分享到微信
信息安全工程师当天每日一练试题地址:www.cnitpm.com/exam/ExamDay.aspx?t1=6
往期信息安全工程师每日一练试题汇总:www.cnitpm.com/class/27/e6_1.html
信息安全工程师每日一练试题(2020/4/19)在线测试:www.cnitpm.com/exam/ExamDay.aspx?t1=6&day=2020/4/19
点击查看:更多信息安全工程师习题与指导
信息安全工程师每日一练试题内容(2020/4/19)
试题1: 对日志数据进行审计检查,属于()类控制措施。A.预防
B.检查
C.威慑
D.修正
试题解析与讨论:www.cnitpm.com/st/3270715804.html
试题参考答案:B
试题2:
传输控制协议(TCP)是传输层协议,以下关于TCP协议的说法,哪个是正确的?()
A.相比传输层的另外一个协议UDP,TCP既提供传输可靠性,还同时具有更高的效率,因此具有广泛的用途
B.TCP协议包头中包含了源IP地址和目的IP地址,因此TCP协议负责将数据传送到正确主机
C.TCP协议具有流量控制、数据校验、超时重发、接收确认等机制,因此TCP协议能完全替代IP 协议
D.TCP协议虽然高可靠,但是相比UDP协议机制过于复杂,传输效率要比UDP低
试题参考答案:D
试题3: Which of the following is the BEST practice to ensure that access authorizations are still valid?
A、Information owner provides authorization for users to gain access
B、Identity management is integrated with human resource processes
C、Information owners periodically review the access controls
D、An authorization matrix is used to establish validity of access
试题解析与讨论:www.cnitpm.com/st/293868905.html
试题参考答案:B
试题4: While planning an audit, an assessment of risk should be made to provide:
A、reasonable assurance that the audit will cover material items.
B、definite assurance that material items will be covered during the audit work.
C、reasonable assurance that all items will be covered by the audit.
D、sufficient assurance that all items will be covered during the audit work.
试题解析与讨论:www.cnitpm.com/st/2981929846.html
试题参考答案:A
试题5: The GREATEST risk when end users have access to a database at its system level, instead of through the application, is that the users can:
A、make unauthorized changes to the database directly, without an audit trail.
B、make use of a system query language (SQL) to access information.
C、remotely access the database.
D、update data without authentication.
试题解析与讨论:www.cnitpm.com/st/2936212413.html
试题参考答案:A
试题6: Due to changes in IT, the disaster recovery plan of a large organization has been changed. What is the PRIMARY risk if the new plan is not tested?
A、Catastrophic service interruption
B、High consumption of resources
C、Total cost of the recovery may not be minimized
D、Users and recovery teams may face severe difficulties when activating the plan
试题解析与讨论:www.cnitpm.com/st/295185219.html
试题参考答案:A
试题7: An organization with extremely high security requirements is evaluating the effectiveness of biometric systems. Which of the following performance indicators is MOST important?
A、False-acceptance rate (FAR)
B、Equal-error rate (EER)
C、False-rejection rate (FRR)
D、False-identification rate (FIR)
试题解析与讨论:www.cnitpm.com/st/2931020367.html
试题参考答案:A
试题8:
电子商务安全要求的四个方面是:()
A、传输的高效性、数据的完整性、交易各方的身份认证和交易的不可抗抵赖
B、存储的安全性、传输的高效性、数据的完整性和交易各方的身份认证
C、传输的安全性、数据的完整性、交易各方的身份认证和交易不可抵赖性
D、存储的安全性、传输的高效性、数据的完整性和交易的不可抵赖性
试题参考答案:C
试题9:
以下关于备份站点的说法哪项是正确的()
A.应与原业务系统具有同样的物理访问控制措施
B.应容易被找到以便于在灾难发生时以备紧急情况的需要
C.应部署在离原业务系统所在地较近的地方
D.不需要具有和原业务系统相同的环境监控等级
试题参考答案:A
试题10: An IS auditor is assigned to audit a software development project which is more than 80 percent complete, but has already overrun time by 10 percent and costs by 25 percent. Which of the following actions should the IS auditor take?
A、Report that the organization does not have effective project management.
B、Recommend the project manager be changed.
C、Review the IT governance structure.
D、Review the conduct of the project and the business case.
试题解析与讨论:www.cnitpm.com/st/2926922827.html
试题参考答案:D
扫码关注公众号
温馨提示:因考试政策、内容不断变化与调整,信管网网站提供的以上信息仅供参考,如有异议,请以权威部门公布的内容为准!
信管网致力于为广大信管从业人员、爱好者、大学生提供专业、高质量的课程和服务,解决其考试证书、技能提升和就业的需求。
信管网软考课程由信管网依托10年专业软考教研倾力打造,官方教材参编作者和资深讲师坐镇,通过深研历年考试出题规律与考试大纲,深挖核心知识与高频考点,为学员考试保驾护航。面授、直播&录播,多种班型灵活学习,满足不同学员考证需求,降低课程学习难度,使学习效果事半功倍。
相关内容
| 发表评论 查看完整评论 | |
考试新手指南
学习计划攻略
精华备考资料
案例论文干货
章节模拟试题
免费试听课程
考试信息推送