信息安全工程师每日一练试题（2022/7/1）

2022年07月02日来源：信管网作者:cnitpm

信息安全工程师当天每日一练试题地址：www.cnitpm.com/exam/ExamDay.aspx?t1=6

往期信息安全工程师每日一练试题汇总：www.cnitpm.com/class/27/e6_1.html

信息安全工程师每日一练试题（2022/7/1）在线测试：www.cnitpm.com/exam/ExamDay.aspx?t1=6&day=2022/7/1

点击查看：更多信息安全工程师习题与指导

信息安全工程师每日一练试题内容（2022/7/1）

试题1
The modern study of symmetric-key ciphers relates mainly to the study of block ciphers and stream ciphers and to their applications. A block cipher is, in a sense, a modern embodiment of Alberti's polyalphabetic cipher: block ciphers take as input a block of （71 ）and a key, and output a block of ciphertext of the same size. Since messages are almost always longer than a single block, some method of knitting together successive blocks is required. Several have been developed, some with better security in one aspect or another than others. They are the mode of operations and must be carefully considered when using a block cipher in a cryptosystem.
The Data Encryption Standard (DES) and the Advanced Encryption Standard (AES) are( 72 )designs which have been designated cryptography standards by the US government (though DES's designation was finally withdrawn after the AES was adopted). Despite its deprecation as an official standard, DES (especially its still-approved and much more secure triple-DES variant) remains quite popular; it is used across a wide range of applications, from ATM encryption to e-mail privacy and secure remote access. Many other block ciphers have been designed and released, with considerable variation in quality. Many have been thoroughly broken. See Category: Block ciphers.
Stream ciphers, in contrast to the ‘block’type, create an arbitrarily long stream of key material, which is combined ( 73 )the plaintext bit-by-bit or character-by-character, somewhat like the one-time pad. In a stream cipher, the output( 74 )is created based on an internal state which changes as the cipher operates. That state change is controlled by the key, and, in some stream ciphers, by the plaintext stream as well. RC4 is an example of a well-known, and widely used, stream cipher; see Category: Stream ciphers.
Cryptographic hash functions (often called message digest functions) do not necessarily use keys, but are a related and important class of cryptographic algorithms. They take input data (often an entire message), and output a short fixed length hash, and do so as a one-way function. For good ones, ( 75 ) (two plaintexts which produce the same hash) are extremely difficult to find.
Message authentication codes (MACs) are much like cryptographic hash functions, except that a secret key is used to authenticate the hash value on receipt. These block an attack against plain hash functions.
（71）
A.plaintext
B.ciphertext
C.data
D.hash
（72）
A.stream cipher
B.hash function
C.Message authentication code
D.Block cipher
（73）
A.of
B.for
C.with
D.in
（74）
A.hash
B.stream
C.ciphertext
D.plaintext
（75）
A.collisions
B.image
C.preimage
D.solution
查看答案
试题参考答案：A、D、C、B、A
试题解析与讨论：www.cnitpm.com/st/4115223167.html
试题2
通用入侵检测框架模型（CIDF）由事件产生器、事件分析器、响应单元和事件数据库四个部分组成。其中向系统其他部分提供事件的是（）
A．事件产生器
B．事件分析器
C．响应单元
D．事件数据库
查看答案
试题参考答案：A
试题解析与讨论：www.cnitpm.com/st/5226223863.html
试题3
网络安全漏洞是网络安全管理工作的重要内容，网络信息系统的漏洞主要来自两个方面：非技术性安全漏洞和技术性安全漏洞。以下属于非技术性安全漏洞主要来源的是 ( )
A．缓冲区溢出
B．输入验证错误
C．网络安全特权控制不完备
D．配置错误
查看答案
试题参考答案：C
试题解析与讨论：www.cnitpm.com/st/522697983.html
试题4
入侵检测技术包括异常入侵检测和误用入侵检测。以下关于误用检测技术的描述中，正确的是（）。
A.误用检测根据对用户正常行为的了解和掌握来识别入侵行为
B.误用检测根据掌握的关于入侵或攻击的知识来识别入侵行为
C.误用检测不需要建立入侵或攻击的行为特征库
D.误用检测需要建立用户的正常行为特征轮廓
查看答案
试题参考答案：B
试题解析与讨论：www.cnitpm.com/st/4112521300.html
试题5
恶意代码是指为达到恶意目的而专门设计的程序或代码。以下恶意代码中，属于脚本病毒的是（）。
A. Worm. Sasser, f
B. Trojan. Huigezi. a
C. Harm. formac. f
D. Script. Redlof
查看答案
试题参考答案：D
试题解析与讨论：www.cnitpm.com/st/4110512003.html
试题6
SYN 扫描首先向目标主机发送连接请求，当目标主机返回响应后，立即切断连接过程，并查看响应情况。果目标主机返回（），表示目标主机的该端口开放。
A．SYN/ACK
B．RESET 信息
C．RST/ACK
D．ID头信息
查看答案
试题参考答案：A
试题解析与讨论：www.cnitpm.com/st/5223223655.html
试题7
能有效控制内部网络和外部网络之间的访问及数据传输，从而达到保护内部网络的信息不受外部非授权用户的访问和对不良信息的过滤的安全技术是（）
A.入侵检测
B.反病毒软件
C.防火墙
D.计算机取证
查看答案
试题参考答案：C
试题解析与讨论：www.cnitpm.com/st/327375395.html
试题8
Trust is typically interpreted as a subjective belief in the reliability， honesty and security of an entity on which we depend （）our welfare .In online environments we depend on a wide spectrun of things , ranging from computer hardware,software and data to people and organizations. A security solution always assumes certain entities function according to specific policies.To trust is precisely to make this sort of assumptions , hence , a trusted entity is the same as an entity that is assumed to function according to policy . A consequence of this is that a trust component of a system must work correctly in order for the security of that system to hold, meaning that when a trusted（）fails , then the sytems and applications that depend on it can（）be considered secure.An often cited articulation of this principle is:＂ a trusted system or component is one that can break your security policy” ( which happens when the trust system fails ). The same applies to a trusted party such as a service provider ( SP for short )that is , it must operate according to the agreed or assumed policy in order to ensure the expected level of securty and quality of services . A paradoxical conclusion to be drawn from this analysis is that security assurance may decrease when increasing the number of trusted components and parties that a service infrastructure depends on . This is because the security of an infrastructure consisting of many.
Trusted components typically follows the principle of the weakest link , that is ,in many situations the the overall security can only be as strong as the least reliable or least secure of all the trusted components. We cannot avoid using trusted security components,but the fewer the better. This is important to understand when designing the identity management architectures,that is, fewer the trusted parties in an identity management model , stronger the security that can be achieved by it.
The transfer of the social constructs of identity and trust into digital and computational concepts helps in designing and implementing large scale online markets and communities,and also plays an important role in the converging mobile and Internet environments.Identity management (denoted Idm hereafter ) is about recognizing and verifying the correctness of identitied in online environment .Trust management becomes a component of （）whenever different parties rely on each other for identity provision and authentication . IdM and Trust management therefore depend on each other in complex ways because the correctness of the identity itself must be trusted for the quality and reliability of the corresponding entity to be trusted.IdM is also an essential concept when defining authorisation policies in personalised services.
Establishing trust always has a cost, so that having complex trust requirement typically leads to high overhead in establishing the required trust. To reduce costs there will be incentives for stakeholders to “cut corners”regarding trust requirements ,which could lead to inadequate security . The challenge is to design IdM systems with relatively simple trust requirements.Cryptographic mechanisms are often a core component of IdM solutions,for example,for entity and data authentication.With cryptography,it is often possible to propagate trust from where it initially exists to where it is needed .The establishment of initial（）usually takes place in the physical world,and the subsequent propagation of trust happens online,often in an automated manner.
（71）A.with
B. on
C. of
D. for
（72）A.entity
B.person
C.component
D.thing
（73）A. No longer
B. never
C. always
D.often
（74）A. SP
B. IdM
C.Internet
D.entity
（75）A.trust
B.cost
C.IdM
D. solution
查看答案
试题参考答案：D、C、A、B、A
试题解析与讨论：www.cnitpm.com/st/389944612.html
试题9

以下对OSI（开放系统互联）参考模型中数据链路层的功能叙述中，描述最贴切是（）
A、保证数据正确的顺序、无差错和完整
B、控制报文通过网络的路由选择
C、提供用户与网络的接口
D、处理信号通过介质的传输
查看答案
试题参考答案：A
试题解析与讨论：www.cnitpm.com/st/2848820346.html
试题10
IP地址欺骗的发生过程，下列顺序正确的是（）。①确定要攻击的主机A；②发现和他有信任关系的主机B；③猜测序列号；④成功连接，留下后面；⑤将B利用某种方法攻击瘫痪。
A.①②⑤③④
B.①②③④⑤
C.①②④③⑤
D.②①⑤③④
查看答案
试题参考答案：A
试题解析与讨论：www.cnitpm.com/st/3273328170.html

温馨提示：因考试政策、内容不断变化与调整，信管网提供的以上信息仅供参考，如有异议，请考生以权威部门公布的内容为准！

分享至：