信息安全工程师当天每日一练试题地址:http://www.cnitpm.com/exam/ExamDay.aspx?t1=6
往期信息安全工程师每日一练试题汇总:http://www.cnitpm.com/class27-6-1.aspx
信息安全工程师每日一练试题(2017/3/2)在线测试:http://www.cnitpm.com/exam/ExamDay.aspx?t1=6&day=2017/3/2
信息安全工程师每日一练试题内容(2017/3/2)
试题
1:
设数据码字为10010011,采用海明码进行校验,则必须加入 ( ) 比特冗余位才能纠正一位错。
A、2
B、3
C、4
D、5
试题解析与讨论:
http://www.cnitpm.com/st/89433079.html试题参考答案:C
试题
2:
以下关于软件安全测试说法正确的是?()
A.软件安全测试就是黑盒测试。
B.Fuzz测试是经常采用的安全测试方法之一。
C.软件安全测试关注的是软件的功能。
D.软件安全测试可以发现软件中产生的所有安全问题。
试题解析与讨论:
http://www.cnitpm.com/st/2635819514.html试题参考答案:B
试题
3: To minimize costs and improve service levels an outsourcer should seek which of the following contract clauses?
A、O/S and hardware refresh frequencies
B、Gain-sharing performance bonuses
C、Penalties for noncompliance
D、Charges tied to variable cost metrics
试题解析与讨论:
http://www.cnitpm.com/st/29312464.html试题参考答案:B
试题
4: Which of the following audit techniques would BEST aid an auditor in determining whether there have been unauthorized program changes since the last authorized program update?
A、Test data run
B、Code review
C、Automated code comparison
D、Review of code migration procedures
试题解析与讨论:
http://www.cnitpm.com/st/295612358.html试题参考答案:C
试题
5: The MOST important reason for an IS auditor to obtain sufficient and appropriate audit evidence is to:
A、comply with regulatory requirements.
B、provide a basis for drawing reasonable conclusions.
C、ensure complete audit coverage.
D、perform the audit according to the defined scope.
试题解析与讨论:
http://www.cnitpm.com/st/296847506.html试题参考答案:B
试题
6: Sign-on procedures include the creation of a unique user ID and password. However, an IS auditor discovers that in many cases the username and password are the same. The BEST control to mitigate this risk is to:
A、change the company's security policy.
B、educate users about the risk of weak passwords.
C、build in validations to prevent this during user creation and password change.
D、require a periodic review of matching user ID and passwords for detection and correction.
试题解析与讨论:
http://www.cnitpm.com/st/2972414141.html试题参考答案:C
试题
7: Which of the following attacks targets the Secure Sockets Layer (SSL)?
A、Man-in-the middle
B、Dictionary
C、Password sniffing
D、Phishing
试题解析与讨论:
http://www.cnitpm.com/st/2975123758.html试题参考答案:A
试题
8: IS审计师在为公司考虑其外包计算机系统业务需要复核并检查每个供应商的业务连续性计划是否合适?()
A、是的, 因为IS审计师会评估服务商计划的充分性并且协助他们的公司实施一项补充计划.
B、是的, 因为基于计划, 系统审计师会评估服务尚的财务状况及其履行合同的能力
C、不, 因为提供的备份已在合同中充分说明.
D、不,因为服务商的业务连续性计划是专有信息 .
试题解析与讨论:
http://www.cnitpm.com/st/2994210057.html试题参考答案:A
试题
9: 从终端发现未授权输入的信息最好是由()提供
A.控制台日志输出
B.事务处理日志
C.自动化的不确定文件清单
D.用户错误报告
试题解析与讨论:
http://www.cnitpm.com/st/302178788.html试题参考答案:B
试题
10: 下面哪个是在决策支持系统中的实施风险?()
A.管理控制
B.半结构化的维度
C.没办法定义目标和使用模式
D.决策过程的变更
试题解析与讨论:
http://www.cnitpm.com/st/30268208.html试题参考答案:C