信息安全工程师当天每日一练试题地址:www.cnitpm.com/exam/ExamDay.aspx?t1=6
往期信息安全工程师每日一练试题汇总:www.cnitpm.com/class/27/e6_1.html
信息安全工程师每日一练试题(2020/6/12)在线测试:www.cnitpm.com/exam/ExamDay.aspx?t1=6&day=2020/6/12
点击查看:更多信息安全工程师习题与指导
信息安全工程师每日一练试题内容(2020/6/12)
试题
1: An IS auditor invited to a development project meeting notes that no project risks have been documented. When the IS auditor raises this issue, the project manager responds that it is too early to identify risks and that, if risks do start impacting the project, a risk manager will be hired. The appropriate response of the IS auditor would be to:
A、stress the importance of spending time at this point in the project to consider and document risks, and to develop contingency plans.
B、accept the project manager's position as the project manager is accountable for the outcome of the project.
C、offer to work with the risk manager when one is appointed.
D、inform the project manager that the IS auditor will conduct a review of the risks at the completion of the requirements definition phase of the project.
试题解析与讨论:
www.cnitpm.com/st/292658997.html试题参考答案:A
试题
2:
当访问web网站的某个资源时,请求无法被服务器理解将会出现的HTTP状态码是( )
A、 200
B、 401
C、 302
D、 303
试题解析与讨论:
www.cnitpm.com/st/267088942.html试题参考答案:B
试题
3:
下列哪个是蠕虫的特性?()
A.不感染、依附性
B.不感染、独立性
C.可感染、依附性
D.可感染、独立性
试题解析与讨论:
www.cnitpm.com/st/27052869.html试题参考答案:D
试题
4:
某公司开发了一个游戏网站,但是由于网站软件存在漏洞,在网络中传输大数据包时总是会丢失一些数据,如一次性传输大于2000 个字节数据时,总是会有3 到5 个字节不能传送到对方,关于此案例,可以推断的是()
A 该网站软件存在 保密性方面安全问题
B 该网站软件存在完整性方面安全问题
C 该网站软件存在 可用性方面安全问题
D 该 网站软件存在 不可否认性方面安全问题
试题解析与讨论:
www.cnitpm.com/st/2577428457.html试题参考答案:B
试题
5: What is the MOST prevalent security risk when an organization implements remote virtual private network (VPN) access to its network?
A、Malicious code could be spread across the network
B、VPN logon could be spoofed
C、Traffic could be sniffed and decrypted
D、VPN gateway could be compromised
试题解析与讨论:
www.cnitpm.com/st/293084515.html试题参考答案:A
试题
6: An IS auditor analyzing the audit log of a database management system (DBMS) finds that some transactions were partially executed as a result of an error, and are not rolled back. Which of the following transaction processing features has been violated?
A、Consistency
B、Isolation
C、Durability
D、Atomicity
试题解析与讨论:
www.cnitpm.com/st/2962312917.html试题参考答案:D
试题
7:
CA的核心职责是()
A.签发和管理证书
B.审核用户真实信息
C.发布黑名单
D.建立实体链路安全
试题解析与讨论:
www.cnitpm.com/st/2625220675.html试题参考答案:A
试题
8: Which of the following is the MOST effective method for dealing with the spreading of a network worm that exploits vulnerability in a protocol?
A、Install the vendor's security fix for the vulnerability.
B、Block the protocol traffic in the perimeter firewall.
C、Block the protocol traffic between internal network segments.
D、Stop the service until an appropriate security fix is installed.
试题解析与讨论:
www.cnitpm.com/st/2962223504.html试题参考答案:D
试题
9:
以下不属于网络安全控制技术的是()
A、防火墙技术
B、访问控制
C、入侵检测技术
D、差错控制
试题解析与讨论:
www.cnitpm.com/st/2849122070.html试题参考答案:D
试题
10:
信息安全管理体系(information SecurltyManagement System.ISMS)的内部审核和管理审核是两项重要的管理活动,关于这两者,下面描述错误的是()
A、内部审核和管理评审都很重要,都是促进ISMS持续改进的重要动力,也都应当按照一定的周期实施
B、内部审核的实施方式多采用文件审核和现场审核的形式,而管理评审的实施方式多采用召开管理评审会议的形式进行
C、内部审核的实施主体由组织内部的ISMS内审小组,而管理评审的实施主体是由国家政策指定的第三方技术服务机构
D、组织的信息安全方针,信息目标和有关ISMS文件等,在内部审核中作为审核准则使用,但在管理评审中,这些文件是被审对象
试题解析与讨论:
www.cnitpm.com/st/2911716377.html试题参考答案:C
导航
