免费欧美日韩,免费伦费一区二区三区四区

當前位置：信管網(wǎng) >> 信息安全工程師 >> 每日一練 >> 文章內(nèi)容

信息安全工程師每日一練試題（2024/9/9）

來源：信管網(wǎng) 2024年09月10日【所有評論】

信息安全工程師當天每日一練試題地址：www.jazzmuze.com/exam/ExamDay.aspx?t1=6

往期信息安全工程師每日一練試題匯總：www.jazzmuze.com/class/27/e6_1.html

信息安全工程師每日一練試題（2024/9/9）在線測試：www.jazzmuze.com/exam/ExamDay.aspx?t1=6&day=2024/9/9

點擊查看：更多信息安全工程師習題與指導(dǎo)

信息安全工程師每日一練試題內(nèi)容（2024/9/9）

試題1
關(guān)于宏病毒的傳播機制，以下哪項描述是正確的？
A．宏病毒會自動通過互聯(lián)網(wǎng)搜索并感染其他計算機
B．宏病毒在文件被關(guān)閉時自動復(fù)制并感染其他文件
C．宏病毒的觸發(fā)需要用戶打開一個被感染的文件并允許宏程序執(zhí)行
D．宏病毒可以感染任何類型的文件，無論是否包含宏代碼
查看答案
試題參考答案：C
試題解析與討論：www.jazzmuze.com/exam/ExamDay.aspx?t1=6&day=2024/9/9
試題2
以下哪項屬于上下文因素（）
A．設(shè)備交互模式
B．應(yīng)用行為模式
C．設(shè)備和網(wǎng)絡(luò)模式
D．左/右手
查看答案
試題參考答案：C
試題解析與討論：www.jazzmuze.com/exam/ExamDay.aspx?t1=6&day=2024/9/9
試題3
自然安全威脅不包含（）
A．地震
B．火災(zāi)
C．爆炸
D．雷電
查看答案
試題參考答案：C
試題解析與討論：www.jazzmuze.com/exam/ExamDay.aspx?t1=6&day=2024/9/9
試題4
以下（）情況最可能構(gòu)成A6-安全配置錯誤。
A．網(wǎng)站的登錄表單未對輸入進行驗證，導(dǎo)致XSS攻擊。
B．網(wǎng)站的服務(wù)器配置了詳細的錯誤信息，暴露了數(shù)據(jù)庫查詢語句。
C．網(wǎng)站的數(shù)據(jù)庫使用了弱密碼，導(dǎo)致數(shù)據(jù)泄露。
D．網(wǎng)站的API未實施HTTPS，數(shù)據(jù)在傳輸過程中被截獲。
查看答案
試題參考答案：B
試題解析與討論：www.jazzmuze.com/exam/ExamDay.aspx?t1=6&day=2024/9/9
試題5
下圖中，（）的網(wǎng)絡(luò)流量數(shù)據(jù)可以被網(wǎng)絡(luò)流量采集設(shè)備獲取到。

A．服務(wù)器A
B．服務(wù)器B
C．服務(wù)器A和B都可以
D．服務(wù)器A和B都不可以
查看答案
試題參考答案：C
試題解析與討論：www.jazzmuze.com/exam/ExamDay.aspx?t1=6&day=2024/9/9
試題6
訪問控制機制由一組安全機制構(gòu)成，可以抽象為一個簡單的模型，模型中1、2、3分別為（）

A．訪問控制數(shù)據(jù)庫、參考監(jiān)視器、審計庫
B．參考監(jiān)視器、訪問控制數(shù)據(jù)庫、審計庫
C．參考監(jiān)視器、審計庫、訪問控制數(shù)據(jù)庫
D．審計庫、參考監(jiān)視器、訪問控制數(shù)據(jù)庫
查看答案
試題參考答案：A
試題解析與討論：www.jazzmuze.com/exam/ExamDay.aspx?t1=6&day=2024/9/9
試題7
從網(wǎng)絡(luò)安全的角度看，以下原則中不屬于網(wǎng)絡(luò)安全防護體系在設(shè)計和實現(xiàn)時需要遵循的基本原則的是（）。
A.最小權(quán)限原則
B.縱深防御原則
C.安全性與代價平衡原則
D.Kerckhoffs原則
查看答案
試題參考答案：D
試題解析與討論：www.jazzmuze.com/exam/ExamDay.aspx?t1=6&day=2024/9/9
試題8
The modern study of symmetric-key ciphers relates mainly to the study of block ciphers and stream ciphers and to their applications. A block cipher is, in a sense, a modern embodiment of Alberti's polyalphabetic cipher: block ciphers take as input a block of （71 ）and a key, and output a block of ciphertext of the same size. Since messages are almost always longer than a single block, some method of knitting together successive blocks is required. Several have been developed, some with better security in one aspect or another than others. They are the mode of operations and must be carefully considered when using a block cipher in a cryptosystem.
The Data Encryption Standard (DES) and the Advanced Encryption Standard (AES) are( 72 )designs which have been designated cryptography standards by the US government (though DES's designation was finally withdrawn after the AES was adopted). Despite its deprecation as an official standard, DES (especially its still-approved and much more secure triple-DES variant) remains quite popular; it is used across a wide range of applications, from ATM encryption to e-mail privacy and secure remote access. Many other block ciphers have been designed and released, with considerable variation in quality. Many have been thoroughly broken. See Category: Block ciphers.
Stream ciphers, in contrast to the ‘block’ type, create an arbitrarily long stream of key material, which is combined ( 73 )the plaintext bit-by-bit or character-by-character, somewhat like the one-time pad. In a stream cipher, the output( 74 )is created based on an internal state which changes as the cipher operates. That state change is controlled by the key, and, in some stream ciphers, by the plaintext stream as well. RC4 is an example of a well-known, and widely used, stream cipher; see Category: Stream ciphers.
Cryptographic hash functions (often called message digest functions) do not necessarily use keys, but are a related and important class of cryptographic algorithms. They take input data (often an entire message), and output a short fixed length hash, and do so as a one-way function. For good ones, ( 75 ) (two plaintexts which produce the same hash) are extremely difficult to find.
Message authentication codes (MACs) are much like cryptographic hash functions, except that a secret key is used to authenticate the hash value on receipt. These block an attack against plain hash functions.
（71）
A.plaintext
B.ciphertext
C.data
D.hash
（72）
A.stream cipher
B.hash function
C.Message authentication code
D.Block cipher
（73）
A.of
B.for
C.with
D.in
（74）
A.hash
B.stream
C.ciphertext
D.plaintext
（75）
A.collisions
B.image
C.preimage
D.solution
查看答案
試題參考答案：A、D、C、B、A
試題解析與討論：www.jazzmuze.com/exam/ExamDay.aspx?t1=6&day=2024/9/9
試題9
特權(quán)的分配原則是（）
A．按需使用原則
B．最大特權(quán)原則
C．管理員授權(quán)原則
D．誰用誰負責原則
查看答案
試題參考答案：A
試題解析與討論：www.jazzmuze.com/exam/ExamDay.aspx?t1=6&day=2024/9/9
試題10
在Oracle數(shù)據(jù)庫系統(tǒng)中，為了提高數(shù)據(jù)傳輸?shù)陌踩?，防止?shù)據(jù)在傳輸過程中被竊聽或篡改，推薦使用（）加密機制。
A．IPsec
B．SSH
C．SSL/TLS
D．WEP
查看答案
試題參考答案：C
試題解析與討論：www.jazzmuze.com/exam/ExamDay.aspx?t1=6&day=2024/9/9

信管網(wǎng)訂閱號

信管網(wǎng)視頻號

信管網(wǎng)抖音號

溫馨提示：因考試政策、內(nèi)容不斷變化與調(diào)整，信管網(wǎng)網(wǎng)站提供的以上信息僅供參考，如有異議，請以權(quán)威部門公布的內(nèi)容為準！

信管網(wǎng)致力于為廣大信管從業(yè)人員、愛好者、大學生提供專業(yè)、高質(zhì)量的課程和服務(wù)，解決其考試證書、技能提升和就業(yè)的需求。

信管網(wǎng)軟考課程由信管網(wǎng)依托10年專業(yè)軟考教研傾力打造，教材和資料參編作者和資深講師坐鎮(zhèn)，通過深研歷年考試出題規(guī)律與考試大綱，深挖核心知識與高頻考點，為學員考試保駕護航。面授、直播＆錄播，多種班型靈活學習，滿足不同學員考證需求，降低課程學習難度，使學習效果事半功倍。