信息安全工程師當(dāng)天每日一練試題地址：www.jazzmuze.com/exam/ExamDay.aspx?t1=6

往期信息安全工程師每日一練試題匯總：www.jazzmuze.com/class/27/e6_1.html

信息安全工程師每日一練試題（2020/6/8）在線測(cè)試：www.jazzmuze.com/exam/ExamDay.aspx?t1=6&day=2020/6/8

點(diǎn)擊查看：更多信息安全工程師習(xí)題與指導(dǎo)

信息安全工程師每日一練試題內(nèi)容（2020/6/8）

試題1：

通過網(wǎng)頁上的釣魚攻擊來獲取密碼的方式，實(shí)質(zhì)上是一種:（）
A．社會(huì)工程學(xué)攻擊
B．密碼分析學(xué)
C．旁路攻擊
D．暴力破解攻擊

試題解析與討論：www.jazzmuze.com/st/2732610921.html
試題參考答案：A

試題2：

下列保護(hù)系統(tǒng)賬戶安全的措施中，哪個(gè)措施對(duì)解決口令暴力破解無幫助？（）
A.設(shè)置系統(tǒng)的賬戶鎖定策略，在用戶登錄輸入錯(cuò)誤次數(shù)達(dá)到一定數(shù)量時(shí)對(duì)賬戶進(jìn)行鎖定
B.更改系統(tǒng)內(nèi)置管理員的用戶名
C.給管理員賬戶一個(gè)安全的口令
D.使用屏幕保護(hù)并設(shè)置返回時(shí)需要提供口令

試題解析與討論：www.jazzmuze.com/st/2708919890.html
試題參考答案：D

試題3： Network security starts from（  1  ）any user, most likely a username and a password. Once authenticated, a stateful firewall enforces （  2  ）such as what services are allowed to be accessed by network users. Though effective to prevent unauthorized access, this component fails to check potentially harm contents such as computer worms being transmitted over the network. An intrusion prevention system (IPS)helps detect and prevent such malware. （  3  ）also monitors suspicious network affic for contents, volume and anomalies to protect the network from attacks such as denial of service. Communication between two hosts using the network could be encrypted to maintain privacy. Individual events occurring on the network could be tracked for audit purposes and for a later high level analysis.  
（  4  ）, essentially decoy network-accessible resources, could be deployed in a network as surveillance and early-warning tools. Techniques used by the attackers that attempt to compromise these decoy resources are studied during and after an attack to keep an eye on new exploitation techniques. Such analysis could be used to further tighten security of the actual network （  5  ）by the honeypot. 
（1）A. authenticating   
B. Proofreading   
C. checking   
D. detecting     
（2）A. Control Strategy   
B. access permission   
C. access policies  
D. security strategy   
（3）A. lPS          
B.IDS           
C. P2DR     
D. P2DR2   
（4）A. Botnet          
B. Honeypots   
C. Phishing   
D. Demilitarized zone   
（5）A. being destroyed   
B. being attacked       
C. being damaged   
D. being protected
試題解析與討論：www.jazzmuze.com/st/2914326590.html
試題參考答案：A、C、A、B、D

試題4： When reviewing procedures for emergency changes to programs, the IS auditor should verify that the procedures: 
A、allow changes, which will be completed using after-the-fact follow-up. 
B、allow undocumented changes directly to the production library. 
C、do not allow any emergency changes. 
D、allow programmers permanent access to production programs. 
試題解析與討論：www.jazzmuze.com/st/296681897.html
試題參考答案：A

試題5： Which of the following is the BEST audit procedure to determine if a firewall is configured in compliance with an organization's security policy? 
A、Review the parameter settings. 
B、Interview the firewall administrator. 
C、Review the actual procedures. 
D、Review the device's log file for recent attacks. 
試題解析與討論：www.jazzmuze.com/st/293057369.html
試題參考答案：A

試題6： A company has contracted with an external consulting firm to implement a commercial financial system to replace its existing system developed in-house. In reviewing the proposed development approach, which of the following would be of GREATEST concern? 
A、Acceptance testing is to be managed by users. 
B、A quality plan is not part of the contracted deliverables. 
C、Not all business functions will be available on initial implementation. 
D、Prototyping is being used to confirm that the system meets business requirements. 
試題解析與討論：www.jazzmuze.com/st/2961815496.html
試題參考答案：B

試題7：

以下哪個(gè)屬性不會(huì)出現(xiàn)在防火墻的訪問控制策略配置中？（）
A．本局域網(wǎng)內(nèi)地址
B．百度服務(wù)器地址
C．HTTP 協(xié)議
D．病毒類型

試題解析與討論：www.jazzmuze.com/st/2576022608.html
試題參考答案：D

試題8：

業(yè)務(wù)系統(tǒng)運(yùn)行中異常錯(cuò)誤處理合理的方法是：（）
A.讓系統(tǒng)自己處理異常
B.調(diào)試方便，應(yīng)該讓更多的錯(cuò)誤更詳細(xì)的顯示出來
C.捕獲錯(cuò)誤，并拋出前臺(tái)顯示
D.捕獲錯(cuò)誤，只顯示簡(jiǎn)單的提示信息，或不顯示任何信息

試題解析與討論：www.jazzmuze.com/st/2755825298.html
試題參考答案：D

試題9： Which of the following is the GREATEST risk of an inadequate policy definition for ownership of data and systems? 
A、User management coordination does not exist. 
B、Specific user accountability cannot be established. 
C、Unauthorized users may have access to originate, modify or delete data. 
D、Audit recommendations may not be implemented. 
試題解析與討論：www.jazzmuze.com/st/295898457.html
試題參考答案：C

試題10：

包過濾技術(shù)防火墻在過濾數(shù)據(jù)包時(shí)，一般不關(guān)心（）
A、數(shù)據(jù)包的源地址
B、數(shù)據(jù)包的協(xié)議類型
C、數(shù)據(jù)包的目的地址
D、數(shù)據(jù)包的內(nèi)容

試題解析與討論：www.jazzmuze.com/st/285063318.html
試題參考答案：D