく:input}させること","Requiring a password to be entered twice",{"label":248,"jp":275,"en":276},"[知識]{ちしき:knowledge}・[所持]{しょじ:possession}・[生体]{せいたい:biometric}[情報]{じょうほう:information}のうち、2つ[以上]{いじょう:or more}の[異]{こと:different}なる[要素]{ようそ:factor}を[組]{く:combine}み[合]{あ:combine}わせた[認証]{にんしょう:authentication}","Authentication combining two or more different factors from knowledge, possession, and biometrics",{"label":252,"jp":278,"en":279},"IDとパスワードに[加]{くわ:add}え、[秘密]{ひみつ:secret}の[質問]{しつもん:question}を[使]{つか:use}う[認証]{にんしょう:authentication}","Authentication using an ID, password, and a secret question",{"label":256,"jp":281,"en":282},"[複数]{ふくすう:multiple}のパスワードを[使]{つか:use}い[分]{わ:separate}けること","Using multiple different passwords",{"en":284,"jp":285},"Multi-factor authentication combines 2 or more of the 3 factors: knowledge (passwords etc.), possession (smartphones, IC cards etc.), and biometrics (fingerprints etc.). Option A repeats the same factor. Option C combines password and secret question — both are \"knowledge\" factors, so it is not multi-factor. Option D also repeats the same factor type.","[多]{た:multi}[要素]{ようそ:factor}[認証]{にんしょう:authentication}は「[知識]{ちしき:knowledge}（パスワード[等]{とう:etc.}）」「[所持]{しょじ:possession}（スマートフォン・ICカード[等]{とう:etc.}）」「[生体]{せいたい:biometric}[情報]{じょうほう:information}（[指紋]{しもん:fingerprint}[等]{とう:etc.}）」の3[要素]{ようそ:factors}のうち2つ[以上]{いじょう:or more}を[組]{く:combine}み[合]{あ:combine}わせる。アはパスワードの2[回]{かい:times}[入力]{にゅうりょく:input}で[同]{おな:same}じ[要素]{ようそ:factor}。ウは[秘密]{ひみつ:secret}の[質問]{しつもん:question}もパスワードも「[知識]{ちしき:knowledge}」[要素]{ようそ:factor}なので[多]{た:multi}[要素]{ようそ:factor}ではない。エも[同]{おな:same}じ[要素]{ようそ:factor}の[繰]{く:repeat}り[返]{かえ:return}し。",[101,287],"MFA",{"id":289,"articleId":6,"question":290,"options":293,"correctLabel":252,"explanation":306,"tags":309},"kjh-k2-h04-q03",{"en":291,"jp":292},"Which type of firewall inspects packet contents at the application layer?","ファイアウォールの[種類]{しゅるい:types}のうち、アプリケーション[層]{そう:layer}でパケットの[内容]{ないよう:content}を[検査]{けんさ:inspect}するものはどれか。",[294,297,300,303],{"label":244,"jp":295,"en":296},"パケットフィルタリング","Packet filtering",{"label":248,"jp":298,"en":299},"ステートフルインスペクション","Stateful inspection",{"label":252,"jp":301,"en":302},"アプリケーションゲートウェイ（プロキシ[型]{がた:type}）","Application gateway (proxy type)",{"label":256,"jp":304,"en":305},"NAT（ネットワークアドレス[変換]{へんかん:translation}）","NAT (Network Address Translation)",{"en":307,"jp":308},"An application gateway (proxy type) inspects communication content at the application layer for detailed control. Packet filtering controls by IP address and port number. Stateful inspection manages communication state for decision-making. NAT is an address translation technology, not a type of firewall.","アプリケーションゲートウェイ（プロキシ[型]{がた:type}）はアプリケーション[層]{そう:layer}で[通信]{つうしん:communication}[内容]{ないよう:content}を[検査]{けんさ:inspect}し、[詳細]{しょうさい:detailed}な[制御]{せいぎょ:control}が[可能]{かのう:possible}。パケットフィルタリングはIPアドレスやポート[番号]{ばんごう:number}で[制御]{せいぎょ:control}する[方式]{ほうしき:method}。ステートフルインスペクションは[通信]{つうしん:communication}の[状態]{じょうたい:state}を[管理]{かんり:manage}して[判断]{はんだん:judge}する[方式]{ほうしき:method}。NATはアドレス[変換]{へんかん:translation}[技術]{ぎじゅつ:technology}でありファイアウォールの[種類]{しゅるい:type}ではない。",[310],"firewall",{"id":312,"articleId":6,"question":313,"options":316,"correctLabel":248,"explanation":329,"tags":332},"kjh-k2-h04-q04",{"en":314,"jp":315},"Which of the following correctly describes the difference between IDS (Intrusion Detection System) and IPS (Intrusion Prevention System)?","IDS（[侵入]{しんにゅう:intrusion}[検知]{けんち:detection}システム）とIPS（[侵入]{しんにゅう:intrusion}[防止]{ぼうし:prevention}システム）の[違]{ちが:difference}いとして[正]{ただ:correct}しいものはどれか。",[317,320,323,326],{"label":244,"jp":318,"en":319},"IDSは[不正]{ふせい:unauthorized}アクセスを[検知]{けんち:detect}し[自動]{じどう:automatically}[遮断]{しゃだん:block}する。IPSは[検知]{けんち:detect}のみ[行]{おこな:perform}う","IDS detects and automatically blocks unauthorized access. IPS only detects",{"label":248,"jp":321,"en":322},"IDSは[不正]{ふせい:unauthorized}アクセスの[検知]{けんち:detection}・[通知]{つうち:notification}を[行]{おこな:perform}い、IPSは[検知]{けんち:detection}に[加]{くわ:add}え[自動]{じどう:automatically}[遮断]{しゃだん:block}まで[行]{おこな:perform}う","IDS detects and notifies of unauthorized access; IPS detects and also automatically blocks it",{"label":252,"jp":324,"en":325},"[両者]{りょうしゃ:both}とも[検知]{けんち:detection}のみで[遮断]{しゃだん:blocking}[機能]{きのう:function}はない","Both only detect and have no blocking function",{"label":256,"jp":327,"en":328},"IPSはファイアウォールの[別名]{べつめい:alias}である","IPS is another name for a firewall",{"en":330,"jp":331},"IDS detects unauthorized communication and notifies the administrator (detection only). IPS also automatically blocks the relevant traffic. Option A is reversed. Option C ignores the blocking function of IPS. Option D is wrong — IPS and firewalls are separate mechanisms.","IDSは[不正]{ふせい:unauthorized}な[通信]{つうしん:communication}を[検知]{けんち:detect}して[管理者]{かんりしゃ:administrator}に[通知]{つうち:notify}する（[検知]{けんち:detection}のみ）。IPSは[検知]{けんち:detection}に[加]{くわ:add}えて[該当]{がいとう:relevant}[通信]{つうしん:communication}を[自動的]{じどうてき:automatically}に[遮断]{しゃだん:block}する。アは[逆]{ぎゃく:reverse}。ウはIPSの[遮断]{しゃだん:blocking}[機能]{きのう:function}を[無視]{むし:ignore}している。エはIPSとファイアウォールは[別]{べつ:separate}の[仕組]{しくみ:mechanism}み。",[333,334],"IDS","IPS",{"id":336,"articleId":337,"question":338,"options":341,"correctLabel":244,"explanation":354,"tags":357},"kjh-k2-h04-q05","kjh-k2-h04-gijutsu-jisshi",{"en":339,"jp":340},"Which of the following best describes the main function of SIEM (Security Information and Event Management)?","SIEM（Security Information and Event Management）の[主]{おも:main}な[機能]{きのう:function}として[最]{もっと:most}も[適切]{てきせつ:appropriate}なものはどれか。",[342,345,348,351],{"label":244,"jp":343,"en":344},"[各種]{かくしゅ:various}ログを[一元的]{いちげんてき:centrally}に[収集]{しゅうしゅう:collect}・[分析]{ぶんせき:analyze}し、セキュリティ[脅威]{きょうい:threat}を[可視化]{かしか:visualize}する","Centrally collecting and analyzing various logs to visualize security threats",{"label":248,"jp":346,"en":347},"ウイルスを[検知]{けんち:detect}・[駆除]{くじょ:remove}する","Detecting and removing viruses",{"label":252,"jp":349,"en":350},"ネットワーク[通信]{つうしん:communication}を[暗号化]{あんごうか:encrypt}する","Encrypting network communication",{"label":256,"jp":352,"en":353},"[外部]{がいぶ:external}からの[不正]{ふせい:unauthorized}アクセスを[遮断]{しゃだん:block}する","Blocking unauthorized access from outside",{"en":355,"jp":356},"SIEM is a tool that centrally collects and correlates logs from firewalls, IDS\u002FIPS, servers, etc. to support early detection of security incidents. Option B describes antivirus software, C describes VPN functionality, and D describes firewall\u002FIPS functionality.","SIEMはファイアウォール、IDS\u002FIPS、サーバ[等]{とう:etc.}の[各種]{かくしゅ:various}ログを[一元的]{いちげんてき:centrally}に[収集]{しゅうしゅう:collect}・[相関]{そうかん:correlate}[分析]{ぶんせき:analyze}し、セキュリティインシデントの[早期]{そうき:early}[発見]{はっけん:discovery}を[支援]{しえん:support}するツール。イはアンチウイルスソフト、ウはVPN[等]{とう:etc.}の[機能]{きのう:function}、エはファイアウォールやIPSの[機能]{きのう:function}。",[358,359],"SIEM","log-management",{"id":361,"articleId":337,"question":362,"options":365,"correctLabel":252,"explanation":378,"tags":381},"kjh-k2-h04-q06",{"en":363,"jp":364},"Which of the following correctly explains the shared responsibility model in cloud services?","クラウドサービスにおける[責任]{せきにん:responsibility}[共有]{きょうゆう:shared}モデルの[説明]{せつめい:explanation}として[正]{ただ:correct}しいものはどれか。",[366,369,372,375],{"label":244,"jp":367,"en":368},"セキュリティの[全]{すべ:all}ての[責任]{せきにん:responsibility}はクラウド[事業者]{じぎょうしゃ:provider}にある","All security responsibility lies with the cloud provider",{"label":248,"jp":370,"en":371},"セキュリティの[全]{すべ:all}ての[責任]{せきにん:responsibility}は[利用者]{りようしゃ:user}にある","All security responsibility lies with the user",{"label":252,"jp":373,"en":374},"クラウド[事業者]{じぎょうしゃ:provider}はインフラ[部分]{ぶぶん:portion}、[利用者]{りようしゃ:user}はデータやアクセス[管理]{かんり:management}[等]{とう:etc.}をそれぞれ[分担]{ぶんたん:share}する","The cloud provider is responsible for the infrastructure portion, while the user is responsible for data and access management, etc.",{"label":256,"jp":376,"en":377},"IaaSではアプリケーションの[管理]{かんり:management}もクラウド[事業者]{じぎょうしゃ:provider}の[責任]{せきにん:responsibility}である","In IaaS, application management is also the cloud provider's responsibility",{"en":379,"jp":380},"Under the shared responsibility model, the cloud provider handles infrastructure (network, physical servers, etc.) and the user handles data, access management, applications, etc. Options A and B incorrectly place all responsibility on one party. Option D is wrong because in IaaS, the user must manage OS and applications.","[責任]{せきにん:responsibility}[共有]{きょうゆう:shared}モデルでは、クラウド[事業者]{じぎょうしゃ:provider}がインフラ（ネットワーク・[物理]{ぶつり:physical}サーバ[等]{とう:etc.}）を、[利用者]{りようしゃ:user}がデータ・アクセス[管理]{かんり:management}・アプリケーション[等]{とう:etc.}を[分担]{ぶんたん:share}する。ア・イのように[片方]{かたほう:one side}だけに[全]{すべ:all}[責任]{せきにん:responsibility}があるわけではない。エはIaaSでは[利用者]{りようしゃ:user}がOS・アプリケーションまで[管理]{かんり:manage}する[必要]{ひつよう:need}がある。",[382,383],"cloud","shared-responsibility",{"id":385,"articleId":337,"question":386,"options":389,"correctLabel":252,"explanation":402,"tags":405},"kjh-k2-h04-q07",{"en":387,"jp":388},"Among antivirus detection methods, which monitors operations during execution to detect suspicious behavior?","アンチウイルスソフトの[検知]{けんち:detection}[方式]{ほうしき:methods}のうち、[実行]{じっこう:execution}[時]{じ:time}の[動作]{どうさ:behavior}を[監視]{かんし:monitor}して[不審]{ふしん:suspicious}な[挙動]{きょどう:activities}を[検知]{けんち:detect}する[方式]{ほうしき:method}はどれか。",[390,393,396,399],{"label":244,"jp":391,"en":392},"パターンマッチング","Pattern matching",{"label":248,"jp":394,"en":395},"ヒューリスティック[検知]{けんち:detection}","Heuristic detection",{"label":252,"jp":397,"en":398},"ビヘイビア（[振る舞い]{ふるまい:behavior}）[分析]{ぶんせき:analysis}","Behavior analysis",{"label":256,"jp":400,"en":401},"[定義]{ていぎ:definition}ファイル[更新]{こうしん:update}","Definition file update",{"en":403,"jp":404},"Behavior analysis monitors operations during execution to detect suspicious behavior. Pattern matching compares against definition files of known malware. Heuristic detection estimates unknown malware from structural characteristics. Option D is operational task, not a detection method. Combining the three methods enhances detection rate.","ビヘイビア（[振る舞い]{ふるまい:behavior}）[分析]{ぶんせき:analysis}は[実行]{じっこう:execution}[時]{じ:time}の[動作]{どうさ:operation}を[監視]{かんし:monitor}し[不審]{ふしん:suspicious}な[挙動]{きょどう:behavior}を[検知]{けんち:detect}する。パターンマッチングは[既知]{きち:known}マルウェアの[特徴]{とくちょう:characteristic}[定義]{ていぎ:definition}ファイルとの[照合]{しょうごう:comparison}、ヒューリスティック[検知]{けんち:detection}は[構造的]{こうぞうてき:structural}[特徴]{とくちょう:characteristics}から[未知]{みち:unknown}マルウェアを[推定]{すいてい:estimate}する[方式]{ほうしき:method}。エは[検知]{けんち:detection}[方式]{ほうしき:method}ではなく[運用]{うんよう:operational}[作業]{さぎょう:task}。3[方式]{ほうしき:methods}を[組]{く:combine}み[合]{あ:combine}わせて[検知]{けんち:detection}[率]{りつ:rate}を[高]{たか:enhance}める。",[406,407],"antivirus","behavior-analysis",{"id":409,"articleId":337,"question":410,"options":413,"correctLabel":244,"explanation":424,"tags":427},"kjh-k2-h04-q08",{"en":411,"jp":412},"Which is the representative Japanese information source for collecting vulnerability information?","[脆弱性]{ぜいじゃくせい:vulnerability}[情報]{じょうほう:information}を[収集]{しゅうしゅう:collect}する[際]{さい:when}に[参照]{さんしょう:refer}される[情報]{じょうほう:information}[源]{げん:source}として[日本]{にほん:Japan}の[代表]{だいひょう:representative}[的]{てき:-ical}なものはどれか。",[414,417,420,422],{"label":244,"jp":415,"en":416},"JVN（Japan Vulnerability Notes）","JVN (Japan Vulnerability Notes)",{"label":248,"jp":418,"en":419},"CVSS（Common Vulnerability Scoring System）","CVSS (Common Vulnerability Scoring System)",{"label":252,"jp":421,"en":421},"NIST CSF",{"label":256,"jp":423,"en":423},"ISO\u002FIEC 27017",{"en":425,"jp":426},"JVN (Japan Vulnerability Notes) is the Japanese vulnerability information portal jointly operated by IPA and JPCERT\u002FCC. Internationally, CVE (Common Vulnerabilities and Exposures) is used. CVSS is a severity evaluation standard; NIST CSF is the Cybersecurity Framework; ISO\u002FIEC 27017 is a cloud security standard.","JVN（Japan Vulnerability Notes）はIPAとJPCERT\u002FCCが[共同]{きょうどう:jointly}[運営]{うんえい:operate}する[日本]{にほん:Japan}の[脆弱性]{ぜいじゃくせい:vulnerability}[情報]{じょうほう:information}ポータル。[国際]{こくさい:international}[的]{てき:-ically}にはCVE（Common Vulnerabilities and Exposures）が[利用]{りよう:used}される。CVSSは[脆弱性]{ぜいじゃくせい:vulnerability}の[深刻度]{しんこくど:severity}を[評価]{ひょうか:evaluate}する[基準]{きじゅん:standard}、NIST CSFはサイバーセキュリティフレームワーク、ISO\u002FIEC 27017はクラウド[セキュリティ]{セキュリティ:security}[規格]{きかく:standard}。",[428,429],"vulnerability-management","JVN",{"id":431,"articleId":337,"question":432,"options":435,"correctLabel":248,"explanation":447,"tags":450},"kjh-k2-h04-q09",{"en":433,"jp":434},"Which best describes the primary role of WAF (Web Application Firewall)?","WAF（Web Application Firewall）の[主]{おも:primary}な[役割]{やくわり:role}として[最]{もっと:most}も[適切]{てきせつ:appropriate}なものはどれか。",[436,439,442,444],{"label":244,"jp":437,"en":438},"IPアドレスやポート[番号]{ばんごう:number}でパケットを[制御]{せいぎょ:control}する","Control packets by IP address and port number",{"label":248,"jp":440,"en":441},"SQLインジェクションやクロスサイトスクリプティングなどWebアプリケーション[層]{そう:layer}の[攻撃]{こうげき:attacks}から[防御]{ぼうぎょ:defend}する","Defend against web application layer attacks such as SQL injection and cross-site scripting",{"label":252,"jp":346,"en":443},"Detect and remove viruses",{"label":256,"jp":445,"en":446},"[利用者]{りようしゃ:user}の[認証]{にんしょう:authentication}[情報]{じょうほう:information}を[管理]{かんり:manage}する","Manage user authentication information",{"en":448,"jp":449},"WAF is a dedicated firewall that detects and defends against attacks on web applications at the application layer (OSI Layer 7) — SQL injection, XSS, CSRF, etc. Option A is an ordinary packet-filtering firewall, C is antivirus, and D is an identity management system.","WAFはアプリケーション[層]{そう:layer}（OSI[第]{だい:Layer}7[層]{そう:layer}）でWebアプリケーションへの[攻撃]{こうげき:attacks}（SQLインジェクション、XSS、CSRF[等]{とう:etc.}）を[検知]{けんち:detect}・[防御]{ぼうぎょ:defend}する[専用]{せんよう:dedicated}ファイアウォール。アは[通常]{つうじょう:ordinary}のパケットフィルタリング[型]{がた:type}ファイアウォール、ウはアンチウイルス、エはID[管理]{かんり:management}システムの[役割]{やくわり:role}である。",[451,452],"WAF","web-application",{"id":454,"articleId":337,"question":455,"options":458,"correctLabel":256,"explanation":468,"tags":471},"kjh-k2-h04-q10",{"en":456,"jp":457},"Which is the correct minimum version of encryption protocol that should be used when transmitting\u002Freceiving personal data?","[個人]{こじん:personal}データを[送受信]{そうじゅしん:transmit and receive}する[際]{さい:when}に[使用]{しよう:use}すべき[暗号]{あんごう:encryption}[プロトコル]{プロトコル:protocol}の[最低]{さいてい:minimum}[バージョン]{バージョン:version}として[正]{ただ:correct}しいものはどれか。",[459,461,463,465],{"label":244,"jp":460,"en":460},"SSL 3.0",{"label":248,"jp":462,"en":462},"TLS 1.0",{"label":252,"jp":464,"en":464},"TLS 1.1",{"label":256,"jp":466,"en":467},"TLS 1.2 [以上]{いじょう:or higher}","TLS 1.2 or higher",{"en":469,"jp":470},"TLS 1.2 or higher should be used for transmitting personal data. SSL 3.0 and TLS 1.0\u002F1.1 are already deprecated and have known vulnerabilities — their use should be ceased. For connections from outside the company, VPN is used together to protect the communication route.","[個人]{こじん:personal}データの[送受信]{そうじゅしん:transmission}にはTLS 1.2[以上]{いじょう:or higher}を[使用]{しよう:use}する。SSL 3.0・TLS 1.0\u002F1.1は[既]{すで:already}に[非推奨]{ひすいしょう:deprecated}で[既知]{きち:known}の[脆弱性]{ぜいじゃくせい:vulnerabilities}が[存在]{そんざい:exist}するため[使用]{しよう:use}を[停止]{ていし:cease}すべき。[社外]{しゃがい:outside the company}からの[接続]{せつぞく:connection}にはVPNを[併用]{へいよう:use together}して[通信]{つうしん:communication}[経路]{けいろ:route}を[保護]{ほご:protect}する。",[472,23],"TLS",{"id":474,"articleId":6,"question":475,"options":478,"correctLabel":252,"explanation":491,"tags":494},"kjh-k2-h04-q11",{"en":476,"jp":477},"Which is correct about types of VPN?","VPNの[種類]{しゅるい:types}に[関]{かん:related}する[説明]{せつめい:description}として[正]{ただ:correct}しいものはどれか。",[479,482,485,488],{"label":244,"jp":480,"en":481},"IPsec VPNはOSI[第]{だい:Layer}7[層]{そう:layer}で[動作]{どうさ:operate}し、ウェブブラウザのみで[利用]{りよう:use}できる","IPsec VPN operates at OSI Layer 7 and works only with a web browser",{"label":248,"jp":483,"en":484},"SSL-VPNはOSI[第]{だい:Layer}3[層]{そう:layer}で[動作]{どうさ:operate}し、[拠点]{きょてん:base}[間]{かん:between}[接続]{せつぞく:connection}に[適]{てき:suitable}する","SSL-VPN operates at OSI Layer 3 and is suitable for site-to-site connections",{"label":252,"jp":486,"en":487},"IPsec VPNはOSI[第]{だい:Layer}3[層]{そう:layer}で[動作]{どうさ:operate}し[拠点]{きょてん:base}[間]{かん:between}（site-to-site）[接続]{せつぞく:connection}に[適]{てき:suitable}し、SSL-VPNは[第]{だい:Layer}4〜7[層]{そう:layer}で[動作]{どうさ:operate}しリモートアクセスに[広く]{ひろく:widely}[普及]{ふきゅう:used}している","IPsec VPN operates at OSI Layer 3 and suits site-to-site connections; SSL-VPN operates at Layers 4-7 and is widely used for remote access",{"label":256,"jp":489,"en":490},"[両者]{りょうしゃ:both}とも[暗号化]{あんごうか:encryption}[機能]{きのう:function}を[持]{も:have}たない","Neither has encryption functionality",{"en":492,"jp":493},"IPsec VPN operates at OSI Layer 3 (network) and is suitable for site-to-site connections. SSL-VPN operates at Layers 4-7 and is widely used for remote access since it works with just a web browser. Both construct an encrypted communication path over public networks.","IPsec VPNはOSI[第]{だい:Layer}3[層]{そう:layer}（ネットワーク[層]{そう:layer}）で[動作]{どうさ:operates}し、[拠点]{きょてん:site}[間]{かん:between}[接続]{せつぞく:connection}（site-to-site）に[適]{てき:suitable}する。SSL-VPNは[第]{だい:Layer}4〜7[層]{そう:layer}で[動作]{どうさ:operates}し、ウェブブラウザだけで[利用]{りよう:use}できるためリモートアクセスに[広く]{ひろく:widely}[普及]{ふきゅう:used}。[両者]{りょうしゃ:both}とも[公衆]{こうしゅう:public}ネットワーク[上]{じょう:on}に[暗号化]{あんごうか:encrypted}[通信]{つうしん:communication}[経路]{けいろ:path}を[構築]{こうちく:construct}する。",[495,496,497],"VPN","IPsec","SSL-VPN",{"id":499,"articleId":337,"question":500,"options":503,"correctLabel":244,"explanation":516,"tags":519},"kjh-k2-h04-q12",{"en":501,"jp":502},"Which best describes EDR (Endpoint Detection and Response)?","EDR（Endpoint Detection and Response）の[特徴]{とくちょう:characteristic}として[最]{もっと:most}も[適切]{てきせつ:appropriate}なものはどれか。",[504,507,510,513],{"label":244,"jp":505,"en":506},"[端末]{たんまつ:endpoint}での[挙動]{きょどう:behavior}を[継続]{けいぞく:continuously}[的]{てき:-ly}に[監視]{かんし:monitor}し、インシデント[発生]{はっせい:occurrence}[時]{じ:time}の[検知]{けんち:detection}・[調査]{ちょうさ:investigation}・[対応]{たいおう:response}を[支援]{しえん:support}する","Continuously monitors endpoint behavior to support detection, investigation, and response when incidents occur",{"label":248,"jp":508,"en":509},"ネットワーク[境界]{きょうかい:boundary}でパケットを[検査]{けんさ:inspect}する","Inspects packets at the network boundary",{"label":252,"jp":511,"en":512},"[既知]{きち:known}マルウェアを[定義]{ていぎ:definition}ファイルとの[照合]{しょうごう:comparison}で[検知]{けんち:detect}するのみ","Only detects known malware via comparison with definition files",{"label":256,"jp":514,"en":515},"クラウドサービスの[暗号化]{あんごうか:encryption}[鍵]{かぎ:key}を[管理]{かんり:manage}する","Manages encryption keys for cloud services",{"en":517,"jp":518},"EDR complements conventional antivirus, continuously recording and monitoring endpoint (PC, server) behavior to support early detection, root cause investigation, and containment when incidents occur. A characteristic feature is the ability to handle unknown attacks.","EDRは[従来]{じゅうらい:conventional}のアンチウイルスを[補完]{ほかん:complement}し、[端末]{たんまつ:endpoint}（PC・サーバ）での[挙動]{きょどう:behavior}を[継続]{けいぞく:continuously}[的]{てき:-ly}に[記録]{きろく:record}・[監視]{かんし:monitor}し、インシデント[発生]{はっせい:occurrence}[時]{じ:time}の[早期]{そうき:early}[検知]{けんち:detection}・[原因]{げんいん:cause}[調査]{ちょうさ:investigation}・[封じ込め]{ふうじこめ:containment}を[支援]{しえん:support}する[仕組み]{しくみ:mechanism}。[未知]{みち:unknown}[攻撃]{こうげき:attacks}にも[対応]{たいおう:respond}できる[点]{てん:point}が[特徴]{とくちょう:characteristic}。",[520,521],"EDR","endpoint",{"id":523,"articleId":6,"question":524,"options":527,"correctLabel":248,"explanation":540,"tags":543},"kjh-k2-h04-q13",{"en":525,"jp":526},"Which is correct about digital signatures?","デジタル[署名]{しょめい:signature}に[関]{かん:related}する[説明]{せつめい:explanation}として[正]{ただ:correct}しいものはどれか。",[528,531,534,537],{"label":244,"jp":529,"en":530},"[送信者]{そうしんしゃ:sender}が[自]{みずか:own}らの[公開鍵]{こうかいかぎ:public key}でハッシュ[値]{ち:value}を[暗号化]{あんごうか:encrypt}する","The sender encrypts the hash value with their own public key",{"label":248,"jp":532,"en":533},"[送信者]{そうしんしゃ:sender}が[自]{みずか:own}らの[秘密鍵]{ひみつかぎ:private key}でハッシュ[値]{ち:value}を[暗号化]{あんごうか:encrypt}し、[受信者]{じゅしんしゃ:recipient}が[送信者]{そうしんしゃ:sender}の[公開鍵]{こうかいかぎ:public key}で[検証]{けんしょう:verify}する","The sender encrypts the hash value with their private key, and the recipient verifies with the sender's public key",{"label":252,"jp":535,"en":536},"[共通鍵]{きょうつうかぎ:shared key}で[文書]{ぶんしょ:document}[全体]{ぜんたい:entire}を[暗号化]{あんごうか:encrypt}する","Encrypts the entire document with a shared key",{"label":256,"jp":538,"en":539},"デジタル[署名]{しょめい:signature}は[機密性]{きみつせい:confidentiality}を[確保]{かくほ:ensure}する[技術]{ぎじゅつ:technology}である","Digital signatures are a technology for ensuring confidentiality",{"en":541,"jp":542},"A digital signature works by the sender encrypting the document's hash value with their own private key, and the recipient verifying with the sender's public key. This ensures integrity (tamper detection) and non-repudiation. It is not for confidentiality (encryption) purposes.","デジタル[署名]{しょめい:signature}は[送信者]{そうしんしゃ:sender}が[文書]{ぶんしょ:document}のハッシュ[値]{ち:value}を[自]{みずか:own}らの[秘密鍵]{ひみつかぎ:private key}で[暗号化]{あんごうか:encrypt}し、[受信者]{じゅしんしゃ:recipient}が[送信者]{そうしんしゃ:sender}の[公開鍵]{こうかいかぎ:public key}で[検証]{けんしょう:verify}する[仕組み]{しくみ:mechanism}。これにより[完全性]{かんぜんせい:integrity}（[改ざん]{かいざん:tamper}[検出]{けんしゅつ:detection}）と[否認]{ひにん:non-}[防止]{ぼうし:repudiation}を[確保]{かくほ:ensure}する。[機密性]{きみつせい:confidentiality}（[暗号化]{あんごうか:encryption}）[目的]{もくてき:purpose}ではない。",[544,545],"digital-signature","PKI",{"id":547,"articleId":337,"question":548,"options":551,"correctLabel":252,"explanation":560,"tags":563},"kjh-k2-h04-q14",{"en":549,"jp":550},"Which international standard for cloud security is a reference when outsourcing personal data handling to a cloud provider?","[個人]{こじん:personal}データを[扱]{あつか:handle}う[業務]{ぎょうむ:business}をクラウド[事業者]{じぎょうしゃ:provider}に[委託]{いたく:outsource}する[際]{さい:when}に[参考]{さんこう:reference}となるクラウドセキュリティの[国際]{こくさい:international}[規格]{きかく:standard}はどれか。",[552,554,556,558],{"label":244,"jp":553,"en":553},"ISO\u002FIEC 27001",{"label":248,"jp":555,"en":555},"ISO\u002FIEC 27002",{"label":252,"jp":557,"en":557},"ISO\u002FIEC 27017 \u002F 27018",{"label":256,"jp":559,"en":559},"ISO\u002FIEC 9001",{"en":561,"jp":562},"ISO\u002FIEC 27017 is a cloud security control guideline; ISO\u002FIEC 27018 is the standard for protecting personal information (PII) in the cloud. When outsourcing, fulfill the outsourcing partner supervision obligation under Article 28 of the amended Act and reference these standards. 27001 is ISMS requirements, 27002 is a code of practice for controls, and 9001 is quality management.","ISO\u002FIEC 27017はクラウドセキュリティの[管理策]{かんりさく:controls}[指針]{ししん:guidelines}、ISO\u002FIEC 27018はクラウド[上]{じょう:on}の[個人]{こじん:personal}[情報]{じょうほう:information}（PII）[保護]{ほご:protection}[規格]{きかく:standard}。[委託]{いたく:outsourcing}[時]{じ:time}は[改正]{かいせい:amended}[法]{ほう:Act}[第]{だい:Article}28[条]{じょう:article}に[基]{もと:based}づく[委託先]{いたくさき:outsourcing partner}[監督]{かんとく:supervision}[義務]{ぎむ:obligation}を[果]{は:fulfill}たし、これら[規格]{きかく:standards}を[参照]{さんしょう:reference}する。27001はISMS[要求]{ようきゅう:requirements}、27002は[管理策]{かんりさく:controls}[実践]{じっせん:practice}[規範]{きはん:code}、9001は[品質]{ひんしつ:quality}[管理]{かんり:management}システム。",[382,564,565],"ISO27017","ISO27018"]