信息安全工程师当天每日一练试题地址：www.cnitpm.com/exam/ExamDay.aspx?t1=6

往期信息安全工程师每日一练试题汇总：www.cnitpm.com/class/27/e6_1.html

信息安全工程师每日一练试题（2020/4/27）在线测试：www.cnitpm.com/exam/ExamDay.aspx?t1=6&day=2020/4/27

点击查看：更多信息安全工程师习题与指导

信息安全工程师每日一练试题内容（2020/4/27）

试题1： An IS auditor is told by IS management that the organization has recently reached the highest level of the software capability maturity model (CMM). The software quality process MOST recently added by the organization is: 
A、continuous improvement. 
B、quantitative quality goals. 
C、a documented process. 
D、a process tailored to specific projects. 
试题解析与讨论：www.cnitpm.com/st/2952327373.html
试题参考答案：A

试题2： In an audit of an inventory application, which approach would provide the BEST evidence that purchase orders are valid? 
A、Testing whether inappropriate personnel can change application parameters 
B、Tracing purchase orders to a computer listing 
C、Comparing receiving reports to purchase order details 
D、Reviewing the application documentation 
试题解析与讨论：www.cnitpm.com/st/2947723473.html
试题参考答案：A

试题3： An IS auditor reviewing an accounts payable system discovers that audit logs are not being reviewed. When this issue is raised with management the response is that additional controls are not necessary because effective system access controls are in place. The BEST response the auditor can make is to: 
A、review the integrity of system access controls. 
B、accept management's statement that effective access controls are in place. 
C、stress the importance of having a system control framework in place. 
D、review the background checks of the accounts payable staff. 
试题解析与讨论：www.cnitpm.com/st/2949127830.html
试题参考答案：C

试题4： In a relational database with referential integrity, the use of which of the following keys would prevent deletion of a row from a customer table as long as the customer number of that row is stored with live orders on the orders table? 
A、Foreign key 
B、Primary key 
C、Secondary key 
D、Public key 
试题解析与讨论：www.cnitpm.com/st/292958871.html
试题参考答案：A

试题5：

下列哪一种防病毒软件的实施策略在内部公司网络中是最有效的：（）
A.   服务器防毒软件
B.病毒墙
C. 工作站防病毒软件
D. 病毒库及时更新

试题解析与讨论：www.cnitpm.com/st/2587722546.html
试题参考答案：D

试题6： Which of the following encrypt/decrypt steps provides the GREATEST assurance of achieving confidentiality, message integrity and nonrepudiation by either sender or recipient? 
A、The recipient uses their private key to decrypt the secret key. 
B、The encrypted prehash code and the message are encrypted using a secret key. 
C、The encrypted prehash code is derived mathematically from the message to be sent. 
D、The recipient uses the sender's public key, verified with a certificate authority, to decrypt the prehash code. 
试题解析与讨论：www.cnitpm.com/st/2916715262.html
试题参考答案：D

试题7：

数字签名最常见的实现方法是建立在（）的组合基础之上
A、公钥密码体制和对称密码体制
B、对称密码体制和MD5摘要算法
C、公钥密码体制和单向安全散列函数算法
D、公证系统和MD4摘要算法

试题解析与讨论：www.cnitpm.com/st/2845924106.html
试题参考答案：C

试题8： An IS auditor is performing a network security review of a telecom company that provides Internet connection services to shopping malls for their wireless customers. The company uses Wireless Transport Layer Security (WTLS) and Secure Sockets Layer (SSL) technology for protecting their customer's payment information. The IS auditor should be MOST concerned if a hacker: 
A、compromises the Wireless Application Protocol (WAP) gateway. 
B、installs a sniffing program in front of the server. 
C、steals a customer's PDA. 
D、listens to the wireless transmission. 
试题解析与讨论：www.cnitpm.com/st/2949620302.html
试题参考答案：A

试题9：

传输控制协议(TCP)是传输层协议，以下关于TCP 协议的说法，哪个是正确的?（）
A．相比传输层的另外一个协议UDP，TCP 既提供传输可靠性，还同时具有更高的效率，因此具有广泛的用途
B．TCP 协议包头中包含了源IP 地址和目的IP 地址，因此TCP 协议负责将数据传送到正确的主机
C．TCP 协议具有流量控制、数据校验、超时重发、接收确认等机制，因此TCP 协议能完全替代IP 协议
D．TCP 协议虽然高可靠，但是相比UDP 协议机制过于复杂，传输效率要比UDP 低

试题解析与讨论：www.cnitpm.com/st/257072101.html
试题参考答案：D

试题10：

当备份一个应用程序系统的数据时，以下哪一项是应该首先考虑的关键性问题?（）
A、什么时候进行备份?
B、在哪里进行备份?
C、怎样存储备份?
D、需要各份哪些数据?

试题解析与讨论：www.cnitpm.com/st/2699429730.html
试题参考答案：D