New IP Prep SyllabusVer4.0 Supplement Unlocked

New Topics in Syllabus Ver. 4.
0
New Topics in Syllabus
Ver. 4.0
This provides an explanation of the main new topics added
to the latest edition of the “Syllabus Ver. 4.0” (revised August
2018) as published by the holder of the examinations.
New Technologies and Techniques……… 1

The Field of Information Security… ………25
Sample Questions… …………………………36 16
New Technologies and Techniques
1 The Fourth Industrial Revolution

The advancement of AI, big data, IoT, and other new technologies related
to data utilization over recent years is sometimes referred to as the Fourth
Industrial Revolution, and it has brought about significant transformation.
New topics and terminology centering on these new technologies have
been added to version 4.0 of the syllabus.
As the name would suggest, the Fourth Industrial Revolution implies that
it is a continuation from first to third industrial revolutions.
1 The First to Third Industrial Revolutions

The details of each industrial revolution from the first to the third are as
set out below.
Stage Description
First Industrial The mechanization of factories by using hydropower and
Revolution steam as the motive power from the end of the 18-th century
onwards
Second Indus- The start of mass production through the utilization of electri-
trial Revolution cal power and the division of labor from the beginning of the
20-th century
Third Industrial Automation that utilized electronic engineering and informa-
Revolution tion technology (IT) from the second half of the 20-th century
(spread of PCs and the Internet, etc.)
2 Industry 4.0
In its broadest sense, “Industry 4.0” has the same definition as the Fourth
Industrial Revolution, but in its narrowest definition it refers to Germany’s
industrial strategy.
Reference Industry 4.0 is advocated as a national project to be taken forward
Industry, government, and through a collaboration between industry, government, and academia in
academia the German government’s High-Tech Strategy 2020.
“Industry, government, and academia” This strategy will reform the entire manufacturing industry through
refers to the three (3) parties of industry
(private companies), government (local
digitalization and network creation, and as a result achieve “mass
and national), and academia customization,” which enables the production of individual products with
(educational institutions and research custom specifications for each consumer with the same scale and speed
institutions). as mass production.
2 IoT
Reference “IoT” is a technology that connects to the Internet not only computers and
IoT other such IT devices but also everything else from industrial machinery,
An abbreviation of “Internet of Things.” household electrical appliances, and vehicles to non-electronic products
such as clothing and shoes. It is an abbreviation of “Internet of Things.”
1
Technologies to connect machines and other things to a network in the Reference
Sensor
same way as the IoT concept have existed for a while. However, IoT is now
“Sensor” refers to a device that detects
gaining a lot of attention for the following three (3) reasons. and measures changes in light,
temperature, pressure, and other such
・ Because of the compactness, low cost, and high functionality of sensors that collect
things.
information, it is now possible to attach sensors to all kinds of things.
・ Because of the increased speed and capacity of communication lines, it is now
easier to send data that is gathered by sensors.
Reference
・ Because of the lower prices and advanced functions of cloud services, it is now
Cloud service
easier to accumulate large volumes of gathered data, analyze it, and utilize it.
“Cloud service” refers to services that
are provided by servers (cloud servers)
As a result of the IoT environment being established in this way it is now on the Internet and are used via a
possible to gather, store, and analyze vast qualities of data from a wide network.
range of things, and it has become possible to produce high added value
in all fields.
IoT is utilized in a range of industries including finance, agriculture,
New Topics in Syllabus Ver. 4.0

medical care, and logistics. Below are examples of IoT utilization in each
industry.
●Finance
A wearable device is used to measure the number of steps taken and the Reference
number of calories burned by an insurance policyholder. This data is then Wearable device
“Wearable device” refers to a mobile
analyzed and used in medical insurance services that offer discounted
device that can be worn on the body.
premiums according to level of health improvement. Forms include wrist watches and
●Agriculture eyeglasses.
Wearable devices are attached to cows’ necks and cow activity
information is acquired in real time for analysis with AI in the cloud. This is Reference
utilized in cow herd management services that gather estrus information AI
required for breeding, identify cows that need attention such as those “AI” refers to attempts to analyze the
functions performed by a human brain
showing signs of illness, and provide this information to managers.
and to recreate those functions
Cow herd management system artificially, and to devices and systems
Condition detection with AI (estrus, signs of illness, etc.)
that have such functions. It is an
Data transferred Solid object abbreviation of “artificial intelligence.”
Abnormality detection
to cloud search and display
Acquisition of data
on level of cows’ activity ■Signs of illness
●●●●●●●
●●●●●●●
●●●●●●●
●●●●●●●
Wearable device Mobile device
Data from solar sensors and soil sensors is analyzed in the cloud to decide
the optimum volumes of water and fertilizer. This is utilized in agricultural
soil environment control services that deliver water and fertilizer mixed
automatically directly to the roots of crops by using a pre-laid tube.
●Medical care
Sensors are installed under the mattress of hospital beds to determine the
patients’ pulse, breathing rate, whether they are sitting up and whether
they are out of bed, and in addition to this, to determine whether they are
awake or asleep by analyzing the data in the cloud. This status information
2
is utilized in support services for doctors and nurses who perform
centralized management from control rooms.
●Logistics
Sensors are attached to all products to automate inspection work upon
arrival at and shipment from warehouses. Furthermore, it is also utilized
in logistics support services that make suggestions for the optimum
deployment in warehouses from inventory information and order
information.
1 IoT systems
An “IoT system” is a system that uses IoT. By connecting everything to
which communication functionality has been added to the Internet it
enables automatic recognition or remote measurement and achieves
high-level decision-making and automated control through the collection
and analysis of large volumes of data. Anything to which communication
functionality is added is referred to as an IoT device. IoT systems utilize
many different types of IoT devices and technologies.
(1) Drones
“Drone” refers to a small, unmanned aircraft that can be controlled
remotely. The origin of the name drone is the drone bee, and drones were
given this name as the sound they produce during flight is similar to that
produced by the wings of a drone bee.
While drones were originally used for military purposes, there are now
many products on sale for civil and industrial use.
In a broad sense, drones can be classified as a general remote control
vehicle, but an aspect that makes them different from other general remote
control vehicles is that they are equipped with cameras and a range of
sensors. There are also drones that are capable of autonomous flight by
using these sensors.
It is hoped that in future, drones will be able to be used for purposes
including delivering a range of goods and performing surveys from the air.
Some drones have been put into practical use already, but there are still
issues that need to be addressed before they are put into fully-fledged
commercial use, such as improvement in collision avoidance technology,
the establishment of drone management systems, and legislation.
Below are some ways that drones are utilized in industry.
・ Spreading of agricultural chemicals

・ Measurements of a works site from the air
・ Home delivery and delivery of goods for daily life to remote islands
・ Surveying of disaster areas from the air, transport of emergency goods, use as an ad
hoc base station for cell phones (loading communication devices and flying to
disaster areas)
・ Crime investigations from the air
・ Work to hang electricity cables
(2) Connected cars

“Connected car” refers to vehicles that can transmit information bi-
directionally with a range of things and people by using technology such
as the Internet and wireless devices.
3
Vehicles are now making increasing use of IT, including being equipped
with various sensors. The various information that such vehicles can
collect is accumulated as big data in the cloud via the Internet, and by
analyzing it with AI, it is expected that a range of value-added services can
be provided.
And through “road-to-vehicle communication” where communication is
performed between the vehicle and infrastructure on the exterior (road)
and “vehicle-to-vehicle communication” where direct communication
is performed wirelessly between vehicles, cooperative driving assistance
will be possible, enabling things such as the acquisition of traffic jam
information and collision avoidance.
The Japanese Ministry of Internal Affairs and Communications “Research
Group for the Realization of a Connected Car Society” states that services
in the four (4) fields below will become possible with the spread of
connected cars.

Field Example
Safety • A service that alerts a driver when the driver
(Driving support services) passes through an area that has many accidents
• A service that recognizes oncoming vehicles and
pedestrians in a driver’s blind spot in real time
through communication with other vehicles and
external infrastructure, and alerts the driver
Car life support • A service that analyzes data gathered from
(Data driven services) onboard sensors, and sends a notification for
preventive maintenance to the driver’s smartphone
if the signs of a breakdown are found
• A vehicle insurance service that decides premiums
on the basis of driver’s driving characteristics (careful,
wild, etc.), driving distance, and other such factors
Infotainment • A service that enables the acquisition of periphery
(Entertainment-like information for the area a vehicle is travelling
services) through, such as video content to view
• A service that uses VR to enable a person to enjoy a Reference
drive together with someone who is not in the vehicle VR
Agents • A service that automatically contacts the police or “VR” is a technology that creates
(Driver support services) fire service for incidents such as an accident or the artificial reality by combining computer
deployment of an airbag graphics (a technology that processes
• A service that issues an alert and automatically
and generates still images and video
stops the car safely when the driver suffers a
with a computer) and sound effects.
physical problem, and automatically calls an
ambulance It is an abbreviation of “Virtual Reality.”
Vehicle-to-vehicle
communication Road-to-vehicle
communication
4
(3) Automated driving
“Automated driving” refers to a vehicle being driven or operated by a
machine, computer system, or other such system instead of a human. It is
also called “Autopilot.”
Aircraft and ships have thus far taken the lead in automated driving
technology, but in terms of relationship with IoT systems, automated
driving technology for automobiles is currently gaining attention.
When a human drives a vehicle, they usually repeat the process of
recognition, decision, and operation, or do these simultaneously.
In autonomous vehicles, different types of sensors are used to perform the
process of recognition, and then AI implements the process of decision
making on the basis of the obtained data. And then according to the
decision, it issues control instructions for operation to the electronically
controlled accelerator, brakes, steering, and other systems.
The USA’s Society of Automotive Engineers (SAE) has created different
levels for automated driving, classified from 0 through 5.
Level Overview Driver Automation details
Level 0 No Human
-
automation
Level 1 Driver Human • Provides operation assistance for
assistance either the forward and backward
motion of the car (acceleration/
deceleration) or the left/right motion
of the car (handling) in a specified
area only.
• The driver must always monitor the
status of automated driving.
Level 2 Partial Human • Provides operation assistance for
automation both the forward and backward
motion of the car (acceleration/
deceleration) and the left/right
motion of the car (handling) in a
specified area only.
• The driver must always monitor the
status of automated driving.
Level 3 Conditional Car • Performs all driving operations in a
automation (automated specified area only.
driving • G enerally, automated driving is
system) performed under the responsibility
of the automated driving system, but
in emergencies a human must drive.
Level 4 High Car • Performs all driving operations in a
automation (automated specified area only.
driving • Driver is not required even in emer-
system) gencies within a specified area.
Steering wheel and other driving
devices for human driving are re-
quired for driving outside a speci-
fied area.
Level 5 Full Car • P erforms all driving operations
automation (automated automatically without being limited
driving to a specified area.
system) • No steering wheel or other driving
devices for human driving are
required.
5
(4) Wireless charging
“Wireless charging” refers to a technology that can charge an electronic
device or other such things without the needs for electrical cables or
connectors. It is also called “cordless charging” and “wireless power
transfer.” As well as dedicated chargers for each device, there are also
chargers that comply with the “Qi” international standard that can be
used by many different devices.
There are two (2) types of wireless charging; a non-radiative type that is
currently in use, and a radiative type (microwave spatial transfer) that is
expected to be commercialized in future. The characteristics such as the
energy collection method and usage method are as below.
System Characteristics
Non-radiative types A system for transferring electrical power over a
relatively close range. Ways to achieve this include
electric field coupling and magnetic resonance.
• Electric field coupling

A system for transferring electrical power where
an electrode (a conductor for carrying a current)
is installed on the electricity supply side and the
receiving side, and both electrodes are moved
closer together to generate an electrical field. The
maximum distance for transferring electrical power
is a short 10cm, but its strong point is that there is
not much loss of electrical power. This is used for
purposes such as the charging of mobile devices.
• Magnetic resonance
A system for transferring electrical power where
a coil is placed on both the electricity supply side
and the receiving side, and by oscillating these
coils at the same frequency, the magnetic field
resonates and electrical power is transferred.
Magnetic resonance incurs a greater loss of
electrical power than electric field coupling, but
its strong point is that it can transfer electricity
over several tens of centimeters. This is used for
purposes such as the charging of vehicles.
Radiative types A system that converts electrical power into
(Microwave spatial electromagnetic waves, and uses an antenna
transfer) to transfer the power. This system is still not
commercialized, but it can transfer electricity over
a distance of several meters to several kilometers,
and it is hoped that it will become electrical
infrastructure that supports the IoT generation.
Example indoor uses include charging a sensor or
information device at a distance of several meters
or more. Example outdoor uses could include
transmitting electricity to vehicles, drones, or other
such things while in operation, and the transfer of
large volumes of electricity to disaster areas.
Wireless charging by magnetic resonance
6
(5) Robots
“Robot” refers to a mechanical system that has the three (3) functions
of sensor-based detection of external information, intelligence/control
system-based analysis of gathered information and decision making, and
drive system-based ability to act on the outside world.
In the IoT society, everything is equipped with sensors, and the
information gathered by these sensors is imported by a cloud server
or other such device. As such, this has produced a situation where the
intelligence and control systems on the cloud server can control robots
in remote locations, and there are now some robots that use networks to
implement some of the three (3) functions possessed by a robot.
Some of the specific uses and roles of robots are as described below.
●On the site of hazardous work
・ A remote controlled robot that inspects disaster areas and the interior of nuclear
power stations
・ A self-propelled robot that patrols offices and commercial facilities at night
・ A humanoid robot that performs work in a high-temperature environment at an
iron mill
●On the site of construction/production
・ A wearable robot that provides support when a worker lifts a heavy object
・ A dedicated robot for each process such as ceiling work, loading, and welding
●On the site of corporate hospitality, distribution, and delivery
・ A humanoid robot that deals with guests at a hotel reception or takes orders at a cafe
・ A picking robot that identifies products on a production line, and uses an arm to
perform everything up to packaging
・ A delivery drone that delivers goods to a remote island
●In the field of medical care and agriculture
・ A surgery robot that has multiple arms and provides support for endoscopic surgery
・ A harvesting robot that uses image recognition to identify and pick only ripe tomatoes
●In the field of support for daily life
・ An observation robot that comforts elderly people and provides notification in

Reference emergencies
Smart home ・ An interactive robot that provides an interface between smart homes and humans
“Smart home” refers to a house that
provides a comfortable living
environment with optimized energy
(6) Cloud services
usage by connecting household
appliances over a network and centrally “Cloud service” refers to services that are provided by servers (cloud
managing them. servers) on the Internet and are used via a network.
Whereas computer users conventionally use data and programs recorded
in PCs or other such devices, cloud services provide these as a service for
use over a network.
Examples of services that work with IoT systems include services where
information acquired by sensors installed in many locations is imported by
a cloud server over the Internet, and a range of processing such as analysis
7 and modification is performed. The processed data is provided to users
in an easy-to-view format, and it sent to things such as control devices,
robots, drones, autonomous vehicles for use in control and driving.
(7) Smart factories

“Smart factory” refers to factories where everything in the factory is
connected, making it possible for autonomous optimized operation. They
are factories where IoT is widely used, and all types of information from
the factory such as manufacturing facilities, components in production,
raw material and inventory quantities, and production plans are imported
and processed with AI or other such technologies to achieve the optimum
production and operation.
The establishment of smart factories is also an important goal in
Germany’s Industry 4.0.
(8) RPA
“RPA” refers to an initiative to use software in order to automate and Reference

streamline PC-based routine work that was originally performed by RPA
humans. Specifically, as well as individual activities such as viewing and An abbreviation of “Robotic Process
Automation.”
browsing information with a web browser, entering data in spreadsheet
software, and entering data in internal information systems, a workflow
that is a combination of each of these can also be automated.
Although the R in RPA stands for “robotic,” here there is no robot with a
physical form, and instead this refers to a virtual robot that is created with
software.
(9) Sharing economy

“Sharing economy” refers to the social concept of sharing and effective
Reference
use of assets and resources such as physical objects, services, and places
Social media
with many people, and also to services developed under such a concept. “Social media” refers to a system where
With the spread of the Internet and social media in recent years it has information from users is disseminated
become easy for members of the general public who do not know each broadly to many other users on the
Internet by encouraging users to connect
other to connect, so many services that fall into the category of the
to each other. Social media includes
sharing economy have been created. social networks and blogs.
Specifically, such services include, accommodation services that provide
spare rooms in residential houses and other such places, ride sharing
services where people share the same general automobile to get to a Reference
destination, buying and selling services for unused second hand goods, DIY
“DIY” refers to an individual creating or
and services where an individual provides their skills (DIY, cooking, etc.).
repairing something themselves.
It is an abbreviation of “Do it yourself.”
2 IoT devices
“IoT device” refers to a device (or component) that is connected to an IoT
system. Specifically, it refers to sensors and actuators that are built in to
IoT equipment. In some cases, in its broadest sense it also refers to the
actual IoT equipment that sensors and actuators are built in to.
IoT devices are mainly divided into “input devices” that send information
to a cloud server, and “output devices” that acquire information from a
cloud server.
Input devices contain sensors that record changes in information and
the surrounding environment, and are connected to a network. Output
devices acquire information from a cloud server, and have the role of
leading people or things into an appropriate state by using an actuator.
8
(1) Types of sensor
“Sensor” refers to a device that detects and measures changes in light,
temperature, pressure, and other such things. Many devices are already
equipped with sensors, and they are used to for purposes such as
adjusting the temperature and strength of air conditioners and preventing
overheating by gas cookers.
In IoT systems, change and other information that is gathered by sensors is
sent to a cloud server and is analyzed and processed to give it greater value.
Typical sensors include those described below.
Type Description
Light sensor This is a sensor that measures the size of an object,
dimensions such as length and width, position, and other
such things by using light. Semiconductor devices in
which an electrical current occurs when impacted by light
are used in such sensors. They are used in many familiar
places, such as vending machine for the recognition of
bank notes and coins, and ticket gates at train stations to
detect when someone passes through.
Brightness sensor This is a sensor that detects brightness in the surrounding
(luminance sensor) environment. It uses similar semiconductor devices to
those used in light sensors. In smartphones and tablets,
a brightness sensor reacts to the brightness of the
surroundings and enables automatic adjustment of the
brightness of the screen.
Infrared sensor This is a sensor that converts infrared light into an
electrical signal, and can extract the required information.
Infrared rays are emitted naturally by warm objects, and
because they are invisible to the naked eye, they are
widely used in things from remote controls for household
appliances to crime prevention and security devices.
Electromagnetic This is a sensor that detects electromagnetic waves
wave sensor with a longer wavelength than infrared rays (these are
called microwaves), and can detect these waves without
being affected by the environment. Electromagnetic
wave sensors use electromagnetic waves, and so
are characterized by the way they have very few
false detections even outdoors, or in extreme climatic
conditions such as rain and wind. They can also cover
a wide area because electromagnetic waves reach the
shadow of objects and the corners of rooms. They are
used in theft prevention for vehicles, in the care of elderly
persons who live alone, and other such purposes.
Magnetic sensor This is a sensor that can measure strength, direction and
other such things in spaces where there is magnetism.
Uses include non-contact switches that switch the lighting
for the screen on a notebook PC on or off when it is
opened or closed, and there are a wide range of magnetic
sensors that can be used for different purposes. They are
widely used in the fields of electricity and engineering.
Accelerator sensor This is a sensor that can measure a change in speed
over a set period of time. A range of information can be
gained, such as tilt, movement, vibration, and impact,
and as well as controllers for game consoles, accelerator
sensors are used in many smartphones and intelligent
home appliances.
Gyro sensor This is a sensor that can measure the size of a revolution when
it occurs. Uses include image stabilization in digital cameras
and drift prevention in vehicles. Gyro sensors can measure the
“angular rate” that indicates the speed of revolution, and so are
sometimes called angular rate sensors.
9
Type Description
Ultrasonic sensor This is a sensor that can detect the presence of an object
and the distance of an object by using high frequency
inaudible ultrasonic waves. Ultrasonic sensors use sound
waves instead of light, and so they are characterized
by their ability to perform measurements even in water
and glass and other transparent objects, and dusty
environments. They are used to detect vehicles in cark
parks and crossings, to detect obstacles for transportation
devices, in fish finders, and for other such purposes.
Strain gauge This is a sensor that can measure strain. Strain sensors
measure the degree of strain by using the changes
in resistance that occur when an object is stretched,
compressed, twisted, or otherwise changed in shape
through the application of external force. They are often
used for the purpose of ensuring safety by monitoring the
state of things including transportation devices such as
vehicles and aircraft and civil engineering structures such
as high rise buildings and elevated expressways.

Other sensors The touch panels and microphones and other equipment
that smartphones and other devices are equipped with
detect external inputs, and so in a broad sense these
things are also sensors.
(2) Practical systems that use sensors

Practical systems that use sensors include those described below, some
of which are implemented by combining typical sensors.
Type Description
Distance sensor Sensors that measure distance include those that use Reference
ultrasonic waves and infrared rays. Distance sensor
Ultrasonic distance sensors emit ultrasonic waves mechanism
and measure the time it takes for them to be reflected
by the object and return, then calculate the distance.
(i) Emission of
Infrared distance sensors emit infrared rays, and ultrasonic waves
receive the reflected light by using a component called a Transmitter
Object
photosensitive element. When reflected light is received,

the photosensitive element determines which part of (ii) Receipt of
ultrasonic waves Receiver
the element received the reflected light and the device
uses the position that infrared rays were emitted from
(iii) Conversion of time taken
and the position the reflected light was received in order to be reﬂected to distance
to calculate the distance to the object. There are some
models of smartphone where the display automatically
switches off when it is moved close to the ear in order to
make a call, and this also uses a distance sensor (which is
also called a proximity sensor in such cases).
Bed leaving sensor This is a sheet-shaped sensor that is laid underneath
a mattress, that detects faint vibrations given off by the
body and can acquire a range of data. As well as being
able to measure heart rate and breathing rate and detect
whether a person is sitting up and whether they are
still in bed or not, these sensors can also measure the
frequency and strength of body movements (movements
that are larger than breathing and heart rate) and by
analyzing such data with software, determine whether
someone is asleep or awake.
Contactless heart The surface of a human body moves microscopically due
rate measurement to a person’s pulse, so when it is irradiated with micro-
sensor waves, the frequency of the microwaves change. This is
called the Doppler effect. By analyzing this change with a
certain algorithm, it is possible to calculate the heart rate
of a object. Even if there are multiple objects, the heart
rate of each one can be measured.
10
(3) Actuators
An “actuator” is a device that converts input in a form such as energy or a
signal into physical or mechanical movement.
In IoT systems, an actuators can be called a device to feed analyzed and
processed information back to the real world.
Specifically, information that is gathered by a sensor undergoes analysis,
processing, and other such operations by a cloud service, and it is then
sent to an actuator via a network. The actuator that receives information
then takes some form of feedback action.
For example, a humidity sensor in a greenhouse measures humidity, and
sends this to a cloud service. If the cloud service that receives the information
from the humidity sensor determines that the humidity is lower than
standard so should be increased, it sends control information to the
control unit of a sprinkler equipped with communication functionality in
the greenhouse telling it to start sprinkling. The control unit that receives
this information uses an electric motor to switch the sprinkler on and start
sprinkling. This control unit is an actuator.
3 IoT network
An “IoT network” is a network to which IoT devices (IoT equipment) are
connected.
IoT systems are constructed for a range of purposes and uses. As such, the
important points for networks that are used to implement an IoT system,
such as speed, connection scope, power consumption, cost, and level of
delay, differ for each system.
Each component of a network, the communication methods, and
other characteristics must be considered, and the optimum network
configuration for the IoT system to be implemented must be selected.
(1) IoT network components and communication methods

Components and communication methods for IoT networks to which IoT
devices are to be connected include those described below.
●LPWA
Reference
“LPWA” is a collective term for wireless communication technologies that
LPWA
An abbreviation of “Low Power Wide enable low power, wide area communication.
Area. In IoT, needs include installing many sensors over a wide area and
regularly gathering measurement information. In such cases, while
there is no problem if communication speed is low, the communication
technology required must be able to cover a wide area with low power
consumption and low cost.
LPWA are technologies that respond to these needs, and many
companies have launched services to meet them. From the perspective
of communication standards, these services are broadly divided into
services that use the same frequency bands as cell phones and require a
license, and services that use general purpose frequency bands and do
not require a license.
11
●Edge computing
“Edge computing” is a computer network technology in which servers
are distributed and deployed near people and IoT devices. It is called edge
computing because processing is performed at the edge of the network.
Normally, IoT devices and other devices send the information they gather
to a cloud server. But as IoT systems became more and more common,
the problem of processing being concentrated in cloud servers occurred.
There is also sometimes a delay between an IoT device making a request
for processing to a cloud server and the result returning to the IoT device
because there is a long communication path from IoT devices to a cloud
server. Such delays may lead to serious accidents in processing that must
be very real time in nature, such as the processing in connected cars. As
such, a system gaining attention is one where some of the processing
that used to be given to cloud servers is instead given to a server called an
“edge” near to the IoT device.

Furthermore, if ultimately there is a need to send information to a cloud
server, the load on the network can be reduced by only retrieving
from the edge the required information from the massive volume of
information gathered by IoT devices. It is also possible to take security
risks into account by deleting unnecessary personal information and other
information from the edge before sending it to the cloud server. Reference
BLE
●BLE An abbreviation of “Bluetooth Low
“BLE” is a power saving communications technology that is used in Energy.”
version 4.0 onward of the Bluetooth short-range wireless communication
technology.
Integrated circuit (IC) chips that support BLE use only 1/3 of the power
previously required, and can run for several years on a single button
battery. Furthermore, Bluetooth can be incorporated at a low cost, and
because of this and other reasons, BLE is considered a hopeful prospect
for use in on-premise sensors and wearable devices.
12
●IoT area network
An “IoT area network” is a communication technology for the connection
Reference
of IoT devices in a small area such as a factory, school, or household. In an
PLC IoT area network, a wireless LAN, PLC in the case of a wired connection,
“PLC” refers to a network and other such things are often used.
communication technology that is In order to implement an IoT system, it is necessary to connect IoT devices
plugged into power sockets in general
(IoT equipment) to cloud servers and other such things via a network.
households and buildings and uses
power lines as communication lines. When they are connected, IoT devices use an IoT network to connect to a
It is an abbreviation of “Power Line cloud server via the route below.
Communications.”
Cloud server
Internet
Reference
Gateway
Gateway
“Gateway” refers to a device that IoT area network
converts the different protocols (rules for
communication) for LANs and WANs IoT devices (IoT equipment)
(wearable devices, intelligent home appliances, robots, etc.)
and connects them.
●5G
Also known as the fifth-generation mobile communications system, “5G”
is a communication standard for next generation communication for cell
phones, smartphones, and other such devices that the Ministry of Internal
Affairs and Communications and private companies are working to start
commercial use of in 2020.
It is the successor technology of the currently widely used LTE and the
fourth-generation mobile communications system LTE-Advanced. When
these technologies are compared, the characteristics of 5G are high
speed/high capacity, low delay, and multi-connection.
Characteristics Details
High speed/high It achieves speeds 100 times faster than at present and has
capacity a high capacity by using a combination of new frequency
bands that enable the use of wide band communication in
Reference addition to the frequency bands that are currently used. For
Telematics example, a 2 hour movie can be downloaded in 3 seconds.
“Telematics” refers to the provision of a Low delay Network delay is reduced to 1 millisecond (one thousandth
range of services in real time through of a second) or less, and time lag is very small, even in
the embedding of wireless communication with remote locations.
communication and information systems Multi-connection Simultaneous connection with many devices is possible.
in moving objects such as automobiles, For example, in an area about the size of a household,
or to this concept. simultaneous connection of several PCs, smartphones, or other
It is a portmanteau of the words devices is currently possible, but with 5G the simultaneous
connection of around 100 devices will be possible.
telecommunication and informatics.
Through the linking of on board
navigation systems, GPS, sensors, (2) Use of either high speed networks or low speed networks depending
information devices and other such on purpose
things to wireless data communication While 5G has the characteristics of high speed/high capacity, low delay,
services that can be connected to the
and multi-connection, the cost of use increases proportionately. As such,
Internet, it enables the provision of traffic
jam information, traffic information, 5G will be used for situations where real time communication with no
weather forecasts, video and audio data, delay is needed even if cost is incurred.
and other such things, as well as the On the other hand, LPWA is slower and has large delays compared to 5G,
transmission of information.
but it has the characteristics of being inexpensive to use and having low
power consumption. As such, it is used in situations where cost is to be
13
prioritized over communication performance, and maintenance such as
battery replacement is to be reduced.
Power consumption -
High
Wireless LAN ５G/LTE
Communication Communication
range - Narrow range - Wide
BLE LPWA
Power consumption -
Low
Specific use scenarios are as below.

●Use scenarios for high speed networks/wide area communication such as 5G
・ Scenarios where a connected car communicates with other cars and external
infrastructure, detects risks and alerts the driver or operates the automatic break
・ Scenarios where a doctor in a remote location operates a robot arm that performs
surgery on an actual patient in a remote operation
●Use scenarios for low speed networks/wide area communication such

as LPWA
・ Scenarios where digital water meters on remote islands send meter information
that is received by a water bureau
・ Scenarios where sensors are installed in various areas around a vast paddy field to
measure the daily water level, and a farmer uses these to perform centralized
management for the water level of all locations
4 IoT system security

IoT systems and IoT equipment are used in a range of areas, from general
consumer areas to different industries, and can be expected to spread
even more widely. As such, IoT systems and IoT equipment require safe
and secure handling from design and development to implementation,
operation, and maintenance.
Given this situation, a range of organizations have published various
principles, standards, and guidelines.
(1) IoT Security Guidelines

“IoT Security Guidelines” are guidelines concerning IoT security created
by the IoT Acceleration Consortium that the Ministry of Economy, Trade
and Industry, and the Ministry of Internal Affairs and Communications
took the lead in establishing, and they are intended for everyone who is
involved in IoT systems, IoT equipment, and IoT services.
These guidelines specify security measures for the lifecycle (policy,
analysis, design, implementation and connection, operation and
maintenance) in the provision of IoT systems, IoT equipment, and IoT
services in the form of five (5) principles and 21 key concepts.
These five (5) principles and 21 key concepts for security measures are as
below.
14
Stage Principle Key concept
Policy Principle 1 Key concept 1 Directors must commit
Define a basic to IoT security
policy that Key concept 2 Be prepared against
considers the internal fraud and
essence of IoT errors
Analysis Principle 2 Key concept 3 Identify what needs to
Recognize IoT be protected
risks Key concept 4 Envision the risks from
being connected
Key concept 5 Envision the knock-on
risks from being
connected
Key concept 6 Recognize physical risks
Key concept 7 Learn from past examples
Design Principle 3 Key concept 8 Create a design that
Consider a design protects individual
that protects elements and the whole
what needs to be Key concept 9 Create a design that
protected does not inconvenience
counterparts to whom
you will connect
Key concept 10 Ensure consistency in
a design that achieves
safety and security
Key concept 11 Create a design
that ensures safety
and security even
when a connection is
established with an
unknown counterpart
Key concept 12 Conduct verification
and evaluation to
ensure the design
achieves safety and
security
Implementation Principle 4 Key concept 13 Create a function to
and connection Consider identify and record the
measures to status of devices and
be taken on the other such things
network Key concept 14 Ensure network
connections are
appropriate for the
relevant function and
purpose
Key concept 15 Pay attention to initial
settings
Key concept 16 Include an
authentication function
Operation and Principle 5 Key concept 17 Maintain a state of
maintenance Maintain a state safety and security after
of safety and shipment and release
security, and Key concept 18 Continue to identify IoT
disseminate and risks after shipment and
share information release, and convey to
stakeholders the things
to be followed
Key concept 19 Ensure that general
users know about the
risks of connecting
Key concept 20 Recognize the roles
of stakeholders in IoT
systems and services
Key concept 21 Identify vulnerable
devices and
raise awareness
15 appropriately
Four (4) rules that should be followed by general users are also defined.
The four (4) rules for general users are as below.
Rule 1: Refrain from purchasing or using devices and services that do not offer support
or a point of contact for inquiries
Rule 2: Pay attention to initial settings
Rule 3: Switch off devices that are no longer used
Rule 4: Delete data when disposing of devices
(2) IoT Security Guide for Consumers

The “IoT Security Guide for Consumers” is a report (recommendations)
for matters to be considered by providers of IoT systems and IoT services
in order to protect consumers who use IoT and are thought to have the
most significant security issues. They were created by the Japan Network
Security Association (JNSA).
The content of the Security Guide for Consumers is as below.

1: IoT overview
2: Current IoT security situation
3: Matters for verification by vendors who provide IoT devices
4: Matters for vendors to consider when users use the IoT
3 Big Data
“Big data” refers to a massive volume of complex data that cannot be Reference
handled with a conventional database management system. Three (3) Vs
Conventional database management systems handled formatted, It is said that big data has the
characteristics of the three (3) Vs. The
structured data such as numerical information concerning sales and
three (3) Vs are volume, variety, and
production and customer information. velocity.
However, as IoT becomes more and more common, countless sensors
Characteristic Meaning
installed in locations such as production sites, public locations,
A massive amount
households, and on people (wearable devices) are able to gather massive Volume
of data
volumes of data in real time.
A range of data such
Furthermore, smartphones, tablets, social media, and other such things Variety as text, image, and
that people use generate various types of data in large volumes such as audio
images, audio, and video that is not simply text. Data gathered in
Velocity
It was previously impossible to process such a massive volume of data, real time
but the reason that big data is now being given so much attention is that
because of the development of high speed high capacity communication
and cloud servers, it is now possible to do things such as accumulate a
large volume of data and process it with AI.
The degree to which this gathered, accumulated, and analyzed big data
can be used in a way that is valuable to society, industry, and people’s
everyday life is an important issue.
1 Classification of big data

There are many approaches to the classification of big data. One approach
to this taken by the Ministry of Internal Affairs and Communications is
to focus on the data generated by the three (3) entities of individuals,
companies, and the government, and classify it into the four (4) types
below. 16
Type Description
Government: Open data This refers to public information that is held by
central and local government. Disclosure of this
is proceeding so that the data can be used by the
public and private sectors.
Companies: Digitalization This refers to data that is comprised of the
Reference of knowledge digitalized and structured implicit knowledge (or
know-how) held by companies. It is expected
Industrial data
that going forward, a range of know-how will be
“Industrial data” refers to a combination digitalized in a variety of fields and industries.
of the digitalization of knowledge and
Companies: M2M data This refers to data exchanged between things
M2M data, and it is the data that is
through the connection of equipment, mechanical
generated from corporate activities. devices, buildings, and other such things over a
network.
Individuals: Personal data This refers to personal information such as personal
Reference attributes, activity history and information gathered
M2M from wearable devices. It also includes anonymous
“M2M,” also called “MtoM,” refers to information that has been processed to make it
autonomous control and operation impossible to identify an individual for business and
other purposes.
through information exchange between
machines over a computer network
without human intervention.
It is an abbreviation of “machine to
2 Utilization of big data
machine.” There are a range of ways to utilize big data.
The Ministry of Internal Affairs and Communications is focusing on open
data, industrial data, and personal data as the three (3) main types of
data, and the data can be utilized with the methods below.
Type Utilization method
Open data • Visualization of local authority budgets, tax revenue, and
(Central/local expenditure in order to support each citizen to have a
government) responsible opinion about the way tax is used
• Provision of the availability status of each seat at a library
so that users can check it
• Provision of regional crime prevention information and
the location of AEDs via an app in order to increase
awareness of crime prevention and for use in the event
of a medical emergency
Industrial data • Gathering and utilization of data for the purposes of
(Companies) improving factory productivity and reducing costs
(manufacturing industry)
• Gathering and utilization of weather and other data
for the purposes of improving agricultural productivity
(agriculture)
• Gathering and utilization of physical data from customers’
wearable devices in order to provide healthcare services
(health industry)
• Gathering engine operation data and utilizing it to
discover the signs of faults and other problem in order to
ensure safety in aircraft (aviation)
Personal data • Provision to various companies in order to receive various
(Individuals) services from the companies
• Gathering and utilization of data by companies in order to
utilize it in things such as marketing after first gaining the
approval of individuals
17
3 Analysis methods for big data
Analysis methods for big data include those described below.
Type Description
Cross tabulation This refers to the tabulation and analysis of data for each
analysis certain standard (angle).
For example, by breaking down sales f or diff erent
convenience stores by the gender, age group, day of the
week and analyzing it, it is possible to find out about the
relationship between different attributes.
Association This is a method for investigating things such as trends
analysis where two (2) seemingly unrelated phenomena are prone to
occurring together from accumulated data.
For example, if trends such as beer and paper diapers
tending to be purchased together can be identified from
supermarket sales data, it is possible to take action such
as moving the location of these things closer to increase
simultaneous purchase.
Logistic This is a method of predicting the probability that something

regression will happen by analyzing multiple factors that have the
analysis value of either yes or no . This is used for purposes such as
calculating the probability of the occurrence of an illness in
the field of medical care.
An example of this is the calculation of the probability of
the occurrence of lifestyle diseases from whether or not
a person has a habit of drinking and whether or not they
exercise.
Cluster analysis This is a method that creates groups (clusters) of things with
similar properties from a larger group in which many things with
different properties are mixed together, and analyzes them.
For example, this is used for things such as the analysis
of characteristics of customer tastes, and the analysis of
product brand positioning.
Decision analysis This is a method for making predictions and classifications
(Decision tree from a group of data, and on the basis of assumptions and a
analysis) hypothesis it breaks down data in the group to analyze what
kind of predictions and classifications can be made on the
basis of what kind of hypothesis.
For example, from a massive volume of customer data it
analyzes things such as the kind of attributes that a person
with a high probability of purchasing a company’s products
has.
4 Points for attention and issues in the

utilization of big data
Below are some points for attention and issues in the utilization of big
data.
●Clarify objectives
In the utilization of big data, the true objective is not just to analyze big
data, rather, it is to gain business knowledge from the results of analysis
and achieve business targets. It is always necessary to check whether
activities that are consistent with the objectives are being undertaken.
●Prepare against the risk of data loss or theft

In order to accumulate and analyze big data, cloud services and other
services provided by external vendors are used in many cases. The
most trustworthy vendor is selected in consideration of the security
requirements.
18
In terms of security incidents such as the leakage of corporate information,
most of these are caused by human error within a company and theft
by an inside party. As such, an appropriate response for internal security
measures is required.
●Consider privacy
The information handled by companies contains much personal
information. This should be managed appropriately in accordance with
the Act on the Protection of Personal Information.
●Handle swift data processing

As big data exists in massive volumes, in some cases the platforms and
services used cannot provide sufficient performance and delays occur in
the analysis and use of big data. In business, such delays can cause serious
opportunity losses. It is necessary to check the requirements for platforms
Reference
Platform and services from the perspective of processing performance.
“Platform” refers to infrastructure such
●Acquire data scientists stably
as hardware and operating systems for
application software to run on. There is currently an expanding demand for big data analysis and a severe
shortage of skilled data scientists who are educated in mathematics and
have business knowledge, so the stable acquisition of such data scientists
is required.
While it is possible to bring in data scientists from outside or educate
them internally, it is necessary to create an environment to ensure
stability, such as through appealing work content and compensation.
5 Big data utilization technological and

academic fields
The technological and academic fields relating to big data include the below.
(1) Text mining

“Text mining” refers to a technology for performing data mining on a
large volume of documents (text) and extracting beneficial information.
Currently, a range of different information exists as big data. Included in
this or particular note is a massive volume of text information on websites,
blogs, and social media on the Internet.
Reference In text mining, such text information is broken down into units of words
Natural language by natural language processing. From groups of words, it is possible to
processing extract valuable information by analysis of things such as frequency of
“Natural language processing” refers to
a technology that lets computers occurrence, occurrence trends, occurrence timing, and correlations.
process everyday language used by
people (natural language). (2) Data science
“Data science” refers to an academic field that attempts to find some kind
of valuable information from large volumes of data such as big data.
19
It is related to fields such as mathematics, statistics, information
engineering, and computer science, and it is used in a wide range of Reference
business fields such as corporate marketing as well as other fields such as Digital transformation
medical science, biology, sociology, education, and engineering. “Digital transformation” refers to reform
in a range of activities on the basis of IT,
People who research data science and use data science technology in
and especially in companies, it refers to
order to achieve the goals of corporate activities such as marketing are the reconstruction of all business
called “data scientists.” activities on the basis of IT.
For example, through the combination of
smartphones and cloud services,
hosting, ride sharing, and other such
4 Agility services have become threats to the

traditional accommodation industry and
the taxi industry. Companies that
To have “agility” means to have the quality of being agile. breakdown traditional structures and
In times where the business environment was relatively stable, methods undertake reforms that leverage IT to
such as the waterfall model in which a reliable and stable system could be pursue convenience for customers in
this way can be called companies that
developed with refined and detailed specifications on the basis of a mid-

are implementing digital transformation.
to-long-term plan were effective.
However, there is increasing uncertainty in the current ever-changing Reference
business environment. Business and IT can no longer be considered Waterfall model
separately. “Waterfall model” refers to a
Particularly when it comes to things like digital business where development model where system
development is broken down into
differentiation comes from the use of IoT systems and other IT, if a
processes, and development is
company fails to keep up then it will soon get left behind by competitors. performed sequentially from upstream
Against this backdrop, an initiative called agile software development processes to downstream processes
is becoming increasingly common. Agile software development is a without going back.
method for the swift and efficient development of a system. First, the
development is broken down into very short development periods of one
(1) or two (2) weeks, and the system for development is divided into small
functions. These short work periods are called iterations. A complete
development cycle is performed for each iteration, and each function is
developed one at a time. Furthermore, as feedback is received from users
each time a function is completed, this leads to the minimization of risk.
The overall system is created incrementally by repeating such iterations.
1st iteration 2nd iteration 3rd iteration
Development Testing/evaluation Development Testing/evaluation Development Testing/evaluation

(programming) (programming) (programming)
Release 1 Release 2 Release 3

Program Program Program
Design Analysis Design Analysis Design Analysis
20
Agile software development itself indicates a fundamental approach, and
specific development techniques include extreme programming (XP) and
scrum.
1 Extreme programming (XP)

Reference “Extreme programming (XP)” is the forerunner of agile software
XP development, and it is suitable for small scale software development in
An abbreviation of “eXtreme relatively small teams of up to 10 persons.
Programming.”
In XP, simplicity, communication, feedback, bravery, and respect are
advocated as values to be emphasized.
A characteristic of XP is its emphasis of coding and testing over design,
and the way that modifications and design alterations are performed
while receiving constant feedback from team members and users. XP also
defines practical techniques called practices.
The main practices are as below.
Technique Description
Pair Two (2) programmers form a pair, and work together
programming to develop a program. The two (2) programmers swap
roles and check each other’s work while ensuring smooth
communication and improved program quality.
Reference Test driven Test cases are created before development of a program,
Test case development and the program is developed with the aim of clearing these
“Test case” refers to test items and test cases.
conditions that assume a pattern for Refactoring Software is improved by changing the internal content
testing. (software code) without the methods that are used to call
the software externally.
2 Scrum
“Scrum” takes its name from the scrum in the sport of rugby, and is a
technique for agile software development. It emphasizes organizational
unity and functioning of the development team.
A scrum is performed with a small number of people, with the maximum
Reference being around nine (9). In each “sprint” period with a maximum length
DevOps of around four (4) weeks, the scope of the program to be developed is
“DevOps” is a portmanteau of the words determined. Everything from development to review and adjustment is
development and operations, and it
performed in each sprint, and development is performed while constant
refers to a methodology where the
development team and the operation communication is maintained to check if there are any problems with
team for an information system work the program status and the way it is being taken forward. Another
closely to ensure a seamless shift from characteristic of a scrum is the way development is performed while
development to production migration
changes are flexibly being made to the priority order of user requirements.
and full operation with the aim of
avoiding a slowdown in business.
It is an approach that is applicable to
agile software development, and
organizational structures that follow the
approach of DevOps are required in
order to continuously and quickly release
completed software through cooperation
between the development team and the
operation team.
21
5 Artificial Intelligence (AI)
“AI” refers to attempts to analyze the functions performed by human
brain and to recreate those functions artificially, and to devices and
systems that have such functions.
The current generation is called the third AI boom, and technologies such
as machine learning and deep learning are gaining attention.
The first AI boom occurred around 60 years ago. The history up to this
point is as below.
Boom Description
First AI boom Algorithms such as inference and search were used
(late 1950s to 1960s) to achieve results such as finding a solution for
games and puzzles, but it was not possible to solve
real problems and the boom died down.
Second AI boom Knowledge in a limited number of fields was used to

(1980s - early 1990s) make rules that were then entered into a computer,
and expert systems that treated a computer as an
expert in these fields gained attention. However,
when attempts were made to make expert systems
general purpose, the knowledge that had to be
entered became vast, and many projects fizzled out.
Third AI boom Instead of the entry of human knowledge like in
(2000s - present) expert systems, machine learning and deep learning
where AI (computer) learns by itself are gaining
attention.
There are hopes that the third AI boom will not be
transient and that it will lead to the fully fledged
establishment of AI in society. The reasons for this
are as below.
• Increased speed in computer processing
• An increase in the amount of data for AI learning
because of the large volumes of digital data in
circulation
• Improved arithmetical methods
1 Neural networks
“Neural networks” are artificial replications of the mechanisms in a human
brain. The human brain has many nerve cells (or “neurons”) that form a
nerve communication network. This is the basis for neural networks. A
neural network is a network with three (3) layers (input layer, intermediate
layer, output layer) of linked artificial neurons.
22
2 Machine learning
“Machine learning” refers to an AI technology that is characterized by
self-learning by AI in which large volumes of data are imported into AI,
and then the AI itself discovers rules and relationships, categorizes the
data and performs other such actions.
In the background to the birth of machine learning there are factors such
as an increase in computer processing speed and the volume of data on
the Internet that can be used in learning.
In machine learning, humans simply indicate where to focus on
(characteristic quantity) in subject data (images, audio, etc.), and it
becomes possible to import large volumes of information and make
correct decisions.
For example, if a human provides an instruction for where to focus on
in order to recognize a picture of a cat, it becomes possible to correctly
select pictures of cats by simply importing large volumes of data.
3 Deep learning
“Deep learning” refers to an AI technology that incorporates the
mechanisms of a neural network, and it is created as a technique for
machine learning.
In deep learning, digital data is entered in the input layer and passes
through several intermediate layers before a response is generated. The
deeper that the intermediate layers are, the more advanced classifications
and decisions are. The word “deep” in deep learning refers to this depth
in terms of layers.
Input layer Intermediate layers Output layer
Data output
Data input
Artiﬁcial neurons
The biggest difference between deep learning and general machine

learning is that in deep learning, no human instructions are required. This
means that even with no instructions from humans, AI itself can identify
the characteristics of a subject by importing large volumes of data, and
can make decisions and perform classifications.
23
A case study for this can be found in the research performed by Google
in 2012 where it imported a large volume of image data into AI, and then
the AI became able to correctly recognize images of cats. This meant
that Google’s AI had become able to recognize the pattern of a cat as an
image by itself without instructions from anyone.
4 Typical examples of AI utilization

In the third AI boom that is happening now, the utilization of AI has
become realistic and it is starting to be used in a range of areas.
(1) AI utilization in service desk operation

If a chatbot is used for service desk work, it is possible for the chatbot to Reference
deal with inquiries 24 hours a day, 365 days a year. Chatbot
While naturally chatbots cannot be used to deal with all inquiries, “Chatbot” is portmanteau of the words
chat and robot, and refers to a robot (or
chatbots are also being developed to include functionality that enables a
program) that responds automatically to

human agent to seamlessly deal with such inquiries. questions from a human.
Chatbots that are equipped with AI learn
(2) Other examples of AI utilization from questions asked by humans on a
Other examples of AI utilization include the below. daily basis, and develop to be able to
answer new questions. However, it must
・ An AI education service that analyzes the usage status of a learning app and be noted that learning takes a certain
response data for questions in order to provide the optimum curriculum for each amount of time and chatbots may not
individual student necessarily develop to provide perfectly
・ A service that analyzes the degree of change in heartrate from an image of an correct answers.
employee’s face, and measures the level of stress
・ A program that detects patterns for scams from the analysis of customer inquiry
records in the financial industry
・ An automatic separation program that uses AI in image analysis to rank cucumbers
on the basis of shape, color, and size
・ A recognition system that can very reliably distinguish between pedestrians and
Reference
vehicles by acquiring and processing a large volume of images
・ A program that achieves a level of thinking capabilities high enough to beat the
AlphaGo
best human player of go “AlphaGo” is a go computer program
developed by the Google subsidiary
company DeepMind.
24
The Field of Information Security
1 Information Security
“Information security” refers to the protection of information that is an
important asset of a company or an organization so that it is in a safe state.
As for information security, the mechanism by which fraudulent behavior
occurs, and the types of technical threats have been added to version 4.0
of the syllabus.
1 Mechanism by which fraudulent behavior occurs

To ensure that fraudulent behavior does not occur, it is important to
understand the mechanism by which fraudulent behavior occurs, and the
attacker that causes fraudulent behavior.
(1) Fraud triangle

The investigation of actual criminals and the compilation of “what kind
of a mechanism works until a person performs fraudulent behavior” as
a theory by the American criminologist Mr. Cressey is called the “fraud
triangle.” According to this theory, fraudulent behavior occurs when the
three (3) elements of “opportunity,” “pressure,” and “rationalization” are
aligned.
Element Description
Opportunity It refers to the existence of an environment that facilitates
fraudulent behavior. For example, “although a shelf in which
confidential material is kept is locked, the storage location of
the key is known to all employees” corresponds to opportunity.
Pressure It refers to circumstances that are the main cause of
occurrence of a fraud. For example, being in great economic
difficulty, or being hostile towards the company correspond to
pressure.
Rationalization It refers to selfish reasoning such as interpreting things in a
convenient way and passing the buck around to the others. For
example, thinking selfishly that “since the business managers
of this company are making undue profit, stealing a small
amount of money will not pose a problem” corresponds to
rationalization.
2 Types of technical threats

Reference Technical threats include attacks such as those where an overload is
Malware exerted on a server that can be accessed from the outside, such as a
“Malware” is a generic term for software web server or an e-mail server so as to stop the service or infect it with
that has a malicious intent typified by a malware.
computer virus.
25
The following are the main contents that have been added to version 4.0
of the syllabus with regard to the types of technical threats.
Characteristic Description
RAT It is a generic term for a program that enables a remote
operation by stealing administrator privileges for which
all operations of a computer are allowed.
It is the abbreviation for “Remote Administration Tool.”
SPAM It is a large quantity of e-mail sent to a random large
number of users with the main purpose of promoting,
advertising, or committing a fraud. It is also called spam
mail or unsolicited mail.
Shadow IT It refers to the information devices (such as the PCs
and mobile devices privately owned by employees)
and external services used by employees for business
activities without obtaining the permission of the
company. Shadow IT increases the risk of infection by
malware, and the risk of information leakage, etc.
DDoS attack It refers to an attack that involves a DoS attack from Reference

multiple terminals. A DDoS attack is also called a DoS attack
“Distributed DoS attack” in which the scale of a DoS
A “DoS attack” is an attack in which an
attack has been remarkably increased. In a DDoS attack,
a “zombie computer” that has taken over a vulnerable overload is exerted on the server to stop
terminal through a BOT is often used. A cracker having its functions. Generally, a method of
technical ability organizes “botnets” consisting of a large sending large quantities of packets
number of zombie computers, and attacks the terminals equivalent to an amount that cannot be
to be attacked all together from these botnets. Not only processed by the server is used.
is the scale incomparably larger than a DoS attack, DoS is the abbreviation for “Denial of
but since the attack source is a manipulated zombie Service.”
computer, it is difficult to trace the real culprit.
It is the abbreviation for “Distributed Denial of Service.”
Cache poisoning It refers to an attack in which false information is sent Reference
to a cache (memory area) where the “name resolution DNS server
information” of the DNS server is stored. It is also called
“DNS” is the mechanism of a service for
“DNS cache poisoning.” When a request for the name
resolution of the domain is received from the client, the managing the IP address and domain
false IP address set in the cache is returned. Therefore, name by correlating them in a 1:1
rather than the website that was originally intended to be relationship. When two (2) computers
accessed, the client is led to the false website prepared communicate with each other, the IP
by the attacker. address is used for searching the
Drive by download It refers to an attack in which a malicious program is partner computer.
automatically downloaded without the realization of the A “DNS server” is a server having the
user, simply by displaying a website. DNS function. The DNS server provides
Exchange-type It is one of the “targeted attacks” that is performed the service for converting the queries
attack by targeting a specific user in a specific company or from the client through the domain name
organization, and depending on the targeted partner, a to an IP address.
step-by-step exchange is performed by using an e-mail,
etc., and the partner is made to execute a malicious
Reference
program by throwing him/her off guard.
Name resolution information
“Name resolution information” is a list
that links together the domain name and
the IP address.
26
2 Information Security Management
of the syllabus with regard to the management of information security.
1 Elements of information security

In order to achieve the objectives of information security, it is important
to secure and preserve the three (3) elements of information, namely
“confidentiality,” “integrity,” and “availability.” By securing and
preserving these three (3) elements in a well-balanced manner, the
information system and information can be protected from various
threats, and the reliability of the information system can be improved.
The ISO/IEC 27000 family of international standards of Information
Security Management System (ISMS) defines that in addition to preserving
confidentiality, integrity, and availability, the preservation of “authenticity,”
“accountability,” “non-repudiation,” and “reliability” can also be involved.
Element Description
Confidentiality Enabling only a person who has been allowed access
to access information.
Integrity Ensuring that information and processing method are
maintained in an accurate and complete state.
Availability Enabling an authorized user to access information
and related assets when required.
Authenticity Guaranteeing (authenticating) that the user, system,
and information, etc. are indeed genuine.
Accountability Enabling unique tracking of the operations or actions
of the user or a process (service), and clarifying the
responsibilities.
Non-Repudiation Enabling guarantee of the fact of occurrence of an
event or action so that it is not denied later.
Reliability Ensuring that the information system and processes
(services) consistently bring out the expected results,
without any contradictions.
2 Information security organizations and

agencies
The organizations and agencies related to information security understand
the potential damage such as computer viruses and unauthorized
access, transmit useful information, and give suggestions for recurrence
prevention.
27
The organizations and agencies related to information security are as
described below.
Name Description
Information security It is the top decision making body of information
committee security management in a company or an organization. Reference
The Chief Information Security Officer (CISO) sponsors CISO
the committee, and the top management and the head
“CISO” is the “Chief Information Security
of each department are present. In such a place, the
Officer,” and refers to the person at the
basic policies for the entire organization, such as the
information security policy, etc. are decided. position that is responsible for the
information security.
CSIRT It is a generic term for an organization that detects
security problems, and takes actions if a security
problem occurs. It is established in companies or
organizations, or in government agencies. The
incident management for security is performed
comprehensively, and efforts are made to prevent the
damage from expanding.
It is the abbreviation for “Computer Security Incident
Response Team.”

SOC It refers to a base that performs security monitoring of
a company and an organization. Generally, monitoring
of the network and devices is performed 24 hours a
day, 365 days a year, without rest, and the detection or Reference
analysis of a cyber attack or intrusion, and response Cyber attack
or advice to each department are performed. The
“Cyber attack” is a generic term for an
operations and organization may be performed in
one’s company, or may be outsourced to a specialized attack involving unauthorized invasion of
vendor. a computer system and network,
It is the abbreviation for “Security Operation Center.” exploitation, corruption, or modification
of data, and destruction of the system
Unauthorized It is a report system started on the basis of the
computer access “Standards for Measures Against Unauthorized Access so that it can no longer be used.
report system to Computers” of the Ministry of Economy, Trade and
Industry, and the Information-technology Promotion
Agency (IPA) is designated as the notification facility.
Report system for It is a report system started on the basis of the “Stan-
vulnerability-related dards for Handling Vulnerability-related Information in Reference
information for soft- Software or the like” (currently, the handling regulations Cyberspace
ware and systems for vulnerability-related information of software prod- “Cyberspace” is a virtual space in which
ucts, etc.) of the Ministry of Economy, Trade and Indus- computer systems and networks are
try, and the Information-technology Promotion Agency
created.
(IPA) is designated as the notification facility.
Initiative for Cyber It is an initiative by which the information of a cyber at-
Security Information tack is shared mainly among the manufacturers of de-
sharing Partnership of vices used in important infrastructures, such as heavy
Japan (J-CSIP) industries and heavy electrical machinery companies
so as to take advanced cyber attack measures in order
to prevent the damage caused by the cyber attack from
expanding. It is operated by the Information-technology
Promotion Agency (IPA) through cooperation with the
Ministry of Economy, Trade and Industry.
It is the abbreviation for “Initiative for Cyber Security
Information sharing Partnership of Japan.”
Reference
Cyber rescue team It is an organization that performs activities to support
(J-CRAT) the reduction of damage in an organization that has Targeted attack
sought advice from it and breakage of the chain of at- A “targeted attack” is an attack targeting
tack in order to prevent the damage caused by the a specific user in a company or an
targeted attack from expanding. It is established in the organization. By posing as the relevant
Information-technology Promotion Agency (IPA). person, the trust of a specific user is
It is the abbreviation for “Cyber Rescue and Advice won so as to exploit confidential
Team against targeted attack of Japan.” information and send a virus e-mail.
28
3 Information Security Measures and
Implementation Technology
The following are the main contents that have been added to version
4.0 of the syllabus with regard to the information security measures and
implementation techniques.
1 Techniques of user authentication

“User authentication” is the most basic technique of performing
access control in information security. “Access control” in security refers
to controlling the usage permission or denial. During the use of an
information system, it is very important to authenticate the user him/
herself.
The techniques of user authentication include “authentication based

on knowledge” such as a user ID and password, “authentication based
Reference on one’s belongings” such as an IC card, and “authentication based on
False rejection rate and biological information” that the relevant person has.
false acceptance rate
In biometric authentication, the “false Technique Description
rejection rate” that is the probability of Authentication It is a matching technique by which identification is
incorrectly rejecting the relevant person, based on performed on the basis of information that can be known
and the “false acceptance rate” that is knowledge only by the relevant person. It includes authentication that
the probability of incorrectly accepting is performed with a user ID and a password.
another person are used as standards Authentication It is a matching technique by which identification is
for determining the relevant person. based on one’s performed on the basis of information recorded in the
If the false rejection rate is increased, belongings belongings of only the relevant person. It includes
cases where even the relevant person authentication that is performed with an IC card.
him/herself is not authenticated may Authentication It is a matching technique by which identification is
increase, and if the false acceptance based on biological performed on the basis of characteristics of the biological
rate is increased, cases where another information information of the relevant person. It includes fingerprint
person is also authenticated may authentication and vein authentication, etc.
increase. In a device used to perform
biometric authentication, it is necessary The use of multiple different user authentication techniques from among
to make adjustments in consideration of these three (3) techniques of user authentication is called “multi-factor
both probabilities.
authentication.” By using multiple techniques of user authentication,
security can be strengthened. The use of two (2) different techniques of
user authentication is called “two-factor authentication.”
2 Cryptography
The following are the main cryptographic techniques that have been
added to version 4.0 of the syllabus.
29
(1) Hybrid cryptography
“Hybrid cryptography” is an encryption method in which symmetric
cryptography and public key cryptography are combined and used.
By combining the advantages of fast encryption and decryption speed
of symmetric cryptography, and easy key management of public key
cryptography, encryption and decryption can be performed by a more
practical method.
According to hybrid cryptography, a symmetric key is encrypted by using

public key cryptography, and the symmetric common key is sent to the
recipient. If it is possible to have the mutually same symmetric key, the
plain text can be encrypted and encrypted text can be decrypted by using
symmetric cryptography.
The mechanism and characteristics of communication that uses hybrid

cryptography are as described below.

・ By using symmetric cryptography, the speed of encryption and decryption becomes
fast.
・ By using public key cryptography, the symmetric key can be safely forwarded.
Sender Recipient
Forward
(i) (ii)
Encryption Decryption
Symmetric Symmetric
key key
Encryption by the Decryption by the

recipient’s public key recipient’s private key
Forward
Encryption Decryption
Plain Encrypted Encrypted Plain
text text Encrypted
text
text text
Symmetric key Symmetric key

(iii)
Same key
(i) B y using public key cryptography, the sender encrypts the symmetric
key with the public key of the receiving partner, and forwards it to the
recipient.
(ii) The recipient receives the encrypted symmetric key, and decrypts the
symmetric key by using his/her own private key.
(iii) The sender and the recipient can have the mutually same symmetric
key.
(iv) Communication that uses symmetric cryptography can be performed.
30
(2) Disk encryption and file encryption
The method of maintaining information security includes the techniques
of encrypting hard disks and encrypting files.
Technique Description
Disk encryption It is a technique of encrypting hard disk altogether. The theft
and loss of notebook PCs, and the leakage of information be-
cause of disposal of PCs without wiping out data has become
a large social problem, and one of the effective means of risk
reduction is using software that forcibly encrypts the hard
disks altogether instead of leaving it to the discretion of the
user.
File encryption It is a technique of encrypting each file separately as a unit.
An encryption tool is used to encrypt any number of files, and
the encryption function provided with the data files of office
software is used. Unlike disk encryption, the user identifies
and encrypts each file separately.
3 Authentication technique
Reference The “authentication technique” is a technique of verifying the
TSA appropriateness of data. By verifying that the relevant person has sent
“TSA” is a trusted third-party organization
the data and the fact that data has not been falsified, the integrity of
that issues time stamps. It is also called
the “time stamping authority.” exchange of information via the network is improved.
It is the abbreviation for “Time Stamping The following are the main authentication techniques that have been
Authority.” added to version 4.0 of the syllabus.
(1) Time stamp

Reference “ Time stamp” is a method of verifying the time of creation of
Signature key and electromagnetic records on the basis of a time stamp in which the time
verification key
indicating “when” is recorded. It is also called “time authentication.”
The sender uses its own private key to
encrypt a message digest and generate
With a digital signature, it is possible to detect modifications made by
a digital signature. If the objective is to another person, but modifications made by the person him/herself in an
generate a digital signature, the private initially created item cannot be detected. With this method, a time stamp
key of the sender is called a “signature (message digest) is created by adding the time information acquired from
key.”
The recipient decrypts the digital
“TSA.”
signature (encrypted message digest)
The following two (2) points are verified by the time stamp.
by using the public key of the sender. If
the objective is to verify the sent digital
signature, the public key of the sender is ・ Electromagnetic records are certainly present at that time.
called a “verification key.” ・ Messages are not falsified beyond that time.
4 Information security measures

The following are the main contents that have been added to version
4.0 of the syllabus with regard to the information security measures for
human, technical, and physical threats.
31
(1) Guidelines for the Prevention of Internal Improprieties in Organizations
The Guidelines for the Prevention of Internal Improprieties in
Organizations can be referenced as human security measures.
The “Guidelines for the Prevention of Internal Improprieties in
Organizations” have been published by the Information-technology
Promotion Agency (IPA) with the aim of enabling companies and
organizations to implement effective internal fraud measures. These
guidelines have the following five (5) basic principles where the concept of
situational crime prevention is applied to prevention of internal fraud.
Basic principle Description
Make crimes difficult Strengthen countermeasures to make criminal Reference
(make harder to activities difficult to conduct. Tamper resistance
attempt) “Tamper resistance” refers to resistance
Raise risks to be caught Strengthen management and monitoring to raise risks against reading or analysis of data from
(detected if committed) to be caught. outside.
Reduce rewards from Prevent crimes by hiding or removing targets, or

crimes make crimes unprofitable. Reference
(not worth doing) DLP
Reduce seduction of Deter crimes by dampening enthusiasm to commit “DLP” refers to the identification of
crimes crimes. confidential information in an information
(not to motivate) system, and then issuing warnings for
Not allow justification of Get rid of reasoning for criminals’ self-justification of any operation that leads to the leakage
crimes their activities. of confidential information outside the
(not allow excuses) company such as transmission and
output, and automatically disabling the
(2) Security measures for mobile devices operation.
It is the abbreviation for “Data Loss
Recently, the opportunities for using mobile devices such as smartphones,
Prevention.”
tablet computers, and cell phones, etc. have been increasing. Since
mobile devices are frequently used outside, the risk of loss and theft
increases. The technical security measures include not only the use
of antivirus software and update of the OS and software, but setting
a security code in preparation for a loss or theft is an effective means.
Also, by using “MDM,“ a company can make integrated settings according Reference
to the information security policy, or enable the installation of application MDM
software of only the same version for the mobile devices lent to its “MDM” is a mechanism of performing
consolidated management of mobile
employees.
devices. Dedicated software is used to
(3) Clear desk and clear screen implement this mechanism.
It is the abbreviation for “Mobile Device
The physical security measures include “clear desk” and “clear screen.” Management.”
Countermeasure Description
Clear desk It means not keeping items on which information is
recorded, such as documents and PCs, etc. on the
desk. By not leaving documents or notebook PCs
on a desk at the end of a working day, and instead
storing them in a lockable desk drawer, etc., the
leakage of information to external or unauthorized
persons can be prevented.
Clear screen It means hiding the display by locking the PC screen
at the time of leaving one’s seat.
32
4 Laws on Security
of the syllabus with regard to laws on security.
1 Crime on electromagnetic records of

unauthorized commands
The “Penal Code” is a law that stipulates the kind of actions that amount
to a crime, and the penalty that is applicable when a crime occurs.
According to “Crime on electromagnetic records of unauthorized
commands (penalty on computer virus creation)” of the Penal Code, the
act of creating, providing, supplying, acquiring, and storing malware such
as computer virus, etc. is prohibited.
2 Act on the Protection of Personal Information

The “Act on the Protection of Personal Information” is an act that aims
at protecting the rights and interests of an individual while taking into
consideration the utility of personal information by stipulating the obligations,
Reference etc. to be fulfilled by the business operator handling personal information.
Business operator handling Since the environment surrounding information changed significantly
personal information
after the Act on the Protection of Personal Information came into effect
The “business operator handling
personal information” refers to a
in the year 2005, the Act on the Protection of Personal Information was
business operator who handles personal revised in the year 2015, and then again came into effect on May 30, 2017.
information that has been converted to a
database. All business operators (1) Special care-required personal information
(including individuals) excluding national In order to appropriately handle personal information that may result
organizations, central or local in disadvantages for the relevant person, such as unfair discrimination
governments, and incorporated
or prejudice, a new category called “special care-required personal
administrative agencies are applicable
regardless of profit-making and nonprofit information” was set as personal information requiring special care during
organizations. revision of the Act on the Protection of Personal Information. Specifically,
the race, creed, social status, medical history, criminal record, fact of
Reference
Personal information having suffered damage by a crime, or other descriptions etc. correspond
“Personal information” refers to to the special care-required personal information. In principle, the
information by which a specific individual acquisition of special care-required personal information or its provision
can be identified, such as the name of to a third party requires a prior consent of the relevant person.
the person, date of birth, address, etc.
(2) Anonymously processed information
“Anonymously processed information” means information produced
from processing personal information so as not to be able to identify
a specific individual, and also not be able to restore the personal
information. This information was introduced during the revision of the
Act on the Protection of Personal Information.
The objective of the anonymously processed information is to promote
the utilization and application of data including data transaction and data
linkage between business operators on the basis of fixed rules without
the consent of the relevant person. Note that the Act on the Protection
of Personal Information stipulates that in order to identify a specific
individual, information concerning the processing method must not
be acquired, and the anonymously processed information must not be
compared with other information.
33
Depending on the utilization and application of the anonymously
processed information, the following are expected.
・ New services and innovations are produced by utilizing the purchase history of a
point card and the ride history of a transportation IC card across all fields between
multiple business operators.
・ The overall quality of life of the citizens is improved through growth of the drug
discovery and clinical fields by using the medical information possessed by medical
institutions, and also provision of traffic congestion forecast information by using the
information of the traveling position history collected from the car navigation systems.
(3) Specific personal information

The “Act on the Use of Numbers to Identify a Specific Individual in
Administrative Procedures” is an act for implementing the “Social Security
and Tax Number System” according to which a unique number is assigned
to each citizen and also to corporates such as companies and government
offices to perform consolidated management of information concerning

social security and tax payment.
The personal information containing Social Security and Tax Number in
its contents is called “specific personal information,” and for example, Reference
its use in purposes other than those intended is prohibited even upon Social Security and Tax
Number
the consent of the relevant person. The Act on the Use of Numbers to “Social Security and Tax Number” is a
Identify a Specific Individual in Administrative Procedures is applicable in number assigned to all citizens having a
all organizations handling the Social Security and Tax Number. resident card. It consists of only a
According to the Act on the Protection of Personal Information, the business 12-digit number. It is used to effectively
manage information in the fields of social
operator handling personal information is required to take “security control security, taxation, and disaster response,
action” that is necessary and appropriate action for the safe management of and improves the efficiency of
specific personal information. The security control action has four (4) aspects administration and the convenience of
namely organizational, personnel, physical, and technical. citizens.
Characteristic Example of action to be taken

Organizational security • Establishment of handling regulations for specific
control action personal information and operation in accordance
with the regulations
• Establishment of means for checking the handling
situation of specific personal information
Personnel security • Education of employees to thoroughly familiarize them
control action with proper handling of the specific personal information
• C onclusion of a non-disclosure agreement on
specific personal information at the time of an
employment agreement or outsourcing agreement
Physical security control • C ontrol of handling area of specific personal
action information
• P hysical protection by devices and equipment
handling specific personal information
Technical security control • Identification and authentication of persons
action accessing the information system that handles
specific personal information
• Introduction and operation of a mechanism to
protect the information system that handles
specific personal information from unauthorized
access from outside
(4) Personal Information Protection Commission

The “Personal Information Protection Commission” is a facility set up for ensuring
appropriate handling of personal information including Social Security and Tax
Number while taking into consideration its usability. It was set up in the year 2016.
34
The Personal Information Protection Commission performs activities by
holding up the following ideas.
・ Performing activities in consideration of a balance between protection of personal

information and its appropriate and effective utilization
・ Performing monitoring and supervision to ensure proper handling of the specific
personal information
・ Performing activities to ensure smooth international distribution of personal data
・ Carrying out publicity and enlightenment through examination from various
viewpoints and easy-to-understand information distribution
・ Establishing a system having specialized and technical knowledge, and utilizing and
promoting growth of diversified personnel
3 Cybersecurity Management Guidelines

The “Cybersecurity Management Guidelines” are guidelines for
promoting cybersecurity measures under the leadership of managers
for companies supplying systems, services, etc. related to IT among
large companies and medium to small companies (excluding small-
scale business operators), and also managers of companies for which IT
utilization and application is indispensable in the business strategy. These
guidelines are created by the Ministry of Economy, Trade and Industry
together with the Information-technology Promotion Agency (IPA).
From the viewpoint of protecting the company from cyber attacks,
the “three (3) principles” that the managers are required to recognize,
and the “10 important items” that the managers must indicate to the
responsible executive employee (such as the CISO, etc.) who is the person
responsible for implementing the information security measures have
been compiled together.
According to the three (3) principles, it is important to recognize the
contents described below and proceed with the countermeasures.
・ Managers must assume leadership and promote cybersecurity measures in

consideration of the risks of cyber attacks and the impact on the company, and at
the same time, implement security investment for the growth of the company.
Reference ・ Comprehensive cybersecurity measures including the supply chain business
Supply chain partners and subcontractors must be implemented rather than only cybersecurity
The “supply chain” refers to the flow of measures of one’s own company.
ordering from the customer, procurement ・ A relationship of mutual trust must be created by disclosing information concerning
of material (raw material and cybersecurity measures with the concerned persons including stakeholders (such as
components), production of the product, customers and stock holders, etc.) in the time of a normal situation, and
and inventory control, right up to the preparations must be made to smoothly proceed with communication even when
delivery of the product. an incident occurs.
4 Information Security Countermeasure

Guidelines for Medium to Small Companies
The “Information Security Countermeasure Guidelines for Medium to
Small Companies” are guidelines that compile together the concept
and implementation method of information security measures with the
purpose of protecting from threats such as leakage, modification, or loss
of information that is important for medium to small companies. These
guidelines are created by the Information-technology Promotion Agency
(IPA).
35
Sample Questions
Q1 Which of the following is the appropriate explanation of IoT?
a) It is software that is embedded in hardware in order to control a device.

b) I t is a system for exchanging electronic data for commercial transactions between
companies via a communication line.
c) It is a system that analyzes the functions performed by a human brain and replicates these
functions artificially.
d) It is a technology that connects a range of things to the Internet, such as household
electrical appliances, vehicles, and non-electronic products.

Q2 Which of the following is the most appropriate method of utilization for a drone?
a) R eceiving electromagnetic waves from a satellite and conveying current location

information to the drivers of vehicles
b) Conducting a survey of disaster areas while overcoming obstacles by walking on four (4)
legs
c) Delivering goods for daily life to remote islands
d) Using several arms to perform surgery on the basis of operations by a doctor in a remote
location
Q3 Which of the following is an appropriate characteristic of a gyro sensor?
a) It can measure stretching and compression in an object when external force is applied.
b) It can measure the size of a revolutions when it occurs.
c) It can convert input in a form such as energy or a signal into physical or mechanical
movement.
d) It can detect brightness in the surrounding environment.
Q4 Which of the following is most appropriate as an example of using an infrared sensor?
a) Automatically switching a smartphone’s display off when the smartphone is moved close
to the ear in order to make or receive a call
b) Measuring heartrate from the microscopic movements in the surface of a person’s body
c) Installing it under the mattress of a hospital patient’s bed and constantly monitoring the
status of a patient
d) In a network, only allowing communication via an approved TCP port number
36
Q5 Which of the following is the appropriate explanation of LPWA?
a) It is a next generation mobile communication system with the three (3) characteristics of
high speed/high capacity, low delay, and multiple connections.
b) It is a technology that enables power saving communication and is used in Bluetooth
from version 4.0 onward.
c) It is a collective term for wireless communication technologies that enable wide area
communication with low power consumption.
d) It is a system that provides of a range of services in real time through the embedding of
wireless communication and information systems in moving objects such as automobiles.
Q6 Which of the following is the most appropriate example of utilization of a high speed network
such as 5G?
a) A communication device that is installed in a vending machine sends sales data once per
day to a cloud service, and the seller views this data.
b) Digital water meters on remote islands send meter information that is received by a water
bureau.
c) Sensors are installed in various areas around a vast paddy field to measure the daily water
level, and a farmer uses these to perform centralized management for the water level of all
locations.
d) A doctor in a remote location operates a robot arm that performs surgery on an actual
patient in a remote operation.
Q7 The IoT Security Guidelines define five (5) principles. Which of the following is the appropriate
description concerning the relevant principle?
a) “Principle 2 Recognize IoT risks” concerns preparations against internal fraud and errors.
b) “ Principle 3 Consider a design that protects what needs to be protected” concerns
designs that ensure safety and security when a connection is established with an
unknown counterpart.
c) “Principle 4 Consider measures to be taken on the network” concerns consistency in
designs that achieve safety and security.
d) “Principle 5 Maintain a state of safety and security, and disseminate and share information”
concerns the introduction of authentication functions.
Q8 It is said that big data has the characteristics of the three (3) Vs. The three (3) Vs are volume,
variety, and velocity. Which of the following is the most appropriate as a benefit delivered by big
data analysis?
a) An increase in the accuracy of target data for analysis by processing a range of data
b) The discovery of patterns by processing very large amounts of data
c) An increase in the accuracy of predictions through the random extraction of subject data
d) The deriving of a cause and effect relationship through the gathering of data in real time
37
Q9 Among the classifications of big data, which of the following is “open data”?
a) Data from the digitalization and structuring of a company’s implicit knowledge (or know-
how)
b) Public information that is held by central and local government
c) Data exchanged between things connected to a network, such as equipment, mechanical
devices, and buildings
d) Personal information such as personal attributes, activity history and information gathered
from wearable devices
Q10 Which of the following is the most appropriate explanation of a method of utilization, a method
of analysis, or a point for attention during utilization of big data?
a) Examples of the utilization of industrial data include the provision of the availability status
of each seat at a public library so that users can check it.
b) The method for investigating things such as trends where two (2) seemingly unrelated

phenomena are prone to occurring together from accumulated data is called cross
tabulation analysis.
c) In the utilization of big data, the true objective is to achieve business targets.
d) The technology for performing data analysis on a large volume of documents and extracting
beneficial information is called data warehousing.
Q11 A method for software development is a “scrum.” Which of the following is the most appropriate
explanation of a “scrum”?
a) Development teams are unified as an organization, and for each period known as a sprint,
the scope of the program for development is decided and development is performed in
units of sprints.
b) The development period is divided into very short periods called iterations, and the
development cycle is performed in full for each iteration and functions are completed one
by one.
c) Test cases are described before program development, and the program is developed
with the aim of clearing these test cases.
d) In order to improve the quality of a program, two (2) programmers collaborate to develop
a program through activities such as swapping roles and checking each other’s work.
Q12 Which of the following is an appropriate characteristic of deep learning?
a) It calculates solutions as the result of inference on the basis of rules that express new
knowledge as a logical expression after a human presets a rule such as “if A then B .”
b) It is a method that imitates human neurons and is able to recognize things and replicate
other aspects of intelligence, and it incorporates a neural network in order to enable
recognition in the same way as humans.
c) I t uses algorithms for inference and search, and it is a suitable method for finding a
solution for games, puzzles, and other such things.
d) It is a technology that augments visual information by overlaying virtual images and
information on real images.
38
Q13 Which of the following is the most appropriate description concerning processing that uses
deep learning?
a) Automatic office cleaning robots can now detect the presence of walls by using a distance
sensor and move around while avoiding walls.
b) Agricultural chemical spraying drones can now reliably identify crop leaves with pests on
them from the air through the acquisition and processing of a large volume of images by
a system.
c) The heartrate and breathing rate of a hospital patient can now be measured automatically
by placing a bed leaving sensor under the patient’s bed.
d) The fuel efficiency of large buses has been improved by the installation of devices to
automatically prevent idling, and is now beyond the fuel efficiency achieved by highly
experienced drivers.
Q14 According to the theory of the Fraud Triangle, when fraudulent behavior occurs, three (3)
elements are aligned. Which of the following is the appropriate combination of the three (3)
elements?
a) Authentication, authorization, accounting

b) One’s own company, competitor, customer
c) Confidentiality, integrity, availability
d) Opportunity, pressure, rationalization
Q15 Which of the following is the appropriate explanation of drive by download?
a) Rewriting the domain information on a DNS server that is referenced by a PC, and leading
the user to a fake server
b) Making the user download a malicious program to the PC regardless of his/her intentions,
when the user is viewing a website
c) Entering a malicious script in an input field of a web page so as to download the data from
the database accessed by the web server in an unauthorized manner
d) Remotely operating the malware in the PC and encrypting the hard disk drives of the PC
altogether so that they cannot be used, and demanding money in exchange for returning
to the original state
Q16 Which of the following corresponds to shadow IT?
a) A PC or a cloud service that is used by employees in business operations without the

official approval of the information security department
b) Making a phone call from outside the office, pretending to be an employee, and getting
internal confidential information
c) An access path incorporated for unauthorized intrusion by a computer intruder from other
than the normal access path
d) Secretly observing the display of an employee by posing as the cleaning staff and stealing
information
39
Q17 Which of the following is the appropriate description concerning an activity of the cyber rescue
team (J-CRAT)?
a) The monitoring of the network and devices is performed 24 hours a day, and the detection
or analysis of a cyber attack or intrusion, and response or advice to each department are
performed.
b) A
ctions are taken against the information security incidents concerning one’s company or
customers to prevent the harm from expanding.
c) The information provided by organizations that have experienced a targeted attack is
analyzed, and to ensure that the society and industries are not majorly harmed, the harm
caused to the organization is reduced, and the chain of attack is prevented.
d) The information about cyber attacks is shared between participating organizations with a
focus on industries related to important infrastructures, and advanced cyber attacks are
prevented.

Q18 Among the combinations A through D below, which of the following is the list that contains all
combinations corresponding to two-factor authentication?
A Authentication based on user ID and password, authentication based on a secret question

and answer
B Authentication based on user ID and password, authentication based on an IC card
C Authentication based on user ID and password, authentication based on fingerprint
D Authentication based on veins, authentication based on iris
a) A
,B
b) A, C
c) B
,C
d) C
,D
Q19 Which of the following is an appropriate characteristic of hybrid cryptography?
a) As compared with public key cryptography, the speed of encryption of plain text and
decryption of encrypted text is fast.
b) B y combining multiple different symmetric cryptography methods, the processing
performance can be improved.
c) B
y combining multiple different public key cryptography methods, security can be increased.
d) By combining symmetric cryptography and public key cryptography, a balance can be
struck between processing performance and the cost of key management.
Q20 Which of the following is the appropriate law of punishing a person who has deleted the
memory contents of a computer being used in a company by introducing malware in the
computer?
a) Act on the Prohibition of Unauthorized Computer Access

b) Basic Act on Cybersecurity
c) Act on the Limitation of Liability for Damages of Specified Telecommunications Service
Providers and the Right to Demand Disclosure of Identification Information of the Senders
d) Penal Code
40
Q21 Which of the following is the appropriate description concerning handling of anonymously-
processed information in the Act on the Protection of Personal Information?
a) If the names of persons included in the customer data of a travel company can be deleted,
there is no need of processing the passport number.
b) In order to exclude cases where individuals are identified, processing was performed by
stipulating a threshold value, and information indicating the age as “116 years” was
replaced by “90 years or above.”
ompany B that has acquired the anonymously processed information from Company A , a
c) C
data processing vendor, acquired the processing method used by Company A for a fee by
concluding a written non-disclosure agreement, in order to identify the original relevant
person.
d) When the anonymously processed information is provided to a third party, there is no
need of clarifying to the destination that the concerned information is anonymously
processed information.
Q22 Among the descriptions A through D below, which of the following is the list that contains the
entire special care-required personal information as per the Act on the Protection of Personal
Information?
A Information about nationality

B Information about loaned books on religion from the library
C Information such as medical records that a medical expert has come to know through
medical service
D Facts that have been investigated for a criminal investigation that hold the relevant person
as a suspect
a) A
b) A
,C
c) C
,D
d) B
, C, D
Q23 Company A stipulates the security measures on the basis of the “Cybersecurity Management
Guidelines” stipulated by the Ministry of Economy, Trade and Industry and IPA. In addition to the
security measures of Company A , which of the following is a security measure that requires
checking of the implementation status?
a) Security measures taken by the local community where the office of Company A is present
b) Security measures taken by the business partners and subcontractors of the supply chain
of Company A
c) Security measures taken by individuals who use the products and services of Company A
d) Security measures taken by the stock holders who have invested in Company A
41
Sample Questions Answers
and Explanations

Q1 Answer d)
Explanation
IoT is a technology that connects to the Internet not only computers and other such IT devices
but also everything else from industrial machinery, household electrical appliances, and
vehicles to non-electronic products such as clothing and shoes. It is an abbreviation of “Internet
of Things.”
IoT is gaining a lot of attention for the three (3) reasons below.
・Because of the compactness, low cost, and high functionality of sensors that collect
information, it is now possible to attach sensors to all kinds of things.
・Because of the increased speed and capacity of communication lines, it is now easier to send
data that is gathered by sensors.
・Because of the lower prices and advanced functions of cloud services, it is now easier to
accumulate large volumes of gathered data, analyze it, and utilize it.
As a result of the IoT environment being established it is now possible to gather, store, and
analyze vast qualities of data from a wide range of things, and it has become possible to
produce high added value in all fields.
a): This is a description of firmware.

b): This is a description of Electronic Data Interchange (EDI).
c): This is a description of Artificial Intelligence (AI).
Q2 Answer c)
Explanation
Drone refers to a small, unmanned aircraft that can be controlled remotely. The origin of the name
drone is the drone bee, and drones were given this name as the sound they produce during flight is
similar to that produced by the wings of a drone bee. While drones were originally used for military
purposes, there are now many products on sale for civil and industrial use. In a broad sense, drones
can be classified as a general remote control vehicle, but an aspect that makes them different from
other general remote control vehicles is that they are equipped with cameras and a range of sensors.
There are also drones that are capable of autonomous flight by using these sensors.
In addition to the delivery of goods for daily life, methods of utilization for drones include the
spraying of agricultural chemicals, measurements from the air, crime investigations from the
air, and the surveying of disaster areas from the air.
As such, c) is the correct answer.
a): This is a method of utilization of a car navigation system that is equipped with the Global
Positioning System (GPS).
b): This is a method of utilization of a survey robot for disaster areas.
d): This is a method of utilization of a medical-use surgery robot that can be remotely
operated.
1
Q3 Answer b)
Explanation
A gyro sensor is a sensor that can measure the size of a revolution when it occurs, and its uses
include image stabilization in digital cameras and drift prevention in vehicles. Gyro sensors
can measure the angular rate that indicates the speed of revolution, and so are sometimes
called angular rate sensors.
a): This is a characteristic of a strain gauge.

c): This is a characteristic of an actuator.
d): This is a characteristic of a brightness sensor.
Q4 Answer a)
Explanation
An infrared sensor is a sensor that converts infrared light into an electrical signal, and can
extract the required information. Infrared rays are emitted naturally by warm objects, and
because they are invisible to the naked eye, they are widely used in things from remote
controls for household appliances to crime prevention and security devices.
Infrared sensors are also used as sensors to measure distance (infrared distance sensors).
Infrared distance sensors emit infrared rays, and receive the reflected light by using
a component called a photosensitive element. When reflected light is received, the
photosensitive element determines which part of the element received the reflected light
and the device uses the position that infrared rays were emitted from and the position the
reflected light was received in order to calculate the distance to the object .
In smartphones, infrared sensors (infrared distance sensors) can be used to implement the
automatic switching off of a smartphone’s display when the smartphone is moved close to
the ear in order to make or receive a call.
b): This is an example of the utilization of a contactless heart rate measurement sensor.
c): This is an example of the utilization of a bed leaving sensor.
d): This is an example of the utilization of the packet filtering function of a firewall.
Q5 Answer c)
Explanation
Low Power Wide Area (LPWA) is a collective term for wireless communication technologies
that enable low power, wide area communication. In IoT, needs include installing many
sensors over a wide area and regularly gathering measurement information. In such cases,
while there is no problem if communication speed is low, the communication technology
required must be able to cover a wide area with low power consumption and low cost.
a): This is a description of 5G.

b): This is a description of Bluetooth Low Energy (BLE).
d): This is a description of telematics.
2
Q6 Answer d)
Explanation
Also known as the fifth-generation mobile communications system, 5G is a communication
standard for next generation communication for cell phones, smartphones, and other such
devices that the Ministry of Internal Affairs and Communications and private companies are
working to start commercial use of in 2020.
5G is a typical high speed network and it has the characteristics of being high speed/high
capacity, low delay, and multi-connection, but the cost increases proportionately. As such,
5G will be used for situations where real time communication with no delay is needed even
if cost is incurred. Furthermore, 5G is not only a high speed network, it also enables wide area
communication.
In a situation where a doctor in a remote location uses a robot arm that actually operates on a
person, a high speed network with a low delay is absolutely essential.
Therefore, d) is the correct answer.
a) b) c): hese are examples of situations where low speed and a certain level of delay can be
T
accepted, and so are examples of situations where LPWA can be utilized. Low Power
Wide Area (LPWA) is a collective term for wireless communication technologies that
enable low power, wide area communication. Network speed with LPWA is low, and
it is suitable for wide area communication.
Q7 Answer b)
Explanation
IoT Security Guidelines are guidelines concerning IoT security created by the IoT Acceleration
Consortium that the Ministry of Economy, Trade and Industry, and the Ministry of Internal
Affairs and Communications took the lead in establishing, and they are intended for everyone
who is involved in IoT systems, IoT equipment, and IoT services. They specify security
measures for the lifecycle (policy, analysis, design, implementation and connection, operation
and maintenance) in the provision of IoT systems, IoT equipment, and IoT services in the form
of five (5) principles and 21 key concepts. As well as stipulating “Create a design that ensures
safety and security even when a connection is established with an unknown counterpart”
(Key concept 11), “Principle 3 Consider a design that protects what needs to be protected”
stipulates “Create a design that protects individual elements and the whole” (Key concept 8),
“Create a design that does not inconvenience counterparts to whom you will connect” (Key
concept 9), “Ensure consistency in a design that achieves safety and security” (Key concept 10),
and “Conduct verification and evaluation to ensure the design achieves safety and security”
(Key concept 12).
As such, b) is the correct answer.
a): “Be prepared against internal fraud and errors” (Key concept 2) is stipulated in “Principle 1
Define a basic policy that considers the essence of IoT.”
c): “Ensure consistency in a design that achieves safety and security” (Key concept 10) is
stipulated in “Principle 3 Consider a design that protects what needs to be protected.”
d): “Include an authentication function” (Key concept 16) is stipulated in “Principle 4 Consider
measures to be taken on the network.”
3
Q8 Answer b)
Explanation
Big data refers to a massive volume of complex data that cannot be handled with a
conventional database management system. Big data has the three (3) Vs, which are the
characteristics of volume (massive amount of data), variety (a range of data such as text,
images, and audio), and velocity (data gathered in real time).
The analysis of big data enables the discovery of patterns, such as phenomena that occur
simultaneously, by processing very massive amount of data.
a), c), d): These are not appropriate as benefits delivered by big data analysis.
Q9 Answer b)
Explanation
conventional database management system. One approach to the classification of big data as
taken by the Ministry of Internal Affairs and Communications is to focus on the data generated
by the three (3) entities of individuals, companies, and the government, and classify it into the
four (4) types of “open data,” “digitalization of knowledge,” “M2M data,” and “personal data.”
“Open data” refers to the public information held by central and local government, and
disclosure of this is proceeding so that the data can be used by the public and private sectors.
a): This is “digitalization of knowledge.”

c): This is “M2M data.”
d): This is “personal data.”
Q10 Answer c)
Explanation
conventional database management system.
Below are some points for attention and issues in the utilization of big data.
◦Clarify objectives
◦Prepare against the risk of data loss or theft
◦Consider privacy
◦Handle swift data processing
◦Acquire data scientists stably
In the utilization of big data, it is necessary to ensure the objectives are clear. The true
objective is not just to analyze big data, rather, it is to gain business knowledge from the
results of analysis and achieve business targets. It is always necessary to check whether
activities that are consistent with the objectives are being undertaken.
a): Enabling users to check the availability of seats at a public library is an example of the
utilization of open data.
b): The method for investigating things such as trends where two (2) seemingly unrelated
phenomena are prone to occurring together from accumulated data is association
analysis.
d): The technology for the analysis of a large volume of data in documents and the extraction
of beneficial information is text mining.
4
Q11 Answer a)
Explanation
Scrum takes its name from the scrum in the sport of rugby, and is a technique for agile
software development. It emphasizes organizational unity and functioning of the
development team. Agile software development is a method for the swift and efficient
development of a system.
A scrum is performed with a small number of people, with the maximum being around
nine (9). In each sprint period with a maximum length of around four (4) weeks, the scope
of the program to be developed is determined. Everything from development to review
and adjustment is performed in each sprint, and development is performed while constant
communication is maintained to check if there are any problems with the program status and
the way it is being taken forward. Another characteristic of a scrum is the way development is
performed while changes are flexibly being made to the priority order of user requirements.
b): This is a description of agile software development.

c): This is a description of test driven development. Test driven development is a practical
technique for extreme programming (XP), which is a method for agile software
development.
d): This is a description of pair programming. Pair programming is a practical technique for
extreme programming (XP), which is a method for agile software development.
Q12 Answer b)
Explanation
Deep learning refers to an AI technology that incorporates the mechanisms of a neural
network, and it is a technique for machine learning. Neural networks are artificial replications
of the mechanisms in a human brain. Machine learning refers to an AI technology that is
characterized by self-learning of AI where large volumes of data are imported into AI, and
then the AI itself discovers rules and relationships, categorizes the data and performs other
such actions.
In deep learning, digital data is entered in the input layer and passes through several
intermediate layers before a response is generated. The deeper that the intermediate
layers are, the more advanced classifications and decisions are. In deep learning, no human
instructions are required, and the AI itself identifies the relevant characteristic and becomes
able to make decisions and perform classification.
a): This is a description of an expert system, which gained attention in the second AI boom.
c): This is a description of a method that was researched in the first AI boom.
d): This is a description of augmented reality (AR).
5
Q13 Answer b)
Explanation
Deep learning refers to an AI technology that incorporates the mechanisms of a neural
network, and it is a technique for machine learning. Neural networks are artificial replications
of the mechanisms in a human brain. Machine learning refers to an AI technology that is
characterized by self-learning by AI where large volumes of data are imported into AI, and
then the AI itself discovers rules and relationships, categorizes the data and performs other
such actions.
Deep learning is characterized by the way that even with no instructions from humans, the AI
itself can identify the characteristics of a subject by simply importing large volumes of data,
and can make decisions and perform classifications.
In the identification of crop leaves that have pests on them, the presence of pests is
recognized by detecting an area of several millimeters with a different color on leaves that
have been eaten by pests. So by importing into AI a large volume of image data for leaves
that have been eaten by pests and leaves that have not been eaten by pests beforehand, the
AI becomes able to differentiate between the two.
a), c), d): These are not processes that use deep learning.
Q14 Answer d)
Explanation
Fraud triangle refers to the investigation of actual criminals and the compilation of “what
kind of a mechanism works until a person performs fraudulent behavior” as a theory by an
American criminologist Mr. Cressey. According to this theory, fraudulent behavior occurs
when the three (3) elements of “opportunity,” “pressure,” and “rationalization” are aligned.
Element Description
Opportunity It refers to the existence of an environment that facilitates fraudulent behavior.
Pressure It refers to circumstances that are the main cause of occurrence of a fraud.
Rationalization It refers to selfish reasoning such as interpreting things in a convenient way and
passing the buck around to the others.
a): These are the three (3) elements of the security function that are set by the user of the
information system, and are also called AAA. Authentication refers to authentication to
the information system, Authorization refers to the allocation of the access permission,
and Accounting refers to recording of the access history.
b): These are the three (3) elements of 3C analysis. 3C analysis refers to the technique of
analyzing the 3Cs of one’s Company, Competitors, and Customers to find the important
elements for achieving the business objectives.
c): These are the three (3) elements that must be secured and maintained in order to achieve
the objectives of information security. Confidentiality means enabling only a person who
has been allowed access to access information, Integrity means ensuring that information
and its processing method are maintained in an accurate and complete state, and
Availability means enabling an authorized user to access information and related assets
when required.
6
Q15 Answer b)
Explanation
Drive by download refers to an attack in which a malicious program is automatically
downloaded without the realization of the user, simply by displaying a website.
a): This is the description of cache poisoning.

c): This is the description of an SQL injection.
d): This is the description of ransomware.
Q16 Answer a)
Explanation
Shadow IT refers to the information devices (such as the PCs and mobile devices privately
owned by employees) and external services used by employees for business activities without
obtaining the permission of the company. Shadow IT increases the risk of infection by
malware, and the risk of information leakage, etc.
b), d) : These correspond to social engineering.

c): It corresponds to back door.
Q17 Answer c)
Explanation
Cyber rescue team (J-CRAT) is an organization that performs activities to support the
reduction of damage in an organization that has sought advice from it and breakage of the
chain of attack in order to prevent the damage caused by the targeted attack from expanding.
It is established in the Information-technology Promotion Agency (IPA).
A targeted attack is an attack targeting a specific user in a company or organization. By
posing as the relevant person, the trust of a specific user is won so as to exploit confidential
information and send a virus e-mail.
a): This is the description of activities of a Security Operation Center (SOC).

b): This is the description of activities of a Computer Security Incident Response Team (CSIRT).
d): This is the description of activities of the Initiative for Cyber Security Information sharing
Partnership of Japan (J-CSIP).
7
Q18 Answer c)
Explanation
Multi-factor authentication means performing authentication by using multiple different
techniques of user authentication rather than just a single factor. By using multiple techniques
of user authentication, security can be strengthened.
The techniques of user authentication include authentication based on knowledge (a
matching technique of identifying on the basis of information that can be known only by
the relevant person), authentication based on one’s belongings (a matching technique
of identifying on the basis of information recorded in the belongings of only the relevant
person), and authentication based on biological information (a matching technique of
identifying on the basis of characteristics of the biological information of the relevant person).
Because this is a two-factor authentication, an authentication performed by using two (2)
different techniques of user authentication may be selected.
A: Because authentication based on user ID and password is “authentication based

on knowledge,” and authentication based on a secret question and answer is also
“authentication based on knowledge,” it does not correspond to two-factor authentication.
B : Because authentication based on user ID and password is “authentication based on
knowledge,” and authentication based on an IC card is “authentication based on one’s
belongings,” it corresponds to two-factor authentication.
C : Because authentication based on user ID and password is “authentication based on
knowledge,” and authentication based on fingerprints is “authentication based on
biological information,” it corresponds to two-factor authentication.
D : Because authentication based on veins is “authentication based on biological
information,” and authentication based on the iris is also “authentication based on
biological information,” it does not correspond to two-factor authentication.
As such, B and C correspond to two-factor authentication.
Q19 Answer d)
Explanation
Hybrid cryptography is an encryption method in which symmetric cryptography and public
key cryptography are combined and used. By combining the advantages of fast encryption
and decryption speed of symmetric cryptography, and easy key management of public key
cryptography, encryption and decryption can be performed by a more practical method. As a
result, a balance can be struck between processing performance and the cost of key management.
According to hybrid cryptography, a symmetric key is encrypted by using public key
cryptography, and the encrypted symmetric key is sent to the recipient. If it is possible to have
the mutually same symmetric key, the plain text can be encrypted and encrypted text can be
decrypted by using symmetric cryptography.
Symmetric cryptography is a method of using the same key (symmetric key) for encryption
and decryption. Because it is not possible to prevent theft and falsification if the key is known
by a third person, the symmetric key must not be secretly shared.
Public key cryptography is a method of using different keys (private key and public key) for
encryption and decryption. A private key is owned by the person him/herself and must not
be disclosed to a third person. Because a public key is openly disclosed to a third person, it is
registered with a certificate authority (CA) and disclosed.
a): By using symmetric cryptography for encryption and decryption, the speed of encryption
of plain text and decryption of encrypted text is faster in the case of hybrid cryptography
8 as compared with public key cryptography.
b): Hybrid cryptography is not a combination of multiple different symmetric cryptography
methods.
c): Hybrid cryptography is not a combination of multiple different public key cryptography
methods.
Q20 Answer d)
Explanation
The act of introducing malware in a computer of a company and deleting the memory
contents of the computer is punishable under crime on electromagnetic records of
unauthorized commands (penalty on computer virus creation) of the Penal Code. According
to the penalty on computer virus creation, the act of creating, providing, supplying, acquiring,
and storing malware such as computer virus, etc. is prohibited.
The Penal Code is a law that stipulates the kind of actions that amount to a crime, and the
penalty that is applicable when a crime occurs.
Therefore, d) is the correct answer.
a): The Act on the Prohibition of Unauthorized Computer Access is an act for controlling
crimes by unauthorized access.
b): The Basic Act on Cybersecurity is an act that stipulates the basic policies concerning the
strategies and system of a country, and the measures, etc. to take in order to deal with the
threats of cyber attacks.
c): The Act on the Limitation of Liability for Damages of Specified Telecommunications
Service Providers and the Right to Demand Disclosure of Identification Information of the
Senders is an act that restricts the scope of responsibility of the provider for compensation
of damage (liability), and enables the person who has incurred damage to request for
the disclosure of the name and other details of the sender, when personal information
has been leaked or derogatory remarks have been posted on a web page that exists on a
rental server operated by a provider.
Q21 Answer b)
Explanation
The Act on the Protection of Personal Information is an act that aims at protecting the rights
and interests of an individual while taking into consideration the utility of personal information
by stipulating the obligations, etc. to be fulfilled by the business operator handling personal
information.
The personal information according to the Act on the Protection of Personal Information
refers to information that enables identification of a specific individual, such as the name of
the person, date of birth, address, etc. The occupation and income, information about the
family, health condition, etc. are also included in personal information.
The anonymously processed information according to the Act on the Protection of Personal
Information means information produced from processing personal information so as
not to be able to identify a specific individual, and also not be able to restore the personal
information. The objective of the anonymously processed information is to promote the
utilization and application of data including data transaction and data linkage between
business operators on the basis of fixed rules without the consent of the relevant person.
According to the guidelines pertaining to the Act on the Protection of Personal Information
(Anonymously Processed Information), generally speaking, descriptions about unusual facts
and descriptions that bring about a remarkable distinction from other individuals may lead
to identification of a specific individual, or recovery of the original personal information.
9
Therefore, at the time of creating anonymously processed information, peculiar descriptions,
etc. must either be deleted or replaced with other descriptions. For example, deleting a case
history that has an extremely small number of cases, or replacing information indicating the
age as “116 years” with “90 years or above” corresponds to this.
a): The passport number corresponds to personal information assigned by an official

organization that enables the identification of a specific individual, and therefore, must be
deleted or processed.
c): When anonymously processed information is used, information concerning the
processing method must not be acquired in order to identify the relevant person.
d): When the anonymously processed information is provided to a third person, it must be
clarified to the destination that the concerned information is anonymously processed
information.
Q22 Answer c)
Explanation
The Act on the Protection of Personal Information is an act that aims at protecting the rights
and interests of an individual while taking into consideration the utility of personal information
by stipulating the obligations, etc. to be fulfilled by the business operator handling personal
information.
The personal information according to the Act on the Protection of Personal Information
refers to information that enables identification of a specific individual, such as the name of
the person, date of birth, address, etc. The occupation and income, information about the
family, health condition, etc. are also included in personal information.
The special care-required personal information according to the Act on the Protection of
Personal Information is personal information that needs to be taken into consideration in
order to appropriately handle personal information that may result in disadvantages for the
relevant person, such as unfair discrimination or prejudice. Specifically, the race, creed, social
status, medical history, criminal record, fact of having suffered damage by a crime, or other
descriptions etc. correspond to the special care-required personal information.
A: The nationality does not correspond to special care-required personal information. Note
that the race corresponds to special care-required personal information.
B : Information about loaned books on religion does not correspond to special care-required
personal information. Note that the creed corresponds to special care-required personal
information.
C : Information such as medical records that a medical expert has come to know through
medical service corresponds to special care-required personal information.
D : Facts that have been investigated for a criminal investigation that hold the relevant
person as a suspect correspond to special care-required personal information.
As such, C and D correspond to special care-required personal information.
10
Q23 Answer b)
Explanation
The Cybersecurity Management Guidelines are guidelines for promoting cybersecurity
measures under the leadership of managers for companies supplying systems, services, etc.
related to IT among large companies and medium to small companies (excluding small-scale
business operators), and also managers of companies for which IT utilization and application
is indispensable in the business strategy. These guidelines are created by the Ministry of
Economy, Trade and Industry together with the Information-technology Promotion Agency
(IPA). In the Cybersecurity Management Guidelines, from the viewpoint of protecting the
company from cyber attacks, the three (3) principles that the managers are required to
recognize, and the 10 important items that the managers must indicate to the responsible
executive employee (such as the CISO, etc.) who is the person responsible for implementing
the information security measures have been compiled together.
According to the three (3) principles that the managers are required to recognize,
comprehensive cybersecurity measures including the supply chain business partners and
subcontractors must be implemented rather than only cybersecurity measures of one’s own
company.
a): The Cybersecurity Management Guidelines do not define that it is necessary to

implement security measures taken by the local community where the office of Company
A is present.
c): The Cybersecurity Management Guidelines do not define that it is necessary to implement
security measures taken by individuals who use products and services.
d): The Cybersecurity Management Guidelines do not define that it is necessary to implement
security measures taken by the investing stock holders.
11
Supplement for Syllabus Version 4.0 to
New IT Passport Examination
Preparation Book
First Edition: March, 2020
● All screenshots in this book are used with the permission of Microsoft.
● Microsoft, Access, Excel, Outlook, PowerPoint, Internet Explorer, Windows, Windows Vista, and MS-DOS are
trademarks or registered trademarks of Microsoft Corporation in the USA and in other countries.
● All other names, such as those of products and companies, are trademarks or registered trademarks of the
respective companies.
● TM and ® symbols are omitted from text in this book.
● The names of individuals, groups, and products as well as logos, contact details, e-mail addresses, locations, and
events that appear in texts are all fictional. There is no relation whatsoever to any actually existing entity.
● The structure and all chapters, programs, images, and data etc. in this textbook are protected under the Copyright Act.
Any act that violates the rights stipulated in the Copyright Act, such as copying/duplicating this textbook in part or in
full, by any means whatsoever is prohibited.
● Information-Technology Promotion Agency, Japan accepts no responsibility for any damage incurred either directly or
indirectly as a result of using this book, and shall under no circumstances pay any compensation whatsoever.
● The content of this book is subject to change without prior notification.
Original Japanese edition published by FUJITSU FOM LIMITED
よくわかるマスター
ITパスポート試験対策テキスト＆過去問題集
2019年度版
シラバス Ver.4.0の新出項目
(ISBN978-4-86510-374-8)
Copyright © 2018 by FUJITU FOM LIMITED
Translation rights arranged with FUJITSU FOM LIMITED
English language editon copyright © 2020 INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN
INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN

Center Office 16F, Bunkyo Green Court, 2-28-8, Hon-Komagome, Bunkyo-ku, Tokyo,
113-6591 JAPAN

New IP Prep SyllabusVer4.0 Supplement Unlocked

Uploaded by

Copyright:

Available Formats

New IP Prep SyllabusVer4.0 Supplement Unlocked

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

New IP Prep SyllabusVer4.0 Supplement Unlocked

Uploaded by

Copyright:

Available Formats

New Topics in Syllabus Ver. 4.

New Technologies and Techniques……… 1

1 The Fourth Industrial Revolution

1 The First to Third Industrial Revolutions

IoT is utilized in a range of industries including finance, agriculture,

New Topics in Syllabus Ver. 4.0

Wearable device Mobile device

Below are some ways that drones are utilized in industry.

・ Spreading of agricultural chemicals

(2) Connected cars

New Topics in Syllabus Ver. 4.0

New Topics in Syllabus Ver. 4.0

Wireless charging by magnetic resonance

●On the site of hazardous work

●On the site of construction/production

●On the site of corporate hospitality, distribution, and delivery

●In the field of medical care and agriculture

●In the field of support for daily life

・ An observation robot that comforts elderly people and provides notification in

(7) Smart factories

New Topics in Syllabus Ver. 4.0

(9) Sharing economy

New Topics in Syllabus Ver. 4.0

(2) Practical systems that use sensors

photosensitive element. When reflected light is received,

(1) IoT network components and communication methods

New Topics in Syllabus Ver. 4.0

Wireless LAN ５G/LTE

Specific use scenarios are as below.

New Topics in Syllabus Ver. 4.0

●Use scenarios for low speed networks/wide area communication such

4 IoT system security

(1) IoT Security Guidelines

(2) IoT Security Guide for Consumers

New Topics in Syllabus Ver. 4.0

1 Classification of big data

New Topics in Syllabus Ver. 4.0

4 Points for attention and issues in the

●Prepare against the risk of data loss or theft

●Handle swift data processing

5 Big data utilization technological and

(1) Text mining

4 Agility services have become threats to the

New Topics in Syllabus Ver. 4.0

1st iteration 2nd iteration 3rd iteration

Development Testing/evaluation Development Testing/evaluation Development Testing/evaluation

Release 1 Release 2 Release 3

Design Analysis Design Analysis Design Analysis

1 Extreme programming (XP)

New Topics in Syllabus Ver. 4.0

Input layer Intermediate layers Output layer

The biggest difference between deep learning and general machine

4 Typical examples of AI utilization

(1) AI utilization in service desk operation

New Topics in Syllabus Ver. 4.0

1 Mechanism by which fraudulent behavior occurs

(1) Fraud triangle

2 Types of technical threats

New Topics in Syllabus Ver. 4.0

a) It is software that is embedded in hardware in order to control a device.

a) R eceiving electromagnetic waves from a satellite and conveying current location

a) Authentication, authorization, accounting

a) A PC or a cloud service that is used by employees in business operations without the

A Authentication based on user ID and password, authentication based on a secret question

a) Act on the Prohibition of Unauthorized Computer Access

A Information about nationality