信息安全工程师当天每日一练试题地址:http://www.cnitpm.com/exam/ExamDay.aspx?t1=6
往期信息安全工程师每日一练试题汇总:http://www.cnitpm.com/class27-6-1.aspx
信息安全工程师每日一练试题(2017/6/1)在线测试:http://www.cnitpm.com/exam/ExamDay.aspx?t1=6&day=2017/6/1
信息安全工程师每日一练试题内容(2017/6/1)
试题
1:
根据统计显示,80%的网络攻击源于内部网络,因此,必须加强对内部网络的安全控制和防范。下面的措施中,无助于提高同一局域网内安全性的措施是( )。
A. 使用防病毒软件
B. 使用日志审计系统
C. 使用入侵检测系统
D. 使用防火墙防止内部攻击
试题解析与讨论:
http://www.cnitpm.com/st/7627.html试题参考答案:D
试题
2:
基于角色的访问控制中,角色定义、角色成员的增减、角色分配都是由( )实施的,用户只能被动接受授权规定,不能自主地决定,用户也不能自主地将访问权限传给他人,这是一种非自主型访问控制。
A.CSO
B.安全管理员
C.稽查员或审计员
D.应用系统的管理员
试题解析与讨论:
http://www.cnitpm.com/st/23180.html试题参考答案:D
试题
3: 为了系统地、-完整地构建信息系统的安全体系框架,信息系统安全体系应当由()共同构建。
A. .技术体系、组织机构体系和管理体系
B.硬件、软件、安全产品和管理制度
C.技术框架、产品、管理制度和标准
D.用户需求、建设内容、运维管理
试题解析与讨论:
http://www.cnitpm.com/st/1897118507.html试题参考答案:A
试题
4: 驻留在多个网络设备上的程序在短时间内同时产生大量的请求消息冲击某 Web 服务器,导致该服务器不堪重负,无法正常响应其他用户的请求,这属于() 。
A、网上冲浪
B、中间人攻击
C、DDos 攻击
D、MAC 攻击
试题解析与讨论:
http://www.cnitpm.com/st/1900314092.html试题参考答案:C
试题
5: 我国的国家秘密分为几级?()
A、3
B、4
C、5
D、6
试题解析与讨论:
http://www.cnitpm.com/st/2221425959.html试题参考答案:A
试题
6:
以下哪个拒绝服务攻击方式不是流量型拒绝服务攻击()
A.Land
B.UDP Flood
C.Smurf
D.teardrop
试题解析与讨论:
http://www.cnitpm.com/st/2570616337.html试题参考答案:D
试题
7:
规范的实施流程和文档管理,是信息安全风险评估能否取得成功的重要基础。某单位在实施风险评估时,形成了《待评估信息系统相关设备及资产清单》。在风险评估实施的各个阶段中,该《待评估信息系统相关设备及资产清单》应是如下( )中的输出结果。
A.风险评估准备
B.风险要素识别
C.风险分析
D.风险结果判定
试题解析与讨论:
http://www.cnitpm.com/st/2573912391.html试题参考答案:B
试题
8:
下面对能力成熟度模型解释最准确的是:()
A、它认为组织的能力依赖于严格定义、管理完善、可测可控的有效业务过程
B、它通过严格考察工程成果来判断工程能力
C、它与统计过程控制理论的出发点不同,所以应用于不同领域
D、它是随着信息安全的发展而诞生的重要概念
试题解析与讨论:
http://www.cnitpm.com/st/269961075.html试题参考答案:A
试题
9:
某系统被攻击者入侵,初步怀疑为管理员存在弱口令,攻击者从远程终端以管理员身份登录进行系统进行了相应的破坏,验证此事应查看:()
A.系统日志
B.应用程序日志
C.安全日志
D.IIS日志
试题解析与讨论:
http://www.cnitpm.com/st/270922165.html试题参考答案:C
试题
10:
在 Windows 2000中可以察看开放端口情况的是:()
A.nbtstat
B. net
C. net show
D.netstat
试题解析与讨论:
http://www.cnitpm.com/st/2720628945.html试题参考答案:D
试题
11: Which of the following should be a concern to an IS auditor reviewing a wireless network?
A、128-bit static-key WEP (Wired Equivalent Privacy) encryption is enabled.
B、SSID (Service Set IDentifier) broadcasting has been enabled.
C、Antivirus software has been installed in all wireless clients.
D、MAC (Media Access Control) access control filtering has been deployed.
试题解析与讨论:
http://www.cnitpm.com/st/293035464.html试题参考答案:B
试题
12: When reviewing an intrusion detection system (IDS), an IS auditor should be MOST concerned about which of the following?
A、Number of nonthreatening events identified as threatening
B、Attacks not being identified by the system
C、Reports/logs being produced by an automated tool
D、Legitimate traffic being blocked by the system
试题解析与讨论:
http://www.cnitpm.com/st/293581148.html试题参考答案:B
试题
13: In the course of performing a risk analysis, an IS auditor has identified threats and potential impacts. Next, the IS auditor should:
A、identify and assess the risk assessment process used by management.
B、identify information assets and the underlying systems.
C、disclose the threats and impacts to management.
D、identify and evaluate the existing controls.
试题解析与讨论:
http://www.cnitpm.com/st/2951027327.html试题参考答案:D
试题
14: Overall business risk for a particular threat can be expressed as:
A、a product of the probability and magnitude of the impact if a threat successfully exploits a vulnerability.
B、the magnitude of the impact should a threat source successfully exploit the vulnerability.
C、the likelihood of a given threat source exploiting a given vulnerability.
D、the collective judgment of the risk assessment team.
试题解析与讨论:
http://www.cnitpm.com/st/2956519321.html试题参考答案:A
试题
15: An IS auditor recommends that an initial validation control be programmed into a credit card transaction capture application. The initial validation process would MOST likely:
A、check to ensure that the type of transaction is valid for the card type.
B、verify the format of the number entered then locate it on the database.
C、ensure that the transaction entered is within the cardholder's credit limit.
D、confirm that the card is not shown as lost or stolen on the master file.
试题解析与讨论:
http://www.cnitpm.com/st/2959318950.html试题参考答案:B
试题
16: When planning to add personnel to tasks imposing time constraints on the duration of a project, which of the following should be revalidated FIRST ?
A、The project budget
B、The critical path for the project
C、The length of the remaining tasks
D、The personnel assigned to other tasks
试题解析与讨论:
http://www.cnitpm.com/st/296956310.html试题参考答案:B
试题
17: Which of the following acts as a decoy to detect active Internet attacks?
A、Honeypots
B、Firewalls
C、Trapdoors
D、Traffic analysis
试题解析与讨论:
http://www.cnitpm.com/st/2970510908.html试题参考答案:A
试题
18: When reviewing a hardware maintenance program, an IS auditor should assess whether:
A、the schedule of all unplanned maintenance is maintained.
B、it is in line with historical trends.
C、it has been approved by the IS steering committee.
D、the program is validated against vendor specifications.
试题解析与讨论:
http://www.cnitpm.com/st/2984120081.html试题参考答案:D
试题
19: 信息系统审计师回顾组织的风险估价流程时应首先:()
A、鉴别对于信息资产威胁的合理性
B、分析技术和组织弱点
C、鉴别并对信息资产进行分级
D、对潜在的安全漏洞效果进行评价
试题解析与讨论:
http://www.cnitpm.com/st/3013524342.html试题参考答案:C
试题
20: 一个是审计师在检查电信公司提供网际网路连线服务,商场为他们的无线客户。该公司使用的无线传输层安全性( WTLS的)和安全套接字层( SSL )技术,保护其客户的付款信息。该审计师最关心的是黑客:()
A.考虑无线应用协议( WAP )网关安全。
B.在服务器前安装流量监控工具
C.偷盗客户的PDA设备
D.监听无线数据传输
试题解析与讨论:
http://www.cnitpm.com/st/302027560.html试题参考答案:A