New IP Prep SyllabusVer4.0 Supplement Unlocked
New IP Prep SyllabusVer4.0 Supplement Unlocked
New IP Prep SyllabusVer4.0 Supplement Unlocked
0
New Topics in Syllabus
Ver. 4.0
This provides an explanation of the main new topics added
to the latest edition of the “Syllabus Ver. 4.0” (revised August
2018) as published by the holder of the examinations.
2 Industry 4.0
In its broadest sense, “Industry 4.0” has the same definition as the Fourth
Industrial Revolution, but in its narrowest definition it refers to Germany’s
industrial strategy.
Reference Industry 4.0 is advocated as a national project to be taken forward
Industry, government, and through a collaboration between industry, government, and academia in
academia the German government’s High-Tech Strategy 2020.
“Industry, government, and academia” This strategy will reform the entire manufacturing industry through
refers to the three (3) parties of industry
(private companies), government (local
digitalization and network creation, and as a result achieve “mass
and national), and academia customization,” which enables the production of individual products with
(educational institutions and research custom specifications for each consumer with the same scale and speed
institutions). as mass production.
2 IoT
Reference “IoT” is a technology that connects to the Internet not only computers and
IoT other such IT devices but also everything else from industrial machinery,
An abbreviation of “Internet of Things.” household electrical appliances, and vehicles to non-electronic products
such as clothing and shoes. It is an abbreviation of “Internet of Things.”
1
Technologies to connect machines and other things to a network in the Reference
Sensor
same way as the IoT concept have existed for a while. However, IoT is now
“Sensor” refers to a device that detects
gaining a lot of attention for the following three (3) reasons. and measures changes in light,
temperature, pressure, and other such
・ Because of the compactness, low cost, and high functionality of sensors that collect
things.
information, it is now possible to attach sensors to all kinds of things.
・ Because of the increased speed and capacity of communication lines, it is now
easier to send data that is gathered by sensors.
Reference
・ Because of the lower prices and advanced functions of cloud services, it is now
Cloud service
easier to accumulate large volumes of gathered data, analyze it, and utilize it.
“Cloud service” refers to services that
are provided by servers (cloud servers)
As a result of the IoT environment being established in this way it is now on the Internet and are used via a
possible to gather, store, and analyze vast qualities of data from a wide network.
range of things, and it has become possible to produce high added value
in all fields.
number of calories burned by an insurance policyholder. This data is then Wearable device
“Wearable device” refers to a mobile
analyzed and used in medical insurance services that offer discounted
device that can be worn on the body.
premiums according to level of health improvement. Forms include wrist watches and
●Agriculture eyeglasses.
Wearable devices are attached to cows’ necks and cow activity
information is acquired in real time for analysis with AI in the cloud. This is Reference
utilized in cow herd management services that gather estrus information AI
required for breeding, identify cows that need attention such as those “AI” refers to attempts to analyze the
functions performed by a human brain
showing signs of illness, and provide this information to managers.
and to recreate those functions
Cow herd management system artificially, and to devices and systems
Condition detection with AI (estrus, signs of illness, etc.)
that have such functions. It is an
Data transferred Solid object abbreviation of “artificial intelligence.”
Abnormality detection
to cloud search and display
Acquisition of data
on level of cows’ activity ■Signs of illness
●●●●●●●
●●●●●●●
●●●●●●●
●●●●●●●
Data from solar sensors and soil sensors is analyzed in the cloud to decide
the optimum volumes of water and fertilizer. This is utilized in agricultural
soil environment control services that deliver water and fertilizer mixed
automatically directly to the roots of crops by using a pre-laid tube.
●Medical care
Sensors are installed under the mattress of hospital beds to determine the
patients’ pulse, breathing rate, whether they are sitting up and whether
they are out of bed, and in addition to this, to determine whether they are
awake or asleep by analyzing the data in the cloud. This status information
2
is utilized in support services for doctors and nurses who perform
centralized management from control rooms.
●Logistics
Sensors are attached to all products to automate inspection work upon
arrival at and shipment from warehouses. Furthermore, it is also utilized
in logistics support services that make suggestions for the optimum
deployment in warehouses from inventory information and order
information.
1 IoT systems
An “IoT system” is a system that uses IoT. By connecting everything to
which communication functionality has been added to the Internet it
enables automatic recognition or remote measurement and achieves
high-level decision-making and automated control through the collection
and analysis of large volumes of data. Anything to which communication
functionality is added is referred to as an IoT device. IoT systems utilize
many different types of IoT devices and technologies.
(1) Drones
“Drone” refers to a small, unmanned aircraft that can be controlled
remotely. The origin of the name drone is the drone bee, and drones were
given this name as the sound they produce during flight is similar to that
produced by the wings of a drone bee.
While drones were originally used for military purposes, there are now
many products on sale for civil and industrial use.
In a broad sense, drones can be classified as a general remote control
vehicle, but an aspect that makes them different from other general remote
control vehicles is that they are equipped with cameras and a range of
sensors. There are also drones that are capable of autonomous flight by
using these sensors.
It is hoped that in future, drones will be able to be used for purposes
including delivering a range of goods and performing surveys from the air.
Some drones have been put into practical use already, but there are still
issues that need to be addressed before they are put into fully-fledged
commercial use, such as improvement in collision avoidance technology,
the establishment of drone management systems, and legislation.
3
Vehicles are now making increasing use of IT, including being equipped
with various sensors. The various information that such vehicles can
collect is accumulated as big data in the cloud via the Internet, and by
analyzing it with AI, it is expected that a range of value-added services can
be provided.
And through “road-to-vehicle communication” where communication is
performed between the vehicle and infrastructure on the exterior (road)
and “vehicle-to-vehicle communication” where direct communication
is performed wirelessly between vehicles, cooperative driving assistance
will be possible, enabling things such as the acquisition of traffic jam
information and collision avoidance.
The Japanese Ministry of Internal Affairs and Communications “Research
Group for the Realization of a Connected Car Society” states that services
in the four (4) fields below will become possible with the spread of
connected cars.
Vehicle-to-vehicle
communication Road-to-vehicle
communication
4
(3) Automated driving
“Automated driving” refers to a vehicle being driven or operated by a
machine, computer system, or other such system instead of a human. It is
also called “Autopilot.”
Aircraft and ships have thus far taken the lead in automated driving
technology, but in terms of relationship with IoT systems, automated
driving technology for automobiles is currently gaining attention.
When a human drives a vehicle, they usually repeat the process of
recognition, decision, and operation, or do these simultaneously.
In autonomous vehicles, different types of sensors are used to perform the
process of recognition, and then AI implements the process of decision
making on the basis of the obtained data. And then according to the
decision, it issues control instructions for operation to the electronically
controlled accelerator, brakes, steering, and other systems.
The USA’s Society of Automotive Engineers (SAE) has created different
levels for automated driving, classified from 0 through 5.
Level Overview Driver Automation details
Level 0 No Human
-
automation
Level 1 Driver Human • Provides operation assistance for
assistance either the forward and backward
motion of the car (acceleration/
deceleration) or the left/right motion
of the car (handling) in a specified
area only.
• The driver must always monitor the
status of automated driving.
Level 2 Partial Human • Provides operation assistance for
automation both the forward and backward
motion of the car (acceleration/
deceleration) and the left/right
motion of the car (handling) in a
specified area only.
• The driver must always monitor the
status of automated driving.
Level 3 Conditional Car • Performs all driving operations in a
automation (automated specified area only.
driving • G enerally, automated driving is
system) performed under the responsibility
of the automated driving system, but
in emergencies a human must drive.
Level 4 High Car • Performs all driving operations in a
automation (automated specified area only.
driving • Driver is not required even in emer-
system) gencies within a specified area.
Steering wheel and other driving
devices for human driving are re-
quired for driving outside a speci-
fied area.
Level 5 Full Car • P erforms all driving operations
automation (automated automatically without being limited
driving to a specified area.
system) • No steering wheel or other driving
devices for human driving are
required.
5
(4) Wireless charging
“Wireless charging” refers to a technology that can charge an electronic
device or other such things without the needs for electrical cables or
connectors. It is also called “cordless charging” and “wireless power
transfer.” As well as dedicated chargers for each device, there are also
chargers that comply with the “Qi” international standard that can be
used by many different devices.
There are two (2) types of wireless charging; a non-radiative type that is
currently in use, and a radiative type (microwave spatial transfer) that is
expected to be commercialized in future. The characteristics such as the
energy collection method and usage method are as below.
System Characteristics
Non-radiative types A system for transferring electrical power over a
relatively close range. Ways to achieve this include
electric field coupling and magnetic resonance.
• Electric field coupling
6
(5) Robots
“Robot” refers to a mechanical system that has the three (3) functions
of sensor-based detection of external information, intelligence/control
system-based analysis of gathered information and decision making, and
drive system-based ability to act on the outside world.
In the IoT society, everything is equipped with sensors, and the
information gathered by these sensors is imported by a cloud server
or other such device. As such, this has produced a situation where the
intelligence and control systems on the cloud server can control robots
in remote locations, and there are now some robots that use networks to
implement some of the three (3) functions possessed by a robot.
Some of the specific uses and roles of robots are as described below.
・ A remote controlled robot that inspects disaster areas and the interior of nuclear
power stations
・ A self-propelled robot that patrols offices and commercial facilities at night
・ A humanoid robot that performs work in a high-temperature environment at an
iron mill
・ A wearable robot that provides support when a worker lifts a heavy object
・ A dedicated robot for each process such as ceiling work, loading, and welding
・ A humanoid robot that deals with guests at a hotel reception or takes orders at a cafe
・ A picking robot that identifies products on a production line, and uses an arm to
perform everything up to packaging
・ A delivery drone that delivers goods to a remote island
・ A surgery robot that has multiple arms and provides support for endoscopic surgery
・ A harvesting robot that uses image recognition to identify and pick only ripe tomatoes
(8) RPA
“RPA” refers to an initiative to use software in order to automate and Reference
destination, buying and selling services for unused second hand goods, DIY
“DIY” refers to an individual creating or
and services where an individual provides their skills (DIY, cooking, etc.).
repairing something themselves.
It is an abbreviation of “Do it yourself.”
2 IoT devices
“IoT device” refers to a device (or component) that is connected to an IoT
system. Specifically, it refers to sensors and actuators that are built in to
IoT equipment. In some cases, in its broadest sense it also refers to the
actual IoT equipment that sensors and actuators are built in to.
IoT devices are mainly divided into “input devices” that send information
to a cloud server, and “output devices” that acquire information from a
cloud server.
Input devices contain sensors that record changes in information and
the surrounding environment, and are connected to a network. Output
devices acquire information from a cloud server, and have the role of
leading people or things into an appropriate state by using an actuator.
8
(1) Types of sensor
“Sensor” refers to a device that detects and measures changes in light,
temperature, pressure, and other such things. Many devices are already
equipped with sensors, and they are used to for purposes such as
adjusting the temperature and strength of air conditioners and preventing
overheating by gas cookers.
In IoT systems, change and other information that is gathered by sensors is
sent to a cloud server and is analyzed and processed to give it greater value.
Typical sensors include those described below.
Type Description
Light sensor This is a sensor that measures the size of an object,
dimensions such as length and width, position, and other
such things by using light. Semiconductor devices in
which an electrical current occurs when impacted by light
are used in such sensors. They are used in many familiar
places, such as vending machine for the recognition of
bank notes and coins, and ticket gates at train stations to
detect when someone passes through.
Brightness sensor This is a sensor that detects brightness in the surrounding
(luminance sensor) environment. It uses similar semiconductor devices to
those used in light sensors. In smartphones and tablets,
a brightness sensor reacts to the brightness of the
surroundings and enables automatic adjustment of the
brightness of the screen.
Infrared sensor This is a sensor that converts infrared light into an
electrical signal, and can extract the required information.
Infrared rays are emitted naturally by warm objects, and
because they are invisible to the naked eye, they are
widely used in things from remote controls for household
appliances to crime prevention and security devices.
Electromagnetic This is a sensor that detects electromagnetic waves
wave sensor with a longer wavelength than infrared rays (these are
called microwaves), and can detect these waves without
being affected by the environment. Electromagnetic
wave sensors use electromagnetic waves, and so
are characterized by the way they have very few
false detections even outdoors, or in extreme climatic
conditions such as rain and wind. They can also cover
a wide area because electromagnetic waves reach the
shadow of objects and the corners of rooms. They are
used in theft prevention for vehicles, in the care of elderly
persons who live alone, and other such purposes.
Magnetic sensor This is a sensor that can measure strength, direction and
other such things in spaces where there is magnetism.
Uses include non-contact switches that switch the lighting
for the screen on a notebook PC on or off when it is
opened or closed, and there are a wide range of magnetic
sensors that can be used for different purposes. They are
widely used in the fields of electricity and engineering.
Accelerator sensor This is a sensor that can measure a change in speed
over a set period of time. A range of information can be
gained, such as tilt, movement, vibration, and impact,
and as well as controllers for game consoles, accelerator
sensors are used in many smartphones and intelligent
home appliances.
Gyro sensor This is a sensor that can measure the size of a revolution when
it occurs. Uses include image stabilization in digital cameras
and drift prevention in vehicles. Gyro sensors can measure the
“angular rate” that indicates the speed of revolution, and so are
sometimes called angular rate sensors.
9
Type Description
Ultrasonic sensor This is a sensor that can detect the presence of an object
and the distance of an object by using high frequency
inaudible ultrasonic waves. Ultrasonic sensors use sound
waves instead of light, and so they are characterized
by their ability to perform measurements even in water
and glass and other transparent objects, and dusty
environments. They are used to detect vehicles in cark
parks and crossings, to detect obstacles for transportation
devices, in fish finders, and for other such purposes.
Strain gauge This is a sensor that can measure strain. Strain sensors
measure the degree of strain by using the changes
in resistance that occur when an object is stretched,
compressed, twisted, or otherwise changed in shape
through the application of external force. They are often
used for the purpose of ensuring safety by monitoring the
state of things including transportation devices such as
vehicles and aircraft and civil engineering structures such
as high rise buildings and elevated expressways.
10
(3) Actuators
An “actuator” is a device that converts input in a form such as energy or a
signal into physical or mechanical movement.
In IoT systems, an actuators can be called a device to feed analyzed and
processed information back to the real world.
Specifically, information that is gathered by a sensor undergoes analysis,
processing, and other such operations by a cloud service, and it is then
sent to an actuator via a network. The actuator that receives information
then takes some form of feedback action.
For example, a humidity sensor in a greenhouse measures humidity, and
sends this to a cloud service. If the cloud service that receives the information
from the humidity sensor determines that the humidity is lower than
standard so should be increased, it sends control information to the
control unit of a sprinkler equipped with communication functionality in
the greenhouse telling it to start sprinkling. The control unit that receives
this information uses an electric motor to switch the sprinkler on and start
sprinkling. This control unit is an actuator.
3 IoT network
An “IoT network” is a network to which IoT devices (IoT equipment) are
connected.
IoT systems are constructed for a range of purposes and uses. As such, the
important points for networks that are used to implement an IoT system,
such as speed, connection scope, power consumption, cost, and level of
delay, differ for each system.
Each component of a network, the communication methods, and
other characteristics must be considered, and the optimum network
configuration for the IoT system to be implemented must be selected.
●LPWA
Reference
“LPWA” is a collective term for wireless communication technologies that
LPWA
An abbreviation of “Low Power Wide enable low power, wide area communication.
Area. In IoT, needs include installing many sensors over a wide area and
regularly gathering measurement information. In such cases, while
there is no problem if communication speed is low, the communication
technology required must be able to cover a wide area with low power
consumption and low cost.
LPWA are technologies that respond to these needs, and many
companies have launched services to meet them. From the perspective
of communication standards, these services are broadly divided into
services that use the same frequency bands as cell phones and require a
license, and services that use general purpose frequency bands and do
not require a license.
11
●Edge computing
“Edge computing” is a computer network technology in which servers
are distributed and deployed near people and IoT devices. It is called edge
computing because processing is performed at the edge of the network.
Normally, IoT devices and other devices send the information they gather
to a cloud server. But as IoT systems became more and more common,
the problem of processing being concentrated in cloud servers occurred.
There is also sometimes a delay between an IoT device making a request
for processing to a cloud server and the result returning to the IoT device
because there is a long communication path from IoT devices to a cloud
server. Such delays may lead to serious accidents in processing that must
be very real time in nature, such as the processing in connected cars. As
such, a system gaining attention is one where some of the processing
that used to be given to cloud servers is instead given to a server called an
“edge” near to the IoT device.
12
●IoT area network
An “IoT area network” is a communication technology for the connection
Reference
of IoT devices in a small area such as a factory, school, or household. In an
PLC IoT area network, a wireless LAN, PLC in the case of a wired connection,
“PLC” refers to a network and other such things are often used.
communication technology that is In order to implement an IoT system, it is necessary to connect IoT devices
plugged into power sockets in general
(IoT equipment) to cloud servers and other such things via a network.
households and buildings and uses
power lines as communication lines. When they are connected, IoT devices use an IoT network to connect to a
It is an abbreviation of “Power Line cloud server via the route below.
Communications.”
Cloud server
Internet
Reference
Gateway
Gateway
“Gateway” refers to a device that IoT area network
converts the different protocols (rules for
communication) for LANs and WANs IoT devices (IoT equipment)
(wearable devices, intelligent home appliances, robots, etc.)
and connects them.
●5G
Also known as the fifth-generation mobile communications system, “5G”
is a communication standard for next generation communication for cell
phones, smartphones, and other such devices that the Ministry of Internal
Affairs and Communications and private companies are working to start
commercial use of in 2020.
It is the successor technology of the currently widely used LTE and the
fourth-generation mobile communications system LTE-Advanced. When
these technologies are compared, the characteristics of 5G are high
speed/high capacity, low delay, and multi-connection.
Characteristics Details
High speed/high It achieves speeds 100 times faster than at present and has
capacity a high capacity by using a combination of new frequency
bands that enable the use of wide band communication in
Reference addition to the frequency bands that are currently used. For
Telematics example, a 2 hour movie can be downloaded in 3 seconds.
“Telematics” refers to the provision of a Low delay Network delay is reduced to 1 millisecond (one thousandth
range of services in real time through of a second) or less, and time lag is very small, even in
the embedding of wireless communication with remote locations.
communication and information systems Multi-connection Simultaneous connection with many devices is possible.
in moving objects such as automobiles, For example, in an area about the size of a household,
or to this concept. simultaneous connection of several PCs, smartphones, or other
It is a portmanteau of the words devices is currently possible, but with 5G the simultaneous
connection of around 100 devices will be possible.
telecommunication and informatics.
Through the linking of on board
navigation systems, GPS, sensors, (2) Use of either high speed networks or low speed networks depending
information devices and other such on purpose
things to wireless data communication While 5G has the characteristics of high speed/high capacity, low delay,
services that can be connected to the
and multi-connection, the cost of use increases proportionately. As such,
Internet, it enables the provision of traffic
jam information, traffic information, 5G will be used for situations where real time communication with no
weather forecasts, video and audio data, delay is needed even if cost is incurred.
and other such things, as well as the On the other hand, LPWA is slower and has large delays compared to 5G,
transmission of information.
but it has the characteristics of being inexpensive to use and having low
power consumption. As such, it is used in situations where cost is to be
13
prioritized over communication performance, and maintenance such as
battery replacement is to be reduced.
Power consumption -
High
Communication Communication
range - Narrow range - Wide
BLE LPWA
Power consumption -
Low
・ Scenarios where a connected car communicates with other cars and external
infrastructure, detects risks and alerts the driver or operates the automatic break
・ Scenarios where a doctor in a remote location operates a robot arm that performs
surgery on an actual patient in a remote operation
・ Scenarios where digital water meters on remote islands send meter information
that is received by a water bureau
・ Scenarios where sensors are installed in various areas around a vast paddy field to
measure the daily water level, and a farmer uses these to perform centralized
management for the water level of all locations
These five (5) principles and 21 key concepts for security measures are as
below.
14
Stage Principle Key concept
Policy Principle 1 Key concept 1 Directors must commit
Define a basic to IoT security
policy that Key concept 2 Be prepared against
considers the internal fraud and
essence of IoT errors
Analysis Principle 2 Key concept 3 Identify what needs to
Recognize IoT be protected
risks Key concept 4 Envision the risks from
being connected
Key concept 5 Envision the knock-on
risks from being
connected
Key concept 6 Recognize physical risks
Key concept 7 Learn from past examples
Design Principle 3 Key concept 8 Create a design that
Consider a design protects individual
that protects elements and the whole
what needs to be Key concept 9 Create a design that
protected does not inconvenience
counterparts to whom
you will connect
Key concept 10 Ensure consistency in
a design that achieves
safety and security
Key concept 11 Create a design
that ensures safety
and security even
when a connection is
established with an
unknown counterpart
Key concept 12 Conduct verification
and evaluation to
ensure the design
achieves safety and
security
Implementation Principle 4 Key concept 13 Create a function to
and connection Consider identify and record the
measures to status of devices and
be taken on the other such things
network Key concept 14 Ensure network
connections are
appropriate for the
relevant function and
purpose
Key concept 15 Pay attention to initial
settings
Key concept 16 Include an
authentication function
Operation and Principle 5 Key concept 17 Maintain a state of
maintenance Maintain a state safety and security after
of safety and shipment and release
security, and Key concept 18 Continue to identify IoT
disseminate and risks after shipment and
share information release, and convey to
stakeholders the things
to be followed
Key concept 19 Ensure that general
users know about the
risks of connecting
Key concept 20 Recognize the roles
of stakeholders in IoT
systems and services
Key concept 21 Identify vulnerable
devices and
raise awareness
15 appropriately
Four (4) rules that should be followed by general users are also defined.
The four (4) rules for general users are as below.
Rule 1: Refrain from purchasing or using devices and services that do not offer support
or a point of contact for inquiries
Rule 2: Pay attention to initial settings
Rule 3: Switch off devices that are no longer used
Rule 4: Delete data when disposing of devices
3 Big Data
“Big data” refers to a massive volume of complex data that cannot be Reference
handled with a conventional database management system. Three (3) Vs
Conventional database management systems handled formatted, It is said that big data has the
characteristics of the three (3) Vs. The
structured data such as numerical information concerning sales and
three (3) Vs are volume, variety, and
production and customer information. velocity.
However, as IoT becomes more and more common, countless sensors
Characteristic Meaning
installed in locations such as production sites, public locations,
A massive amount
households, and on people (wearable devices) are able to gather massive Volume
of data
volumes of data in real time.
A range of data such
Furthermore, smartphones, tablets, social media, and other such things Variety as text, image, and
that people use generate various types of data in large volumes such as audio
images, audio, and video that is not simply text. Data gathered in
Velocity
It was previously impossible to process such a massive volume of data, real time
but the reason that big data is now being given so much attention is that
because of the development of high speed high capacity communication
and cloud servers, it is now possible to do things such as accumulate a
large volume of data and process it with AI.
The degree to which this gathered, accumulated, and analyzed big data
can be used in a way that is valuable to society, industry, and people’s
everyday life is an important issue.
17
3 Analysis methods for big data
Analysis methods for big data include those described below.
Type Description
Cross tabulation This refers to the tabulation and analysis of data for each
analysis certain standard (angle).
For example, by breaking down sales f or diff erent
convenience stores by the gender, age group, day of the
week and analyzing it, it is possible to find out about the
relationship between different attributes.
Association This is a method for investigating things such as trends
analysis where two (2) seemingly unrelated phenomena are prone to
occurring together from accumulated data.
For example, if trends such as beer and paper diapers
tending to be purchased together can be identified from
supermarket sales data, it is possible to take action such
as moving the location of these things closer to increase
simultaneous purchase.
Logistic This is a method of predicting the probability that something
●Clarify objectives
In the utilization of big data, the true objective is not just to analyze big
data, rather, it is to gain business knowledge from the results of analysis
and achieve business targets. It is always necessary to check whether
activities that are consistent with the objectives are being undertaken.
18
In terms of security incidents such as the leakage of corporate information,
most of these are caused by human error within a company and theft
by an inside party. As such, an appropriate response for internal security
measures is required.
●Consider privacy
The information handled by companies contains much personal
information. This should be managed appropriately in accordance with
the Act on the Protection of Personal Information.
19
It is related to fields such as mathematics, statistics, information
engineering, and computer science, and it is used in a wide range of Reference
business fields such as corporate marketing as well as other fields such as Digital transformation
medical science, biology, sociology, education, and engineering. “Digital transformation” refers to reform
in a range of activities on the basis of IT,
People who research data science and use data science technology in
and especially in companies, it refers to
order to achieve the goals of corporate activities such as marketing are the reconstruction of all business
called “data scientists.” activities on the basis of IT.
For example, through the combination of
smartphones and cloud services,
hosting, ride sharing, and other such
20
Agile software development itself indicates a fundamental approach, and
specific development techniques include extreme programming (XP) and
scrum.
2 Scrum
“Scrum” takes its name from the scrum in the sport of rugby, and is a
technique for agile software development. It emphasizes organizational
unity and functioning of the development team.
A scrum is performed with a small number of people, with the maximum
Reference being around nine (9). In each “sprint” period with a maximum length
DevOps of around four (4) weeks, the scope of the program to be developed is
“DevOps” is a portmanteau of the words determined. Everything from development to review and adjustment is
development and operations, and it
performed in each sprint, and development is performed while constant
refers to a methodology where the
development team and the operation communication is maintained to check if there are any problems with
team for an information system work the program status and the way it is being taken forward. Another
closely to ensure a seamless shift from characteristic of a scrum is the way development is performed while
development to production migration
changes are flexibly being made to the priority order of user requirements.
and full operation with the aim of
avoiding a slowdown in business.
It is an approach that is applicable to
agile software development, and
organizational structures that follow the
approach of DevOps are required in
order to continuously and quickly release
completed software through cooperation
between the development team and the
operation team.
21
5 Artificial Intelligence (AI)
“AI” refers to attempts to analyze the functions performed by human
brain and to recreate those functions artificially, and to devices and
systems that have such functions.
The current generation is called the third AI boom, and technologies such
as machine learning and deep learning are gaining attention.
The first AI boom occurred around 60 years ago. The history up to this
point is as below.
Boom Description
First AI boom Algorithms such as inference and search were used
(late 1950s to 1960s) to achieve results such as finding a solution for
games and puzzles, but it was not possible to solve
real problems and the boom died down.
Second AI boom Knowledge in a limited number of fields was used to
1 Neural networks
“Neural networks” are artificial replications of the mechanisms in a human
brain. The human brain has many nerve cells (or “neurons”) that form a
nerve communication network. This is the basis for neural networks. A
neural network is a network with three (3) layers (input layer, intermediate
layer, output layer) of linked artificial neurons.
22
2 Machine learning
“Machine learning” refers to an AI technology that is characterized by
self-learning by AI in which large volumes of data are imported into AI,
and then the AI itself discovers rules and relationships, categorizes the
data and performs other such actions.
In the background to the birth of machine learning there are factors such
as an increase in computer processing speed and the volume of data on
the Internet that can be used in learning.
In machine learning, humans simply indicate where to focus on
(characteristic quantity) in subject data (images, audio, etc.), and it
becomes possible to import large volumes of information and make
correct decisions.
For example, if a human provides an instruction for where to focus on
in order to recognize a picture of a cat, it becomes possible to correctly
select pictures of cats by simply importing large volumes of data.
3 Deep learning
“Deep learning” refers to an AI technology that incorporates the
mechanisms of a neural network, and it is created as a technique for
machine learning.
In deep learning, digital data is entered in the input layer and passes
through several intermediate layers before a response is generated. The
deeper that the intermediate layers are, the more advanced classifications
and decisions are. The word “deep” in deep learning refers to this depth
in terms of layers.
Data output
Data input
Artificial neurons
23
A case study for this can be found in the research performed by Google
in 2012 where it imported a large volume of image data into AI, and then
the AI became able to correctly recognize images of cats. This meant
that Google’s AI had become able to recognize the pattern of a cat as an
image by itself without instructions from anyone.
24
The Field of Information Security
1 Information Security
“Information security” refers to the protection of information that is an
important asset of a company or an organization so that it is in a safe state.
As for information security, the mechanism by which fraudulent behavior
occurs, and the types of technical threats have been added to version 4.0
of the syllabus.
25
The following are the main contents that have been added to version 4.0
of the syllabus with regard to the types of technical threats.
Characteristic Description
RAT It is a generic term for a program that enables a remote
operation by stealing administrator privileges for which
all operations of a computer are allowed.
It is the abbreviation for “Remote Administration Tool.”
SPAM It is a large quantity of e-mail sent to a random large
number of users with the main purpose of promoting,
advertising, or committing a fraud. It is also called spam
mail or unsolicited mail.
Shadow IT It refers to the information devices (such as the PCs
and mobile devices privately owned by employees)
and external services used by employees for business
activities without obtaining the permission of the
company. Shadow IT increases the risk of infection by
malware, and the risk of information leakage, etc.
DDoS attack It refers to an attack that involves a DoS attack from Reference
26
2 Information Security Management
The following are the main contents that have been added to version 4.0
of the syllabus with regard to the management of information security.
27
The organizations and agencies related to information security are as
described below.
Name Description
Information security It is the top decision making body of information
committee security management in a company or an organization. Reference
The Chief Information Security Officer (CISO) sponsors CISO
the committee, and the top management and the head
“CISO” is the “Chief Information Security
of each department are present. In such a place, the
Officer,” and refers to the person at the
basic policies for the entire organization, such as the
information security policy, etc. are decided. position that is responsible for the
information security.
CSIRT It is a generic term for an organization that detects
security problems, and takes actions if a security
problem occurs. It is established in companies or
organizations, or in government agencies. The
incident management for security is performed
comprehensively, and efforts are made to prevent the
damage from expanding.
It is the abbreviation for “Computer Security Incident
Response Team.”
28
3 Information Security Measures and
Implementation Technology
The following are the main contents that have been added to version
4.0 of the syllabus with regard to the information security measures and
implementation techniques.
2 Cryptography
The following are the main cryptographic techniques that have been
added to version 4.0 of the syllabus.
29
(1) Hybrid cryptography
“Hybrid cryptography” is an encryption method in which symmetric
cryptography and public key cryptography are combined and used.
By combining the advantages of fast encryption and decryption speed
of symmetric cryptography, and easy key management of public key
cryptography, encryption and decryption can be performed by a more
practical method.
Sender Recipient
Forward
(i) (ii)
Encryption Decryption
Symmetric Symmetric
key key
Forward
Encryption Decryption
Plain Encrypted Encrypted Plain
text text Encrypted
text
text text
Same key
(i) B y using public key cryptography, the sender encrypts the symmetric
key with the public key of the receiving partner, and forwards it to the
recipient.
(ii) The recipient receives the encrypted symmetric key, and decrypts the
symmetric key by using his/her own private key.
(iii) The sender and the recipient can have the mutually same symmetric
key.
(iv) Communication that uses symmetric cryptography can be performed.
30
(2) Disk encryption and file encryption
The method of maintaining information security includes the techniques
of encrypting hard disks and encrypting files.
Technique Description
Disk encryption It is a technique of encrypting hard disk altogether. The theft
and loss of notebook PCs, and the leakage of information be-
cause of disposal of PCs without wiping out data has become
a large social problem, and one of the effective means of risk
reduction is using software that forcibly encrypts the hard
disks altogether instead of leaving it to the discretion of the
user.
File encryption It is a technique of encrypting each file separately as a unit.
An encryption tool is used to encrypt any number of files, and
the encryption function provided with the data files of office
software is used. Unlike disk encryption, the user identifies
and encrypts each file separately.
3 Authentication technique
Reference The “authentication technique” is a technique of verifying the
TSA appropriateness of data. By verifying that the relevant person has sent
“TSA” is a trusted third-party organization
the data and the fact that data has not been falsified, the integrity of
that issues time stamps. It is also called
the “time stamping authority.” exchange of information via the network is improved.
It is the abbreviation for “Time Stamping The following are the main authentication techniques that have been
Authority.” added to version 4.0 of the syllabus.
31
(1) Guidelines for the Prevention of Internal Improprieties in Organizations
The Guidelines for the Prevention of Internal Improprieties in
Organizations can be referenced as human security measures.
The “Guidelines for the Prevention of Internal Improprieties in
Organizations” have been published by the Information-technology
Promotion Agency (IPA) with the aim of enabling companies and
organizations to implement effective internal fraud measures. These
guidelines have the following five (5) basic principles where the concept of
situational crime prevention is applied to prevention of internal fraud.
Basic principle Description
Make crimes difficult Strengthen countermeasures to make criminal Reference
(make harder to activities difficult to conduct. Tamper resistance
attempt) “Tamper resistance” refers to resistance
Raise risks to be caught Strengthen management and monitoring to raise risks against reading or analysis of data from
(detected if committed) to be caught. outside.
Reduce rewards from Prevent crimes by hiding or removing targets, or
32
4 Laws on Security
The following are the main contents that have been added to version 4.0
of the syllabus with regard to laws on security.
・ New services and innovations are produced by utilizing the purchase history of a
point card and the ride history of a transportation IC card across all fields between
multiple business operators.
・ The overall quality of life of the citizens is improved through growth of the drug
discovery and clinical fields by using the medical information possessed by medical
institutions, and also provision of traffic congestion forecast information by using the
information of the traveling position history collected from the car navigation systems.
a) It can measure stretching and compression in an object when external force is applied.
b) It can measure the size of a revolutions when it occurs.
c) It can convert input in a form such as energy or a signal into physical or mechanical
movement.
d) It can detect brightness in the surrounding environment.
a) Automatically switching a smartphone’s display off when the smartphone is moved close
to the ear in order to make or receive a call
b) Measuring heartrate from the microscopic movements in the surface of a person’s body
c) Installing it under the mattress of a hospital patient’s bed and constantly monitoring the
status of a patient
d) In a network, only allowing communication via an approved TCP port number
36
Q5 Which of the following is the appropriate explanation of LPWA?
a) It is a next generation mobile communication system with the three (3) characteristics of
high speed/high capacity, low delay, and multiple connections.
b) It is a technology that enables power saving communication and is used in Bluetooth
from version 4.0 onward.
c) It is a collective term for wireless communication technologies that enable wide area
communication with low power consumption.
d) It is a system that provides of a range of services in real time through the embedding of
wireless communication and information systems in moving objects such as automobiles.
Q6 Which of the following is the most appropriate example of utilization of a high speed network
such as 5G?
a) A communication device that is installed in a vending machine sends sales data once per
day to a cloud service, and the seller views this data.
b) Digital water meters on remote islands send meter information that is received by a water
bureau.
c) Sensors are installed in various areas around a vast paddy field to measure the daily water
level, and a farmer uses these to perform centralized management for the water level of all
locations.
d) A doctor in a remote location operates a robot arm that performs surgery on an actual
patient in a remote operation.
Q7 The IoT Security Guidelines define five (5) principles. Which of the following is the appropriate
description concerning the relevant principle?
a) “Principle 2 Recognize IoT risks” concerns preparations against internal fraud and errors.
b) “ Principle 3 Consider a design that protects what needs to be protected” concerns
designs that ensure safety and security when a connection is established with an
unknown counterpart.
c) “Principle 4 Consider measures to be taken on the network” concerns consistency in
designs that achieve safety and security.
d) “Principle 5 Maintain a state of safety and security, and disseminate and share information”
concerns the introduction of authentication functions.
Q8 It is said that big data has the characteristics of the three (3) Vs. The three (3) Vs are volume,
variety, and velocity. Which of the following is the most appropriate as a benefit delivered by big
data analysis?
a) An increase in the accuracy of target data for analysis by processing a range of data
b) The discovery of patterns by processing very large amounts of data
c) An increase in the accuracy of predictions through the random extraction of subject data
d) The deriving of a cause and effect relationship through the gathering of data in real time
37
Q9 Among the classifications of big data, which of the following is “open data”?
a) Data from the digitalization and structuring of a company’s implicit knowledge (or know-
how)
b) Public information that is held by central and local government
c) Data exchanged between things connected to a network, such as equipment, mechanical
devices, and buildings
d) Personal information such as personal attributes, activity history and information gathered
from wearable devices
Q10 Which of the following is the most appropriate explanation of a method of utilization, a method
of analysis, or a point for attention during utilization of big data?
a) Examples of the utilization of industrial data include the provision of the availability status
of each seat at a public library so that users can check it.
b) The method for investigating things such as trends where two (2) seemingly unrelated
Q11 A method for software development is a “scrum.” Which of the following is the most appropriate
explanation of a “scrum”?
a) Development teams are unified as an organization, and for each period known as a sprint,
the scope of the program for development is decided and development is performed in
units of sprints.
b) The development period is divided into very short periods called iterations, and the
development cycle is performed in full for each iteration and functions are completed one
by one.
c) Test cases are described before program development, and the program is developed
with the aim of clearing these test cases.
d) In order to improve the quality of a program, two (2) programmers collaborate to develop
a program through activities such as swapping roles and checking each other’s work.
a) It calculates solutions as the result of inference on the basis of rules that express new
knowledge as a logical expression after a human presets a rule such as “if A then B .”
b) It is a method that imitates human neurons and is able to recognize things and replicate
other aspects of intelligence, and it incorporates a neural network in order to enable
recognition in the same way as humans.
c) I t uses algorithms for inference and search, and it is a suitable method for finding a
solution for games, puzzles, and other such things.
d) It is a technology that augments visual information by overlaying virtual images and
information on real images.
38
Q13 Which of the following is the most appropriate description concerning processing that uses
deep learning?
a) Automatic office cleaning robots can now detect the presence of walls by using a distance
sensor and move around while avoiding walls.
b) Agricultural chemical spraying drones can now reliably identify crop leaves with pests on
them from the air through the acquisition and processing of a large volume of images by
a system.
c) The heartrate and breathing rate of a hospital patient can now be measured automatically
by placing a bed leaving sensor under the patient’s bed.
d) The fuel efficiency of large buses has been improved by the installation of devices to
automatically prevent idling, and is now beyond the fuel efficiency achieved by highly
experienced drivers.
Q14 According to the theory of the Fraud Triangle, when fraudulent behavior occurs, three (3)
elements are aligned. Which of the following is the appropriate combination of the three (3)
elements?
a) Rewriting the domain information on a DNS server that is referenced by a PC, and leading
the user to a fake server
b) Making the user download a malicious program to the PC regardless of his/her intentions,
when the user is viewing a website
c) Entering a malicious script in an input field of a web page so as to download the data from
the database accessed by the web server in an unauthorized manner
d) Remotely operating the malware in the PC and encrypting the hard disk drives of the PC
altogether so that they cannot be used, and demanding money in exchange for returning
to the original state
39
Q17 Which of the following is the appropriate description concerning an activity of the cyber rescue
team (J-CRAT)?
a) The monitoring of the network and devices is performed 24 hours a day, and the detection
or analysis of a cyber attack or intrusion, and response or advice to each department are
performed.
b) A
ctions are taken against the information security incidents concerning one’s company or
customers to prevent the harm from expanding.
c) The information provided by organizations that have experienced a targeted attack is
analyzed, and to ensure that the society and industries are not majorly harmed, the harm
caused to the organization is reduced, and the chain of attack is prevented.
d) The information about cyber attacks is shared between participating organizations with a
focus on industries related to important infrastructures, and advanced cyber attacks are
prevented.
a) A
,B
b) A, C
c) B
,C
d) C
,D
a) As compared with public key cryptography, the speed of encryption of plain text and
decryption of encrypted text is fast.
b) B y combining multiple different symmetric cryptography methods, the processing
performance can be improved.
c) B
y combining multiple different public key cryptography methods, security can be increased.
d) By combining symmetric cryptography and public key cryptography, a balance can be
struck between processing performance and the cost of key management.
Q20 Which of the following is the appropriate law of punishing a person who has deleted the
memory contents of a computer being used in a company by introducing malware in the
computer?
40
Q21 Which of the following is the appropriate description concerning handling of anonymously-
processed information in the Act on the Protection of Personal Information?
a) If the names of persons included in the customer data of a travel company can be deleted,
there is no need of processing the passport number.
b) In order to exclude cases where individuals are identified, processing was performed by
stipulating a threshold value, and information indicating the age as “116 years” was
replaced by “90 years or above.”
ompany B that has acquired the anonymously processed information from Company A , a
c) C
data processing vendor, acquired the processing method used by Company A for a fee by
concluding a written non-disclosure agreement, in order to identify the original relevant
person.
d) When the anonymously processed information is provided to a third party, there is no
need of clarifying to the destination that the concerned information is anonymously
processed information.
Q22 Among the descriptions A through D below, which of the following is the list that contains the
entire special care-required personal information as per the Act on the Protection of Personal
Information?
a) A
b) A
,C
c) C
,D
d) B
, C, D
Q23 Company A stipulates the security measures on the basis of the “Cybersecurity Management
Guidelines” stipulated by the Ministry of Economy, Trade and Industry and IPA. In addition to the
security measures of Company A , which of the following is a security measure that requires
checking of the implementation status?
a) Security measures taken by the local community where the office of Company A is present
b) Security measures taken by the business partners and subcontractors of the supply chain
of Company A
c) Security measures taken by individuals who use the products and services of Company A
d) Security measures taken by the stock holders who have invested in Company A
41
Sample Questions Answers
and Explanations
・Because of the compactness, low cost, and high functionality of sensors that collect
information, it is now possible to attach sensors to all kinds of things.
・Because of the increased speed and capacity of communication lines, it is now easier to send
data that is gathered by sensors.
・Because of the lower prices and advanced functions of cloud services, it is now easier to
accumulate large volumes of gathered data, analyze it, and utilize it.
As a result of the IoT environment being established it is now possible to gather, store, and
analyze vast qualities of data from a wide range of things, and it has become possible to
produce high added value in all fields.
Q2 Answer c)
Explanation
Drone refers to a small, unmanned aircraft that can be controlled remotely. The origin of the name
drone is the drone bee, and drones were given this name as the sound they produce during flight is
similar to that produced by the wings of a drone bee. While drones were originally used for military
purposes, there are now many products on sale for civil and industrial use. In a broad sense, drones
can be classified as a general remote control vehicle, but an aspect that makes them different from
other general remote control vehicles is that they are equipped with cameras and a range of sensors.
There are also drones that are capable of autonomous flight by using these sensors.
In addition to the delivery of goods for daily life, methods of utilization for drones include the
spraying of agricultural chemicals, measurements from the air, crime investigations from the
air, and the surveying of disaster areas from the air.
As such, c) is the correct answer.
a): This is a method of utilization of a car navigation system that is equipped with the Global
Positioning System (GPS).
b): This is a method of utilization of a survey robot for disaster areas.
d): This is a method of utilization of a medical-use surgery robot that can be remotely
operated.
1
Q3 Answer b)
Explanation
A gyro sensor is a sensor that can measure the size of a revolution when it occurs, and its uses
include image stabilization in digital cameras and drift prevention in vehicles. Gyro sensors
can measure the angular rate that indicates the speed of revolution, and so are sometimes
called angular rate sensors.
Q4 Answer a)
Explanation
An infrared sensor is a sensor that converts infrared light into an electrical signal, and can
extract the required information. Infrared rays are emitted naturally by warm objects, and
because they are invisible to the naked eye, they are widely used in things from remote
controls for household appliances to crime prevention and security devices.
Infrared sensors are also used as sensors to measure distance (infrared distance sensors).
Infrared distance sensors emit infrared rays, and receive the reflected light by using
a component called a photosensitive element. When reflected light is received, the
photosensitive element determines which part of the element received the reflected light
and the device uses the position that infrared rays were emitted from and the position the
reflected light was received in order to calculate the distance to the object .
In smartphones, infrared sensors (infrared distance sensors) can be used to implement the
automatic switching off of a smartphone’s display when the smartphone is moved close to
the ear in order to make or receive a call.
b): This is an example of the utilization of a contactless heart rate measurement sensor.
c): This is an example of the utilization of a bed leaving sensor.
d): This is an example of the utilization of the packet filtering function of a firewall.
Q5 Answer c)
Explanation
Low Power Wide Area (LPWA) is a collective term for wireless communication technologies
that enable low power, wide area communication. In IoT, needs include installing many
sensors over a wide area and regularly gathering measurement information. In such cases,
while there is no problem if communication speed is low, the communication technology
required must be able to cover a wide area with low power consumption and low cost.
2
Q6 Answer d)
Explanation
Also known as the fifth-generation mobile communications system, 5G is a communication
standard for next generation communication for cell phones, smartphones, and other such
devices that the Ministry of Internal Affairs and Communications and private companies are
working to start commercial use of in 2020.
5G is a typical high speed network and it has the characteristics of being high speed/high
capacity, low delay, and multi-connection, but the cost increases proportionately. As such,
5G will be used for situations where real time communication with no delay is needed even
if cost is incurred. Furthermore, 5G is not only a high speed network, it also enables wide area
communication.
In a situation where a doctor in a remote location uses a robot arm that actually operates on a
person, a high speed network with a low delay is absolutely essential.
Therefore, d) is the correct answer.
a) b) c): hese are examples of situations where low speed and a certain level of delay can be
T
accepted, and so are examples of situations where LPWA can be utilized. Low Power
Wide Area (LPWA) is a collective term for wireless communication technologies that
enable low power, wide area communication. Network speed with LPWA is low, and
it is suitable for wide area communication.
Q7 Answer b)
Explanation
IoT Security Guidelines are guidelines concerning IoT security created by the IoT Acceleration
Consortium that the Ministry of Economy, Trade and Industry, and the Ministry of Internal
Affairs and Communications took the lead in establishing, and they are intended for everyone
who is involved in IoT systems, IoT equipment, and IoT services. They specify security
measures for the lifecycle (policy, analysis, design, implementation and connection, operation
and maintenance) in the provision of IoT systems, IoT equipment, and IoT services in the form
of five (5) principles and 21 key concepts. As well as stipulating “Create a design that ensures
safety and security even when a connection is established with an unknown counterpart”
(Key concept 11), “Principle 3 Consider a design that protects what needs to be protected”
stipulates “Create a design that protects individual elements and the whole” (Key concept 8),
“Create a design that does not inconvenience counterparts to whom you will connect” (Key
concept 9), “Ensure consistency in a design that achieves safety and security” (Key concept 10),
and “Conduct verification and evaluation to ensure the design achieves safety and security”
(Key concept 12).
a): “Be prepared against internal fraud and errors” (Key concept 2) is stipulated in “Principle 1
Define a basic policy that considers the essence of IoT.”
c): “Ensure consistency in a design that achieves safety and security” (Key concept 10) is
stipulated in “Principle 3 Consider a design that protects what needs to be protected.”
d): “Include an authentication function” (Key concept 16) is stipulated in “Principle 4 Consider
measures to be taken on the network.”
3
Q8 Answer b)
Explanation
Big data refers to a massive volume of complex data that cannot be handled with a
conventional database management system. Big data has the three (3) Vs, which are the
characteristics of volume (massive amount of data), variety (a range of data such as text,
images, and audio), and velocity (data gathered in real time).
The analysis of big data enables the discovery of patterns, such as phenomena that occur
simultaneously, by processing very massive amount of data.
a), c), d): These are not appropriate as benefits delivered by big data analysis.
Q9 Answer b)
Explanation
Big data refers to a massive volume of complex data that cannot be handled with a
conventional database management system. One approach to the classification of big data as
taken by the Ministry of Internal Affairs and Communications is to focus on the data generated
by the three (3) entities of individuals, companies, and the government, and classify it into the
four (4) types of “open data,” “digitalization of knowledge,” “M2M data,” and “personal data.”
“Open data” refers to the public information held by central and local government, and
disclosure of this is proceeding so that the data can be used by the public and private sectors.
Q10 Answer c)
Explanation
Big data refers to a massive volume of complex data that cannot be handled with a
conventional database management system.
Below are some points for attention and issues in the utilization of big data.
◦Clarify objectives
◦Prepare against the risk of data loss or theft
◦Consider privacy
◦Handle swift data processing
◦Acquire data scientists stably
In the utilization of big data, it is necessary to ensure the objectives are clear. The true
objective is not just to analyze big data, rather, it is to gain business knowledge from the
results of analysis and achieve business targets. It is always necessary to check whether
activities that are consistent with the objectives are being undertaken.
a): Enabling users to check the availability of seats at a public library is an example of the
utilization of open data.
b): The method for investigating things such as trends where two (2) seemingly unrelated
phenomena are prone to occurring together from accumulated data is association
analysis.
d): The technology for the analysis of a large volume of data in documents and the extraction
of beneficial information is text mining.
4
Q11 Answer a)
Explanation
Scrum takes its name from the scrum in the sport of rugby, and is a technique for agile
software development. It emphasizes organizational unity and functioning of the
development team. Agile software development is a method for the swift and efficient
development of a system.
A scrum is performed with a small number of people, with the maximum being around
nine (9). In each sprint period with a maximum length of around four (4) weeks, the scope
of the program to be developed is determined. Everything from development to review
and adjustment is performed in each sprint, and development is performed while constant
communication is maintained to check if there are any problems with the program status and
the way it is being taken forward. Another characteristic of a scrum is the way development is
performed while changes are flexibly being made to the priority order of user requirements.
Q12 Answer b)
Explanation
Deep learning refers to an AI technology that incorporates the mechanisms of a neural
network, and it is a technique for machine learning. Neural networks are artificial replications
of the mechanisms in a human brain. Machine learning refers to an AI technology that is
characterized by self-learning of AI where large volumes of data are imported into AI, and
then the AI itself discovers rules and relationships, categorizes the data and performs other
such actions.
In deep learning, digital data is entered in the input layer and passes through several
intermediate layers before a response is generated. The deeper that the intermediate
layers are, the more advanced classifications and decisions are. In deep learning, no human
instructions are required, and the AI itself identifies the relevant characteristic and becomes
able to make decisions and perform classification.
a): This is a description of an expert system, which gained attention in the second AI boom.
c): This is a description of a method that was researched in the first AI boom.
d): This is a description of augmented reality (AR).
5
Q13 Answer b)
Explanation
Deep learning refers to an AI technology that incorporates the mechanisms of a neural
network, and it is a technique for machine learning. Neural networks are artificial replications
of the mechanisms in a human brain. Machine learning refers to an AI technology that is
characterized by self-learning by AI where large volumes of data are imported into AI, and
then the AI itself discovers rules and relationships, categorizes the data and performs other
such actions.
Deep learning is characterized by the way that even with no instructions from humans, the AI
itself can identify the characteristics of a subject by simply importing large volumes of data,
and can make decisions and perform classifications.
In the identification of crop leaves that have pests on them, the presence of pests is
recognized by detecting an area of several millimeters with a different color on leaves that
have been eaten by pests. So by importing into AI a large volume of image data for leaves
that have been eaten by pests and leaves that have not been eaten by pests beforehand, the
AI becomes able to differentiate between the two.
As such, b) is the correct answer.
a), c), d): These are not processes that use deep learning.
Q14 Answer d)
Explanation
Fraud triangle refers to the investigation of actual criminals and the compilation of “what
kind of a mechanism works until a person performs fraudulent behavior” as a theory by an
American criminologist Mr. Cressey. According to this theory, fraudulent behavior occurs
when the three (3) elements of “opportunity,” “pressure,” and “rationalization” are aligned.
Element Description
Opportunity It refers to the existence of an environment that facilitates fraudulent behavior.
Pressure It refers to circumstances that are the main cause of occurrence of a fraud.
Rationalization It refers to selfish reasoning such as interpreting things in a convenient way and
passing the buck around to the others.
a): These are the three (3) elements of the security function that are set by the user of the
information system, and are also called AAA. Authentication refers to authentication to
the information system, Authorization refers to the allocation of the access permission,
and Accounting refers to recording of the access history.
b): These are the three (3) elements of 3C analysis. 3C analysis refers to the technique of
analyzing the 3Cs of one’s Company, Competitors, and Customers to find the important
elements for achieving the business objectives.
c): These are the three (3) elements that must be secured and maintained in order to achieve
the objectives of information security. Confidentiality means enabling only a person who
has been allowed access to access information, Integrity means ensuring that information
and its processing method are maintained in an accurate and complete state, and
Availability means enabling an authorized user to access information and related assets
when required.
6
Q15 Answer b)
Explanation
Drive by download refers to an attack in which a malicious program is automatically
downloaded without the realization of the user, simply by displaying a website.
Q16 Answer a)
Explanation
Shadow IT refers to the information devices (such as the PCs and mobile devices privately
owned by employees) and external services used by employees for business activities without
obtaining the permission of the company. Shadow IT increases the risk of infection by
malware, and the risk of information leakage, etc.
Q17 Answer c)
Explanation
Cyber rescue team (J-CRAT) is an organization that performs activities to support the
reduction of damage in an organization that has sought advice from it and breakage of the
chain of attack in order to prevent the damage caused by the targeted attack from expanding.
It is established in the Information-technology Promotion Agency (IPA).
A targeted attack is an attack targeting a specific user in a company or organization. By
posing as the relevant person, the trust of a specific user is won so as to exploit confidential
information and send a virus e-mail.
7
Q18 Answer c)
Explanation
Multi-factor authentication means performing authentication by using multiple different
techniques of user authentication rather than just a single factor. By using multiple techniques
of user authentication, security can be strengthened.
The techniques of user authentication include authentication based on knowledge (a
matching technique of identifying on the basis of information that can be known only by
the relevant person), authentication based on one’s belongings (a matching technique
of identifying on the basis of information recorded in the belongings of only the relevant
person), and authentication based on biological information (a matching technique of
identifying on the basis of characteristics of the biological information of the relevant person).
Because this is a two-factor authentication, an authentication performed by using two (2)
different techniques of user authentication may be selected.
Q19 Answer d)
Explanation
Hybrid cryptography is an encryption method in which symmetric cryptography and public
key cryptography are combined and used. By combining the advantages of fast encryption
and decryption speed of symmetric cryptography, and easy key management of public key
cryptography, encryption and decryption can be performed by a more practical method. As a
result, a balance can be struck between processing performance and the cost of key management.
According to hybrid cryptography, a symmetric key is encrypted by using public key
cryptography, and the encrypted symmetric key is sent to the recipient. If it is possible to have
the mutually same symmetric key, the plain text can be encrypted and encrypted text can be
decrypted by using symmetric cryptography.
Symmetric cryptography is a method of using the same key (symmetric key) for encryption
and decryption. Because it is not possible to prevent theft and falsification if the key is known
by a third person, the symmetric key must not be secretly shared.
Public key cryptography is a method of using different keys (private key and public key) for
encryption and decryption. A private key is owned by the person him/herself and must not
be disclosed to a third person. Because a public key is openly disclosed to a third person, it is
registered with a certificate authority (CA) and disclosed.
a): By using symmetric cryptography for encryption and decryption, the speed of encryption
of plain text and decryption of encrypted text is faster in the case of hybrid cryptography
8 as compared with public key cryptography.
b): Hybrid cryptography is not a combination of multiple different symmetric cryptography
methods.
c): Hybrid cryptography is not a combination of multiple different public key cryptography
methods.
Q20 Answer d)
Explanation
The act of introducing malware in a computer of a company and deleting the memory
contents of the computer is punishable under crime on electromagnetic records of
unauthorized commands (penalty on computer virus creation) of the Penal Code. According
to the penalty on computer virus creation, the act of creating, providing, supplying, acquiring,
and storing malware such as computer virus, etc. is prohibited.
The Penal Code is a law that stipulates the kind of actions that amount to a crime, and the
penalty that is applicable when a crime occurs.
Therefore, d) is the correct answer.
a): The Act on the Prohibition of Unauthorized Computer Access is an act for controlling
crimes by unauthorized access.
b): The Basic Act on Cybersecurity is an act that stipulates the basic policies concerning the
strategies and system of a country, and the measures, etc. to take in order to deal with the
threats of cyber attacks.
c): The Act on the Limitation of Liability for Damages of Specified Telecommunications
Service Providers and the Right to Demand Disclosure of Identification Information of the
Senders is an act that restricts the scope of responsibility of the provider for compensation
of damage (liability), and enables the person who has incurred damage to request for
the disclosure of the name and other details of the sender, when personal information
has been leaked or derogatory remarks have been posted on a web page that exists on a
rental server operated by a provider.
Q21 Answer b)
Explanation
The Act on the Protection of Personal Information is an act that aims at protecting the rights
and interests of an individual while taking into consideration the utility of personal information
by stipulating the obligations, etc. to be fulfilled by the business operator handling personal
information.
The personal information according to the Act on the Protection of Personal Information
refers to information that enables identification of a specific individual, such as the name of
the person, date of birth, address, etc. The occupation and income, information about the
family, health condition, etc. are also included in personal information.
The anonymously processed information according to the Act on the Protection of Personal
Information means information produced from processing personal information so as
not to be able to identify a specific individual, and also not be able to restore the personal
information. The objective of the anonymously processed information is to promote the
utilization and application of data including data transaction and data linkage between
business operators on the basis of fixed rules without the consent of the relevant person.
According to the guidelines pertaining to the Act on the Protection of Personal Information
(Anonymously Processed Information), generally speaking, descriptions about unusual facts
and descriptions that bring about a remarkable distinction from other individuals may lead
to identification of a specific individual, or recovery of the original personal information.
9
Therefore, at the time of creating anonymously processed information, peculiar descriptions,
etc. must either be deleted or replaced with other descriptions. For example, deleting a case
history that has an extremely small number of cases, or replacing information indicating the
age as “116 years” with “90 years or above” corresponds to this.
As such, b) is the correct answer.
Q22 Answer c)
Explanation
The Act on the Protection of Personal Information is an act that aims at protecting the rights
and interests of an individual while taking into consideration the utility of personal information
by stipulating the obligations, etc. to be fulfilled by the business operator handling personal
information.
The personal information according to the Act on the Protection of Personal Information
refers to information that enables identification of a specific individual, such as the name of
the person, date of birth, address, etc. The occupation and income, information about the
family, health condition, etc. are also included in personal information.
The special care-required personal information according to the Act on the Protection of
Personal Information is personal information that needs to be taken into consideration in
order to appropriately handle personal information that may result in disadvantages for the
relevant person, such as unfair discrimination or prejudice. Specifically, the race, creed, social
status, medical history, criminal record, fact of having suffered damage by a crime, or other
descriptions etc. correspond to the special care-required personal information.
A: The nationality does not correspond to special care-required personal information. Note
that the race corresponds to special care-required personal information.
B : Information about loaned books on religion does not correspond to special care-required
personal information. Note that the creed corresponds to special care-required personal
information.
C : Information such as medical records that a medical expert has come to know through
medical service corresponds to special care-required personal information.
D : Facts that have been investigated for a criminal investigation that hold the relevant
person as a suspect correspond to special care-required personal information.
10
Q23 Answer b)
Explanation
The Cybersecurity Management Guidelines are guidelines for promoting cybersecurity
measures under the leadership of managers for companies supplying systems, services, etc.
related to IT among large companies and medium to small companies (excluding small-scale
business operators), and also managers of companies for which IT utilization and application
is indispensable in the business strategy. These guidelines are created by the Ministry of
Economy, Trade and Industry together with the Information-technology Promotion Agency
(IPA). In the Cybersecurity Management Guidelines, from the viewpoint of protecting the
company from cyber attacks, the three (3) principles that the managers are required to
recognize, and the 10 important items that the managers must indicate to the responsible
executive employee (such as the CISO, etc.) who is the person responsible for implementing
the information security measures have been compiled together.
According to the three (3) principles that the managers are required to recognize,
comprehensive cybersecurity measures including the supply chain business partners and
subcontractors must be implemented rather than only cybersecurity measures of one’s own
company.
As such, b) is the correct answer.
11
Supplement for Syllabus Version 4.0 to
New IT Passport Examination
Preparation Book
First Edition: March, 2020
● All screenshots in this book are used with the permission of Microsoft.
● Microsoft, Access, Excel, Outlook, PowerPoint, Internet Explorer, Windows, Windows Vista, and MS-DOS are
trademarks or registered trademarks of Microsoft Corporation in the USA and in other countries.
● All other names, such as those of products and companies, are trademarks or registered trademarks of the
respective companies.
● TM and ® symbols are omitted from text in this book.
● The names of individuals, groups, and products as well as logos, contact details, e-mail addresses, locations, and
events that appear in texts are all fictional. There is no relation whatsoever to any actually existing entity.
● The structure and all chapters, programs, images, and data etc. in this textbook are protected under the Copyright Act.
Any act that violates the rights stipulated in the Copyright Act, such as copying/duplicating this textbook in part or in
full, by any means whatsoever is prohibited.
● Information-Technology Promotion Agency, Japan accepts no responsibility for any damage incurred either directly or
indirectly as a result of using this book, and shall under no circumstances pay any compensation whatsoever.
● The content of this book is subject to change without prior notification.
よくわかるマスター
ITパスポート試験 対策テキスト&過去問題集
2019年度版
シラバス Ver.4.0の新出項目
(ISBN978-4-86510-374-8)
Copyright © 2018 by FUJITU FOM LIMITED
Translation rights arranged with FUJITSU FOM LIMITED
English language editon copyright © 2020 INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN