信息安全工程师当天每日一练试题地址:www.cnitpm.com/exam/ExamDay.aspx?t1=6
往期信息安全工程师每日一练试题汇总:www.cnitpm.com/class/27/e6_1.html
信息安全工程师每日一练试题(2020/6/11)在线测试:www.cnitpm.com/exam/ExamDay.aspx?t1=6&day=2020/6/11
点击查看:更多信息安全工程师习题与指导
信息安全工程师每日一练试题内容(2020/6/11)
试题
1: In what way is a common gateway interface (CGI) MOST often used on a web server?
A、Consistent way for transferring data to the application program and back to the user
B、Computer graphics imaging method for movies and TV
C、Graphic user interface for web design
D、Interface to access the private gateway domain
试题解析与讨论:
www.cnitpm.com/st/2939017838.html试题参考答案:A
试题
2: During the review of a web-based software development project, an IS auditor realizes that coding standards are not enforced and code reviews are rarely carried out. This will MOST likely increase the likelihood of a successful:
A、buffer overflow.
B、brute force attack.
C、distributed denial-of-service attack.
D、war dialing attack.
试题解析与讨论:
www.cnitpm.com/st/2920117383.html试题参考答案:A
试题
3: When evaluating the controls of an EDI application, an IS auditor should PRIMARILY be concerned with the risk of:
A、excessive transaction turnaround time.
B、application interface failure.
C、improper transaction authorization.
D、nonvalidated batch totals.
试题解析与讨论:
www.cnitpm.com/st/2950622030.html试题参考答案:C
试题
4: 以下关于公钥基础设施(PKI)的说法中,正确的是()
A. PKI可以解决公钥可信性问题
B. PKI不能解决公钥可信性问题
C. PKI只能有政府来建立
D.PKI不提供数字证书查询服务
试题解析与讨论:
www.cnitpm.com/st/3274120315.html试题参考答案:A
试题
5:
以下哪一项不是IIS服务器支持的访问控制过滤类型?()
A、网络地址访问控制
B、web服务器许可
C、NTFS许可
D、异常行为过滤
试题解析与讨论:
www.cnitpm.com/st/2655029533.html试题参考答案:D
试题
6: An IS auditor has been assigned to review IT structures and activities recently outsourced to various providers. Which of the following should the IS auditor determine FIRST ?
A、That an audit clause is present in all contracts
B、That the SLA of each contract is substantiated by appropriate KPIs
C、That the contractual warranties of the providers support the business needs of the organization
D、That at contract termination, support is guaranteed by each outsourcer for new outsourcers
试题解析与讨论:
www.cnitpm.com/st/2975519032.html试题参考答案:C
试题
7:
传统密码学的理论基础是()
A、 数学
B、 物理学
C、 计算机学科
D、 力学
试题解析与讨论:
www.cnitpm.com/st/2671626126.html试题参考答案:A
试题
8: Which of the following types of data validation editing checks is used to determine if a field contains data, and not zeros or blanks?
A、Check digit
B、Existence check
C、Completeness check
D、Reasonableness check
试题解析与讨论:
www.cnitpm.com/st/2976520772.html试题参考答案:C
试题
9:
下列关于信息系统生命周期中实施阶段所涉及主要安全需求描述错误的是:()
A.确保采购定制的设备、软件和其他系统组件满足已定义的安全要求
B.确保整个系统已按照领导要求进行了部署和配置
C.确保系统使用人员已具备使用系统安全功能和安全特性的能力
D.确保信息系统的使用已得到授权
试题解析与讨论:
www.cnitpm.com/st/2753619114.html试题参考答案:B
试题
10: After reviewing its business processes, a large organization is deploying a new web application based on a VoIP technology. Which of the following is the MOST appropriate approach for implementing access control that will facilitate security management of the VoIP web application?
A、Fine-grained access control
B、Role-based access control (RBAC)
C、Access control lists
D、Network/service access control
试题解析与讨论:
www.cnitpm.com/st/293467653.html试题参考答案:B