信息安全工程师当天每日一练试题地址:www.cnitpm.com/exam/ExamDay.aspx?t1=6
往期信息安全工程师每日一练试题汇总:www.cnitpm.com/class/27/e6_1.html
信息安全工程师每日一练试题(2020/4/19)在线测试:www.cnitpm.com/exam/ExamDay.aspx?t1=6&day=2020/4/19
点击查看:更多信息安全工程师习题与指导
信息安全工程师每日一练试题内容(2020/4/19)
试题
1: 对日志数据进行审计检查,属于()类控制措施。
A.预防
B.检查
C.威慑
D.修正
试题解析与讨论:
www.cnitpm.com/st/3270715804.html试题参考答案:B
试题
2:
传输控制协议(TCP)是传输层协议,以下关于TCP协议的说法,哪个是正确的?()
A.相比传输层的另外一个协议UDP,TCP既提供传输可靠性,还同时具有更高的效率,因此具有广泛的用途
B.TCP协议包头中包含了源IP地址和目的IP地址,因此TCP协议负责将数据传送到正确主机
C.TCP协议具有流量控制、数据校验、超时重发、接收确认等机制,因此TCP协议能完全替代IP 协议
D.TCP协议虽然高可靠,但是相比UDP协议机制过于复杂,传输效率要比UDP低
试题解析与讨论:
www.cnitpm.com/st/2751310842.html试题参考答案:D
试题
3: Which of the following is the BEST practice to ensure that access authorizations are still valid?
A、Information owner provides authorization for users to gain access
B、Identity management is integrated with human resource processes
C、Information owners periodically review the access controls
D、An authorization matrix is used to establish validity of access
试题解析与讨论:
www.cnitpm.com/st/293868905.html试题参考答案:B
试题
4: While planning an audit, an assessment of risk should be made to provide:
A、reasonable assurance that the audit will cover material items.
B、definite assurance that material items will be covered during the audit work.
C、reasonable assurance that all items will be covered by the audit.
D、sufficient assurance that all items will be covered during the audit work.
试题解析与讨论:
www.cnitpm.com/st/2981929846.html试题参考答案:A
试题
5: The GREATEST risk when end users have access to a database at its system level, instead of through the application, is that the users can:
A、make unauthorized changes to the database directly, without an audit trail.
B、make use of a system query language (SQL) to access information.
C、remotely access the database.
D、update data without authentication.
试题解析与讨论:
www.cnitpm.com/st/2936212413.html试题参考答案:A
试题
6: Due to changes in IT, the disaster recovery plan of a large organization has been changed. What is the PRIMARY risk if the new plan is not tested?
A、Catastrophic service interruption
B、High consumption of resources
C、Total cost of the recovery may not be minimized
D、Users and recovery teams may face severe difficulties when activating the plan
试题解析与讨论:
www.cnitpm.com/st/295185219.html试题参考答案:A
试题
7: An organization with extremely high security requirements is evaluating the effectiveness of biometric systems. Which of the following performance indicators is MOST important?
A、False-acceptance rate (FAR)
B、Equal-error rate (EER)
C、False-rejection rate (FRR)
D、False-identification rate (FIR)
试题解析与讨论:
www.cnitpm.com/st/2931020367.html试题参考答案:A
试题
8:
电子商务安全要求的四个方面是:()
A、传输的高效性、数据的完整性、交易各方的身份认证和交易的不可抗抵赖
B、存储的安全性、传输的高效性、数据的完整性和交易各方的身份认证
C、传输的安全性、数据的完整性、交易各方的身份认证和交易不可抵赖性
D、存储的安全性、传输的高效性、数据的完整性和交易的不可抵赖性
试题解析与讨论:
www.cnitpm.com/st/2655910256.html试题参考答案:C
试题
9:
以下关于备份站点的说法哪项是正确的()
A.应与原业务系统具有同样的物理访问控制措施
B.应容易被找到以便于在灾难发生时以备紧急情况的需要
C.应部署在离原业务系统所在地较近的地方
D.不需要具有和原业务系统相同的环境监控等级
试题解析与讨论:
www.cnitpm.com/st/2616219237.html试题参考答案:A
试题
10: An IS auditor is assigned to audit a software development project which is more than 80 percent complete, but has already overrun time by 10 percent and costs by 25 percent. Which of the following actions should the IS auditor take?
A、Report that the organization does not have effective project management.
B、Recommend the project manager be changed.
C、Review the IT governance structure.
D、Review the conduct of the project and the business case.
试题解析与讨论:
www.cnitpm.com/st/2926922827.html试题参考答案:D
导航
