信息安全工程师每日一练试题（2023/4/22）

2023年04月23日来源：信管网作者:cnitpm

信息安全工程师当天每日一练试题地址：www.cnitpm.com/exam/ExamDay.aspx?t1=6

往期信息安全工程师每日一练试题汇总：www.cnitpm.com/class/27/e6_1.html

信息安全工程师每日一练试题（2023/4/22）在线测试：www.cnitpm.com/exam/ExamDay.aspx?t1=6&day=2023/4/22

点击查看：更多信息安全工程师习题与指导

信息安全工程师每日一练试题内容（2023/4/22）

试题1
如果破译加密算法所需要的计算能力和计算时间是现实条件所不具备的,那么就认为相应的密码体制是（）。
A.实际安全
B.可证明安全
C.无条件安全
D.绝对安全
查看答案
试题参考答案：A
试题解析与讨论：www.cnitpm.com/st/3899110708.html
试题2
所有资源只能由授权方或以授权的方式进行修改，即信息未经授权不能进行改变的特性是指信息的（）。
A.完整性
B.可用性
C.保密性
D.不可抵赖性
查看答案
试题参考答案：A
试题解析与讨论：www.cnitpm.com/st/5018424799.html
试题3
2018年10月，含有我国SM3杂凑算法的IS0/IEC10118-3: 2018《信息安全技术杂凑函数第3部分：专用杂凑函数》由国际标准化组织（ISO）发布，SM3算法正式成为国际标准。SM3的杂凑值长度为（）。
A、8 字节
B、16字节
C、32字节
D、64字节
查看答案
试题参考答案：C
试题解析与讨论：www.cnitpm.com/st/4108322660.html
试题4
《计算机信息系统安全保护等级划分准则》(GB17859-1999)中规定了计算机系统安全保护能力的五个等级，其中要求对所有主体和客体进行自主和强制访问控制的是（）。
A.用户自主保护级
B.系统审计保护级
C.安全标记保护级
D.结构化保护级
查看答案
试题参考答案：D
试题解析与讨论：www.cnitpm.com/st/3892624867.html
试题5
VPN即虚拟专用网，是一种依靠ISP和其他NSP在公用网络中建立专用的、安全的数据通信通道的技术。以下关于虚拟专用网VPN的描述中，错误的是（）。
A.VPN采用隧道技术实现安全通信
B.第2层隧道协议L2TP主要由LAC和LNS构成
C.IPSec可以实现数据的加密传输
D.点对点隧道协议PPTP中的身份验证机制包括RAP、CHAP、MPPE
查看答案
试题参考答案：D
试题解析与讨论：www.cnitpm.com/st/501879678.html
试题6
Kerberos 是一个网络认证协议，其目标是使用密钥加密为客户端／服务器应用程序提供强身份认证。一个 Kerberos 系统涉及四个基本实体：Kerberos 客户机、认证服务器 AS、票据发放服务器TGS、应用服务器。其中，为用户提供服务的设备或系统被称为（）
A．Kerberos 客户机
B．认证服务器AS
C．票据发放服务器TGS
D．应用服务器
查看答案
试题参考答案：D
试题解析与讨论：www.cnitpm.com/st/5225018038.html
试题7

电子商务系统除了面临一般的信息系统所涉及的安全威胁之外，更容易成为黑客分子的攻击目标，其安全性需求普遍高于一般的信息系统，电子商务系统中的信息安全需求不包括（）
A、交易的真实性
B、交易的保密性和完整性
C、交易的可撤销性
D、交易的不可抵赖性
查看答案
试题参考答案：C
试题解析与讨论：www.cnitpm.com/st/284539359.html
试题8
Trust is typically interpreted as a subjective belief in the reliability， honesty and security of an entity on which we depend （）our welfare .In online environments we depend on a wide spectrun of things , ranging from computer hardware,software and data to people and organizations. A security solution always assumes certain entities function according to specific policies.To trust is precisely to make this sort of assumptions , hence , a trusted entity is the same as an entity that is assumed to function according to policy . A consequence of this is that a trust component of a system must work correctly in order for the security of that system to hold, meaning that when a trusted（）fails , then the sytems and applications that depend on it can（）be considered secure.An often cited articulation of this principle is:＂ a trusted system or component is one that can break your security policy” ( which happens when the trust system fails ). The same applies to a trusted party such as a service provider ( SP for short )that is , it must operate according to the agreed or assumed policy in order to ensure the expected level of securty and quality of services . A paradoxical conclusion to be drawn from this analysis is that security assurance may decrease when increasing the number of trusted components and parties that a service infrastructure depends on . This is because the security of an infrastructure consisting of many.
Trusted components typically follows the principle of the weakest link , that is ,in many situations the the overall security can only be as strong as the least reliable or least secure of all the trusted components. We cannot avoid using trusted security components,but the fewer the better. This is important to understand when designing the identity management architectures,that is, fewer the trusted parties in an identity management model , stronger the security that can be achieved by it.
The transfer of the social constructs of identity and trust into digital and computational concepts helps in designing and implementing large scale online markets and communities,and also plays an important role in the converging mobile and Internet environments.Identity management (denoted Idm hereafter ) is about recognizing and verifying the correctness of identitied in online environment .Trust management becomes a component of （）whenever different parties rely on each other for identity provision and authentication . IdM and Trust management therefore depend on each other in complex ways because the correctness of the identity itself must be trusted for the quality and reliability of the corresponding entity to be trusted.IdM is also an essential concept when defining authorisation policies in personalised services.
Establishing trust always has a cost, so that having complex trust requirement typically leads to high overhead in establishing the required trust. To reduce costs there will be incentives for stakeholders to “cut corners”regarding trust requirements ,which could lead to inadequate security . The challenge is to design IdM systems with relatively simple trust requirements.Cryptographic mechanisms are often a core component of IdM solutions,for example,for entity and data authentication.With cryptography,it is often possible to propagate trust from where it initially exists to where it is needed .The establishment of initial（）usually takes place in the physical world,and the subsequent propagation of trust happens online,often in an automated manner.
（71）A.with
B. on
C. of
D. for
（72）A.entity
B.person
C.component
D.thing
（73）A. No longer
B. never
C. always
D.often
（74）A. SP
B. IdM
C.Internet
D.entity
（75）A.trust
B.cost
C.IdM
D. solution
查看答案
试题参考答案：D、C、A、B、A
试题解析与讨论：www.cnitpm.com/st/389944612.html
试题9
面向数据挖掘的隐私保护技术主要解决高层应用中的隐私保护问题，致力于研究如何根据不同数据挖掘操作的特征来实现对隐私的保护。从数据挖掘的角度看，不属于隐私保护技术的是（）。
A.基于数据失真的隐私保护技术
B.基于数据匿名化的隐私保护技术
C.基于数据分析的隐私保护技术
D.基于数据加密的隐私保护技术
查看答案
试题参考答案：C
试题解析与讨论：www.cnitpm.com/st/3275518417.html
试题10
如果对一个密码体制的破译依赖于对某一个经过深入研究的数学难题的解决，就认为相应的密码体制是（）的。
A.计算安全
B.可证明安全
C.无条件安全
D.绝对安全
查看答案
试题参考答案：B
试题解析与讨论：www.cnitpm.com/st/411494857.html

温馨提示：因考试政策、内容不断变化与调整，信管网提供的以上信息仅供参考，如有异议，请考生以权威部门公布的内容为准！

分享至：