分享到微信
信息安全工程师当天每日一练试题地址:www.cnitpm.com/exam/ExamDay.aspx?t1=6
往期信息安全工程师每日一练试题汇总:www.cnitpm.com/class/27/e6_1.html
信息安全工程师每日一练试题(2020/5/27)在线测试:www.cnitpm.com/exam/ExamDay.aspx?t1=6&day=2020/5/27
点击查看:更多信息安全工程师习题与指导
信息安全工程师每日一练试题内容(2020/5/27)
试题1: Kerberos是一种常用的身份认证协议,它采用的加密算法是()
A、Elgamal
B、DES
C、MD5
D、RSA
试题参考答案:B
试题2: An advantage of using sanitized live transactions in test data is that:
A、all transaction types will be included.
B、every error condition is likely to be tested.
C、no special routines are required to assess the results.
D、test transactions are representative of live processing.
试题解析与讨论:www.cnitpm.com/st/2980621533.html
试题参考答案:D
试题3: An IS auditor reviewing an accounts payable system discovers that audit logs are not being reviewed. When this issue is raised with management the response is that additional controls are not necessary because effective system access controls are in place. The BEST response the auditor can make is to:
A、review the integrity of system access controls.
B、accept management's statement that effective access controls are in place.
C、stress the importance of having a system control framework in place.
D、review the background checks of the accounts payable staff.
试题解析与讨论:www.cnitpm.com/st/2949127830.html
试题参考答案:C
试题4: IS management has decided to install a level 1 Redundant Array of Inexpensive Disks (RAID) system in all servers to compensate for the elimination of offsite backups. The IS auditor should recommend:
A、upgrading to a level 5 RAID.
B、increasing the frequency of onsite backups.
C、reinstating the offsite backups.
D、establishing a cold site in a secure location.
试题解析与讨论:www.cnitpm.com/st/2971625907.html
试题参考答案:C
试题5: To address the risk of operations staff's failure to perform the daily backup, management requires that the systems administrator sign off on the daily backup. This is an example of risk:
A、avoidance.
B、transference.
C、mitigation.
D、acceptance.
试题解析与讨论:www.cnitpm.com/st/293614033.html
试题参考答案:C
试题6:
软件安全保障的思想是在软件的全生命周期中贯彻风险管理的思想,在有限资源前提下实现软件安全最优防护,避免防范不足带来的直接损失,也需要关注过度防范造成的间接损失。在以下软件安全开发策略中,不符合软件安全保障思想的是:()
A.在软件立项时考虑到软件安全相关费用,经费中预留了安全测试、安全评审相关费用,确保安全经费得到落实
B.在软件安全设计时,邀请软件安全开发专家对软件架构设计进行评审,及时发现架构设计中存在的安全不足
C.确保对软编码人员进行安全培训,使开发人员了解安全编码基本原则和方法,确保开发人员编写出安全的代码
D.在软件上线前对软件进行全面安全性测试,包括源代码分析、模糊测试、渗透测试,未经以上测试的软件不允许上线运行
试题参考答案:D
试题7: The PRIMARY purpose for meeting with auditees prior to formally closing a review is to:
A、confirm that the auditors did not overlook any important issues.
B、gain agreement on the findings.
C、receive feedback on the adequacy of the audit procedures.
D、test the structure of the final presentation.
试题解析与讨论:www.cnitpm.com/st/2977619346.html
试题参考答案:B
试题8: 不属于物理安全威胁的是( )。
A.电源故障
B.物理攻击
C.自然灾害
D.字典攻击
试题解析与讨论:www.cnitpm.com/st/3897917382.html
试题参考答案:D
试题9:
通过社会工程的方法进行非授权访问的风险可以通过以下方法避免:()
A. 安全意识程序
B.非对称加密
C. 入侵侦测系统
D. 非军事区
试题参考答案:A
试题10: The GREATEST benefit in implementing an expert system is the:
A、capturing of the knowledge and experience of individuals in an organization.
B、sharing of knowledge in a central repository.
C、enhancement of personnel productivity and performance.
D、reduction of employee turnover in key departments.
试题解析与讨论:www.cnitpm.com/st/2982910796.html
试题参考答案:A
扫码关注公众号
温馨提示:因考试政策、内容不断变化与调整,信管网网站提供的以上信息仅供参考,如有异议,请以权威部门公布的内容为准!
信管网致力于为广大信管从业人员、爱好者、大学生提供专业、高质量的课程和服务,解决其考试证书、技能提升和就业的需求。
信管网软考课程由信管网依托10年专业软考教研倾力打造,官方教材参编作者和资深讲师坐镇,通过深研历年考试出题规律与考试大纲,深挖核心知识与高频考点,为学员考试保驾护航。面授、直播&录播,多种班型灵活学习,满足不同学员考证需求,降低课程学习难度,使学习效果事半功倍。
相关内容
| 发表评论 查看完整评论 | |
考试新手指南
学习计划攻略
精华备考资料
案例论文干货
章节模拟试题
免费试听课程
考试信息推送