信管网每日一练

信息安全工程师当天每日一练试题地址：www.cnitpm.com/exam/ExamDay.aspx?t1=6

往期信息安全工程师每日一练试题汇总：www.cnitpm.com/class/27/e6_1.html

信息安全工程师每日一练试题（2020/9/6）在线测试：www.cnitpm.com/exam/ExamDay.aspx?t1=6&day=2020/9/6

点击查看：更多信息安全工程师习题与指导

信息安全工程师每日一练试题内容（2020/9/6）

试题1： 防火墙的部署不包括以下的()。
A、双宿主机防火墙
B、堡垒主机防火墙
C、屏蔽主机防火墙
D、屏蔽子网防火墙
试题解析与讨论：www.cnitpm.com/st/2149526936.html
试题参考答案：B

试题2： 下列哪一项是对访客访问数据中心最有效的控制？（）
A、陪同访问者。
B、要求访问者佩戴证件。
C、访问者签字后进入。
D、操作人员对访问者进行抽查。
试题解析与讨论：www.cnitpm.com/st/3023915352.html
试题参考答案：A

试题3： 下列关于数字签名说法正确的是（  ）。
A.数字签名不可信
B.数字签名不可改变
C.数字签名可以否认
D.数字签名易被伪造
试题解析与讨论：www.cnitpm.com/st/411153134.html
试题参考答案：B

试题4：

信息系统安全主要从那几个方面进行评估？（）
A、1个（技术）
B、2个（技术、管理）
C、3个（技术、管理、工程）
D、4个（技术、管理、工程、应用）

试题解析与讨论：www.cnitpm.com/st/269297551.html
试题参考答案：C

试题5： 如果一个SQL Server数据库维护人员，需要具有建立测试性的数据库的权限，那么应该指派给他哪个权限（）？
A、Database  Creators
B、System  Administrators
C、Server  Administrators
D、Security   Adiministrators
试题解析与讨论：www.cnitpm.com/st/224559049.html
试题参考答案：A

试题6：

以下选项中哪一项是对于信息安全风险采取的纠正机制（）
A.访问控制
B.入侵检测
C.灾难恢复
D.防病毒系统

试题解析与讨论：www.cnitpm.com/st/2691110179.html
试题参考答案：C

试题7： An IS auditor interviewing a payroll clerk finds that the answers do not support job descriptions and documented procedures. Under these circumstances, the IS auditor should: 
A、conclude that the controls are inadequate. 
B、expand the scope to include substantive testing. 
C、place greater reliance on previous audits. 
D、suspend the audit. 
试题解析与讨论：www.cnitpm.com/st/2922323296.html
试题参考答案：B

试题8： To ensure authentication, confidentiality and integrity of a message, the sender should encrypt the hash of the message with the sender's: 
A、public key and then encrypt the message with the receiver's private key. 
B、private key and then encrypt the message with the receiver's public key. 
C、public key and then encrypt the message with the receiver's public key. 
D、private key and then encrypt the message with the receiver's private key. 
试题解析与讨论：www.cnitpm.com/st/2930222630.html
试题参考答案：B

试题9：

（1）is the science of hiding information. Whereas the goal of cryptography is to make data unreadable by a third party. the goal of steganography is to hide the data from a third party. In this article, I will discuss what steganography is, what purposes it serves, and will provide an example using available software.
There are a large number of steganographic （2）that most of us are familiar with (especially if you watch a lot of spy movies), ranging from invisible ink and microdots to secreting a hidden message in the second letter of each word of a large body of text and spread spectrum radio communication. With computers and networks, there are many other ways of hiding informations, such as:
Covert channels (c,g, Loki and some distributed denial-of-service tools use the Internet Control （3）Protocol, or ICMP, as the communication channel between the “bad guy”and a compromicyed system)
Hidden text within Web pages
Hiding files in “plain sight”(c,g. what better place to “hide”a file than with an important sounding name in the c:\winnt system32 directory)
Null ciphers(c,g, using the first letter of each word to form a hidden message in an otherwise innocuous text)
steganography today, however, is significantly more （4）than the example about suggest, allowing a user to hide large amounts of information within image and audio. These forms of steganography often are used in conjunction with cryptography so the information is double protected; first it is encrypted and then hidden so that an advertisement first. find the information ( an often difficult task in and of itself) and the decrypted it.
The simplest approach to hiding data within an image file is called （5）signature insertion. In this method, we can take the binary representation of the hidden data and the bit of each byte within the covert image. If we are using 24-bit color the amount and will be minimum and indiscriminate to the human eye.
（1）A、Cryptography
B、Geography
C、Stenography
D、Steganography
（2）A、methods
B、software
C、tools
D、services
（3）A、Member
B、Management
C、Message
D、Mail
（4）A、powerful
B、sophistication
C、advanced
D、easy
（5）A、least
B、most
C、much
D、less

试题解析与讨论：www.cnitpm.com/st/2851420507.html
试题参考答案：D、A、C、B、A

试题10：

信息安全风险的三要素是指：（）
A.资产/威胁/脆弱性
B.资产/使命/威胁
C.使命/威胁/脆弱性
D.威胁/脆弱性/使命

试题解析与讨论：www.cnitpm.com/st/2710021912.html
试题参考答案：A