分享到微信
信息安全工程师当天每日一练试题地址:www.cnitpm.com/exam/ExamDay.aspx?t1=6
往期信息安全工程师每日一练试题汇总:www.cnitpm.com/class/27/e6_1.html
信息安全工程师每日一练试题(2020/4/30)在线测试:www.cnitpm.com/exam/ExamDay.aspx?t1=6&day=2020/4/30
点击查看:更多信息安全工程师习题与指导
信息安全工程师每日一练试题内容(2020/4/30)
试题1: 以下关于“最小特权”安全管理原则理解正确的是:()
A.组织机构内的敏感岗位不能由一个人长期负责
B.对重要的工作进行分解,分配给不同人员完成
C.一个人有且仅有其执行岗位所足够的许可和权限
D.防止员工由一个岗位变动到另一个岗位,累积越来越多的权限
试题参考答案:C
试题2: Network security starts from( 1 )any user, most likely a username and a password. Once authenticated, a stateful firewall enforces ( 2 )such as what services are allowed to be accessed by network users. Though effective to prevent unauthorized access, this component fails to check potentially harm contents such as computer worms being transmitted over the network. An intrusion prevention system (IPS)helps detect and prevent such malware. ( 3 )also monitors suspicious network affic for contents, volume and anomalies to protect the network from attacks such as denial of service. Communication between two hosts using the network could be encrypted to maintain privacy. Individual events occurring on the network could be tracked for audit purposes and for a later high level analysis.
( 4 ), essentially decoy network-accessible resources, could be deployed in a network as surveillance and early-warning tools. Techniques used by the attackers that attempt to compromise these decoy resources are studied during and after an attack to keep an eye on new exploitation techniques. Such analysis could be used to further tighten security of the actual network ( 5 )by the honeypot.
(1)A. authenticating
B. Proofreading
C. checking
D. detecting
(2)A. Control Strategy
B. access permission
C. access policies
D. security strategy
(3)A. lPS
B.IDS
C. P2DR
D. P2DR2
(4)A. Botnet
B. Honeypots
C. Phishing
D. Demilitarized zone
(5)A. being destroyed
B. being attacked
C. being damaged
D. being protected
试题参考答案:A、C、A、B、D
试题3: uring the design of a business continuity plan, the business impact analysis (BIA) identifies critical processes and supporting applications. This will PRIMARILY influence the:
A、responsibility for maintaining the business continuity plan.
B、criteria for selecting a recovery site provider.
C、recovery strategy.
D、responsibilities of key personnel.
试题解析与讨论:www.cnitpm.com/st/2960329211.html
试题参考答案:C
试题4:
下面关于访问控制模型的说法不正确的是: ()
A、DAC模型中主体对它所属的对象和运行的程序有全部的控制权
B、DAC实现提供了一个基于“need-to-know”的访问授权的方法,默认拒绝任何人的访问。访问许可必须被显示地赋予访问者
C、在MAC这种模型里,管理员管理访问控制。管理员制定策略,策略定义了哪个主体能访问哪个对象。但用户可以改变它。
D、RBAC模型中管理员定义一系列角色(roles)并把它们赋予主体。系统进程和普通用户可能有不同的角色。设置对象为某个类型,主体具有相应的角色就可以访问它。
试题参考答案:C
试题5:
下列算法中属于非对称密码算法的是( )
A、 IDEA
B、 RSA
C、 DES
D、 3DES
试题参考答案:B
试题6: Which of the following is widely accepted as one of the critical components in networking management?
A、Configuration management
B、Topological mappings
C、Application of monitoring tools
D、Proxy server troubleshooting
试题解析与讨论:www.cnitpm.com/st/292291571.html
试题参考答案:A
试题7:
下面对于cookie的说法错误的是:()
A、cookie是一小段存储在浏览器端文本信息,web应用程序可以读取cookie包含的信息
B、cookie可以存储一些敏感的用户信息,从而造成一定的安全风险
C、通过cookie提交精妙构造的移动代码,绕过身份验证的攻击叫做cookie欺骗
D、防范cookie欺骗的一个有效方法是不使用cookie验证方法,而是用session验证方法
试题参考答案:C
试题8:
风险评估的过程中,首先要识别信息资产,资产识别时,以下哪个不是需要遵循的原则?()
A. 只识别与业务及信息系统有关的信息资产,分类识别
B.所有公司资产都要识别
C. 可以从业务流程出发,识别各个环节和阶段所需要以及所产出的关键资产
D. 资产识别务必明确责任人、保管者和用户
试题参考答案:B
试题9:
试题参考答案:B
试题10: To gain an understanding of the effectiveness of an organization's planning and management of investments in IT assets, an IS auditor should review the:
A、enterprise data model.
B、IT balanced scorecard (BSC).
C、IT organizational structure.
D、historical financial statements.
试题解析与讨论:www.cnitpm.com/st/2966222785.html
试题参考答案:B
扫码关注公众号
温馨提示:因考试政策、内容不断变化与调整,信管网网站提供的以上信息仅供参考,如有异议,请以权威部门公布的内容为准!
信管网致力于为广大信管从业人员、爱好者、大学生提供专业、高质量的课程和服务,解决其考试证书、技能提升和就业的需求。
信管网软考课程由信管网依托10年专业软考教研倾力打造,官方教材参编作者和资深讲师坐镇,通过深研历年考试出题规律与考试大纲,深挖核心知识与高频考点,为学员考试保驾护航。面授、直播&录播,多种班型灵活学习,满足不同学员考证需求,降低课程学习难度,使学习效果事半功倍。
相关内容
| 发表评论 查看完整评论 | |
考试新手指南
学习计划攻略
精华备考资料
案例论文干货
章节模拟试题
免费试听课程
考试信息推送