信息安全工程师当天每日一练试题地址：www.cnitpm.com/exam/ExamDay.aspx?t1=6

往期信息安全工程师每日一练试题汇总：www.cnitpm.com/class/27/e6_1.html

信息安全工程师每日一练试题（2021/12/10）在线测试：www.cnitpm.com/exam/ExamDay.aspx?t1=6&day=2021/12/10

点击查看：更多信息安全工程师习题与指导

信息安全工程师每日一练试题内容（2021/12/10）

试题1：

在访问因特网时，为了防止Web页面中恶意代码对自己计算机的损害，可以采取的防范措施是（）
A、将要访问的Web站点按其可信度分配到浏览器的不同安全区域
B、在浏览器中安装数字证书
C、利用IP安全协议访问Web站点
D、利用SSL访问Web站点

试题解析与讨论：www.cnitpm.com/st/2846515273.html
试题参考答案：A

试题2： 按照密码系统对明文的处理方法,密码系统可以分为（  ）。
A.对称密码系统和公钥密码系统
B.对称密码系统和非对称密码系统
C.数据加密系统和数字签名系统
D.分组密码系统和序列密码系统
试题解析与讨论：www.cnitpm.com/st/3893815370.html
试题参考答案：D

试题3： 我国制定的关于无线局域网安全的强制标准是（）
A.IEEE 802.11
B. WPA
C. WAPI
D. WEP
试题解析与讨论：www.cnitpm.com/st/327138354.html
试题参考答案：C

试题4： The modern study of symmetric-key ciphers relates mainly to the study of block ciphers and stream ciphers and to their applications. A block cipher is, in a sense, a modern embodiment of Alberti's polyalphabetic cipher: block ciphers take as input a block of （71 ）and a key, and output a block of ciphertext of the same size. Since messages are almost always longer than a single block, some method of knitting together successive blocks is required. Several have been developed, some with better security in one aspect or another than others. They are the mode of operations and must be carefully considered when using a block cipher in a cryptosystem.
The Data Encryption Standard (DES) and the Advanced Encryption Standard (AES) are( 72 )designs which have been designated cryptography standards by the US government (though DES's designation was finally withdrawn after the AES was adopted). Despite its deprecation as an official standard, DES (especially its still-approved and much more secure triple-DES variant) remains quite popular; it is used across a wide range of applications, from ATM encryption to e-mail privacy and secure remote access. Many other block ciphers have been designed and released, with considerable variation in quality. Many have been thoroughly broken. See Category: Block ciphers.
Stream ciphers, in contrast to the ‘block’type, create an arbitrarily long stream of key material, which is combined ( 73 )the plaintext bit-by-bit or character-by-character, somewhat like the one-time pad. In a stream cipher, the output( 74 )is created based on an internal state which changes as the cipher operates. That state change is controlled by the key, and, in some stream ciphers, by the plaintext stream as well. RC4 is an example of a well-known, and widely used, stream cipher; see Category: Stream ciphers.
Cryptographic hash functions (often called message digest functions) do not necessarily use keys, but are a related and important class of cryptographic algorithms. They take input data (often an entire message), and output a short fixed length hash, and do so as a one-way function. For good ones, ( 75 ) (two plaintexts which produce the same hash) are extremely difficult to find.
Message authentication codes (MACs) are much like cryptographic hash functions, except that a secret key is used to authenticate the hash value on receipt. These block an attack against plain hash functions.
（71）
A.plaintext
B.ciphertext
C.data
D.hash
（72）
A.stream cipher
B.hash function
C.Message authentication code
D.Block cipher
（73）
A.of
B.for
C.with
D.in
（74）
A.hash
B.stream
C.ciphertext
D.plaintext
（75）
A.collisions
B.image
C.preimage
D.solution
试题解析与讨论：www.cnitpm.com/st/4115223167.html
试题参考答案：A、D、C、B、A

试题5： 研究密码破译的科学称为密码分析学。密码分析学中，根据密码分析者可利用的数据资源，可将攻击密码的类型分为四种，其中适于攻击公开密钥密码体制，特别是攻击其数字签名的是 （  ）。
A、仅知密文攻击
B、已知明文攻击
C、选择密文攻击
D、选择明文攻击
试题解析与讨论：www.cnitpm.com/st/410878655.html
试题参考答案：C

试题6：

入侵检测系统放置在防火墙内部所带来的好处是（）
A、减少对防火墙的攻击
B、降低入侵检测
C、增加对低层次攻击的检测
D、增加检测能力和检测范围

试题解析与讨论：www.cnitpm.com/st/2849616173.html
试题参考答案：B

试题7： 有线等效保密协议WEP采用RC4流密码技术实现保密性，标准的64位标准流WEP用的密钥和初始向量长度分别是（）
A.32位和32位
B.48位和16位
C.56位和8位
D.40位和24位试题解析与讨论：www.cnitpm.com/st/3272321085.html
试题参考答案：D

试题8： 特洛伊木马攻击的威胁类型属于（  ）。
A.旁路控制威胁
B.网络欺骗
C.植入威胁
D.授权侵犯威胁
试题解析与讨论：www.cnitpm.com/st/3896122725.html
试题参考答案：C

试题9： 属于第二层的VPN隧道协议是（）。
A.IPSec
B.PPTP
C.GRE
D.IPv4
试题解析与讨论：www.cnitpm.com/st/3274424726.html
试题参考答案：B

试题10： PKI是一种标准的公钥密码密钥管理平台。在PKI中，认证中心CA是整个PKI体系中各方都承认的一个值得信赖的、公正的第三方机构。CA的功能不包括（  ）。
A.证书的颁发
B.证书的审批
C.证书的加密
D.证书的备份
试题解析与讨论：www.cnitpm.com/st/4111223436.html
试题参考答案：C