信息安全工程师当天每日一练试题地址:http://www.cnitpm.com/exam/ExamDay.aspx?t1=6
往期信息安全工程师每日一练试题汇总:http://www.cnitpm.com/class27-6-1.aspx
信息安全工程师每日一练试题(2017/12/1)在线测试:http://www.cnitpm.com/exam/ExamDay.aspx?t1=6&day=2017/12/1
信息安全工程师每日一练试题内容(2017/12/1)
试题
1: 以下关于风险管理的描述不正确的是?()
A.风险的四种控制方法有:减低风险/转嫁风险/规避风险/接受风险
B.信息安全风险管理是否成功在于发现是否切实被消除了
C.组织应依据信息安全方针和组织要求的安全保证程度来确定需要管理的信息安全
D.信息安全风险管理是基于可接受的成本,对影响信息系统的安全风险进行识别多少或消除的过程。
试题解析与讨论:
http://www.cnitpm.com/st/2174225363.html试题参考答案:B
试题
2: MySQL -h host -u user -p password命令的含义如下,哪些事正确的?()
A、-h后为host为对方主机名或IP地址
B、-u后为数据库用户名
C、-p后为密码
D、以上都对
试题解析与讨论:
http://www.cnitpm.com/st/2242411369.html试题参考答案:D
试题
3:
IS0 7498-2标准规定的五大安全服务是 ()。
A.鉴别服务、数字证书、数据完整性、数据保密性、抗抵赖性
B.鉴别服务、访问控制、数据完整性、数据保密性、抗抵赖性
C.鉴别服务、访问控制、数据完整性、数据保密性、计费服务
D.鉴别服务、数字证书、数据完整性、数据保密性、计费服务
试题解析与讨论:
http://www.cnitpm.com/st/230691129.html试题参考答案:B
试题
4:
()不是蠕虫病毒。
A.熊猫烧香
B.红色代码
C.冰河
D.爱虫病毒
试题解析与讨论:
http://www.cnitpm.com/st/250217561.html试题参考答案:C
试题
5:
下面选项属于社会工程学攻击选项的是( )?
A、 逻辑炸弹
B、 木马
C、 包重放
D、 网络钓鱼
试题解析与讨论:
http://www.cnitpm.com/st/2673915739.html试题参考答案:D
试题
6:
未授权的实体得到了数据的访问权,这属于对安全的()
A、机密性
B、完整性
C、合法性
D、可用性
试题解析与讨论:
http://www.cnitpm.com/st/2845724103.html试题参考答案:A
试题
7:
数字信封技术能够()
A、对发送者和接收者的身份进行认证
B、保证数据在传输过程中的安全性
C、防止交易中的抵赖发生
D、隐藏发送者的身份
试题解析与讨论:
http://www.cnitpm.com/st/2847726326.html试题参考答案:B
试题
8:
安全电子交易协议SET是有VISA和MasterCard两大信用卡组织联合开发的电子商务安全协议。以下关于SET的叙述中,正确的是()
A、SET是一种基于流密码的协议
B、SET不需要可信的第三方认证中心的参与
C、SET要实现的主要目标包括保障付款安全,确定应用的互通性和达到全球市场的可接受性
D、SET通过向电子商务各参与方发放验证码来确认各方的身份,保证网上支付的安全性
试题解析与讨论:
http://www.cnitpm.com/st/2850213651.html试题参考答案:C
试题
9: Network security starts from( 1 )any user, most likely a username and a password. Once authenticated, a stateful firewall enforces ( 2 )such as what services are allowed to be accessed by network users. Though effective to prevent unauthorized access, this component fails to check potentially harm contents such as computer worms being transmitted over the network. An intrusion prevention system (IPS)helps detect and prevent such malware. ( 3 )also monitors suspicious network affic for contents, volume and anomalies to protect the network from attacks such as denial of service. Communication between two hosts using the network could be encrypted to maintain privacy. Individual events occurring on the network could be tracked for audit purposes and for a later high level analysis.
( 4 ), essentially decoy network-accessible resources, could be deployed in a network as surveillance and early-warning tools. Techniques used by the attackers that attempt to compromise these decoy resources are studied during and after an attack to keep an eye on new exploitation techniques. Such analysis could be used to further tighten security of the actual network ( 5 )by the honeypot.
(1)A. authenticating
B. Proofreading
C. checking
D. detecting
(2)A. Control Strategy
B. access permission
C. access policies
D. security strategy
(3)A. lPS
B.IDS
C. P2DR
D. P2DR2
(4)A. Botnet
B. Honeypots
C. Phishing
D. Demilitarized zone
(5)A. being destroyed
B. being attacked
C. being damaged
D. being protected
试题解析与讨论:
http://www.cnitpm.com/st/2914326590.html试题参考答案:A、C、A、B、D
试题
10: Failure in which of the following testing stages would have the GREATEST impact on the implementation of new application software?
A、System testing
B、Acceptance testing
C、Integration testing
D、Unit testing
试题解析与讨论:
http://www.cnitpm.com/st/2945724630.html试题参考答案:B