分享到微信
信息安全工程师当天每日一练试题地址:www.cnitpm.com/exam/ExamDay.aspx?t1=6
往期信息安全工程师每日一练试题汇总:www.cnitpm.com/class/27/e6_1.html
信息安全工程师每日一练试题(2020/6/8)在线测试:www.cnitpm.com/exam/ExamDay.aspx?t1=6&day=2020/6/8
点击查看:更多信息安全工程师习题与指导
信息安全工程师每日一练试题内容(2020/6/8)
试题1: 通过网页上的钓鱼攻击来获取密码的方式,实质上是一种:()
A.社会工程学攻击
B.密码分析学
C.旁路攻击
D.暴力破解攻击
试题参考答案:A
试题2:
下列保护系统账户安全的措施中,哪个措施对解决口令暴力破解无帮助?()
A.设置系统的账户锁定策略,在用户登录输入错误次数达到一定数量时对账户进行锁定
B.更改系统内置管理员的用户名
C.给管理员账户一个安全的口令
D.使用屏幕保护并设置返回时需要提供口令
试题参考答案:D
试题3: Network security starts from( 1 )any user, most likely a username and a password. Once authenticated, a stateful firewall enforces ( 2 )such as what services are allowed to be accessed by network users. Though effective to prevent unauthorized access, this component fails to check potentially harm contents such as computer worms being transmitted over the network. An intrusion prevention system (IPS)helps detect and prevent such malware. ( 3 )also monitors suspicious network affic for contents, volume and anomalies to protect the network from attacks such as denial of service. Communication between two hosts using the network could be encrypted to maintain privacy. Individual events occurring on the network could be tracked for audit purposes and for a later high level analysis.
( 4 ), essentially decoy network-accessible resources, could be deployed in a network as surveillance and early-warning tools. Techniques used by the attackers that attempt to compromise these decoy resources are studied during and after an attack to keep an eye on new exploitation techniques. Such analysis could be used to further tighten security of the actual network ( 5 )by the honeypot.
(1)A. authenticating
B. Proofreading
C. checking
D. detecting
(2)A. Control Strategy
B. access permission
C. access policies
D. security strategy
(3)A. lPS
B.IDS
C. P2DR
D. P2DR2
(4)A. Botnet
B. Honeypots
C. Phishing
D. Demilitarized zone
(5)A. being destroyed
B. being attacked
C. being damaged
D. being protected
试题参考答案:A、C、A、B、D
试题4: When reviewing procedures for emergency changes to programs, the IS auditor should verify that the procedures:
A、allow changes, which will be completed using after-the-fact follow-up.
B、allow undocumented changes directly to the production library.
C、do not allow any emergency changes.
D、allow programmers permanent access to production programs.
试题解析与讨论:www.cnitpm.com/st/296681897.html
试题参考答案:A
试题5: Which of the following is the BEST audit procedure to determine if a firewall is configured in compliance with an organization's security policy?
A、Review the parameter settings.
B、Interview the firewall administrator.
C、Review the actual procedures.
D、Review the device's log file for recent attacks.
试题解析与讨论:www.cnitpm.com/st/293057369.html
试题参考答案:A
试题6: A company has contracted with an external consulting firm to implement a commercial financial system to replace its existing system developed in-house. In reviewing the proposed development approach, which of the following would be of GREATEST concern?
A、Acceptance testing is to be managed by users.
B、A quality plan is not part of the contracted deliverables.
C、Not all business functions will be available on initial implementation.
D、Prototyping is being used to confirm that the system meets business requirements.
试题解析与讨论:www.cnitpm.com/st/2961815496.html
试题参考答案:B
试题7:
以下哪个属性不会出现在防火墙的访问控制策略配置中?()
A.本局域网内地址
B.百度服务器地址
C.HTTP 协议
D.病毒类型
试题参考答案:D
试题8:
业务系统运行中异常错误处理合理的方法是:()
A.让系统自己处理异常
B.调试方便,应该让更多的错误更详细的显示出来
C.捕获错误,并抛出前台显示
D.捕获错误,只显示简单的提示信息,或不显示任何信息
试题参考答案:D
试题9: Which of the following is the GREATEST risk of an inadequate policy definition for ownership of data and systems?
A、User management coordination does not exist.
B、Specific user accountability cannot be established.
C、Unauthorized users may have access to originate, modify or delete data.
D、Audit recommendations may not be implemented.
试题解析与讨论:www.cnitpm.com/st/295898457.html
试题参考答案:C
试题10:
包过滤技术防火墙在过滤数据包时,一般不关心()
A、数据包的源地址
B、数据包的协议类型
C、数据包的目的地址
D、数据包的内容
试题参考答案:D
扫码关注公众号
温馨提示:因考试政策、内容不断变化与调整,信管网网站提供的以上信息仅供参考,如有异议,请以权威部门公布的内容为准!
信管网致力于为广大信管从业人员、爱好者、大学生提供专业、高质量的课程和服务,解决其考试证书、技能提升和就业的需求。
信管网软考课程由信管网依托10年专业软考教研倾力打造,官方教材参编作者和资深讲师坐镇,通过深研历年考试出题规律与考试大纲,深挖核心知识与高频考点,为学员考试保驾护航。面授、直播&录播,多种班型灵活学习,满足不同学员考证需求,降低课程学习难度,使学习效果事半功倍。
相关内容
| 发表评论 查看完整评论 | |
考试新手指南
学习计划攻略
精华备考资料
案例论文干货
章节模拟试题
免费试听课程
考试信息推送