信息安全工程師當(dāng)天每日一練試題地址：www.jazzmuze.com/exam/ExamDay.aspx?t1=6

往期信息安全工程師每日一練試題匯總：www.jazzmuze.com/class/27/e6_1.html

信息安全工程師每日一練試題（2020/10/30）在線測試：www.jazzmuze.com/exam/ExamDay.aspx?t1=6&day=2020/10/30

點(diǎn)擊查看：更多信息安全工程師習(xí)題與指導(dǎo)

信息安全工程師每日一練試題內(nèi)容（2020/10/30）

試題1： IPSec屬于（  ）的安全解決方案。
A.網(wǎng)絡(luò)層
B.傳輸層
C.應(yīng)用層
D.物理層
試題解析與討論：www.jazzmuze.com/st/4113621566.html
試題參考答案：A

試題2：

AES結(jié)構(gòu)由以下4個(gè)不同的模塊組成，其中（）是非線性模塊
A、字節(jié)代換
B、行移位
C、列混淆
D、輪密鑰加

試題解析與討論：www.jazzmuze.com/st/2851110456.html
試題參考答案：A

試題3：

下列關(guān)于信息系統(tǒng)生命周期中實(shí)施階段所涉及主要安全需求描述錯(cuò)誤的是：（）
A．確保采購定制的設(shè)備、軟件和其他系統(tǒng)組件滿足已定義的安全要求
B．確保整個(gè)系統(tǒng)已按照領(lǐng)導(dǎo)要求進(jìn)行了部署和配置
C．確保系統(tǒng)使用人員已具備使用系統(tǒng)安全功能和安全特性的能力
D．確保信息系統(tǒng)的使用已得到授權(quán)

試題解析與討論：www.jazzmuze.com/st/2572924991.html
試題參考答案：B

試題4：

以下關(guān)于信息安全工程說法正確的是：（）
A.信息化建設(shè)中系統(tǒng)功能的實(shí)現(xiàn)是最重要的
B．信息化建設(shè)可以先實(shí)施系統(tǒng)，而后對系統(tǒng)進(jìn)行安全加固
C．信息化建設(shè)中在規(guī)劃階段合理規(guī)劃信息安全，在建設(shè)階段要同步實(shí)施信息安全建設(shè)
D．信息化建設(shè)沒有必要涉及信息安全建設(shè)

試題解析與討論：www.jazzmuze.com/st/2574920800.html
試題參考答案：

試題5：

以下哪些不屬于敏感性標(biāo)識（）
A.不干貼方式
B.印章方式
C.電子標(biāo)簽
D.個(gè)人簽名

試題解析與討論：www.jazzmuze.com/st/2607820461.html
試題參考答案：D

試題6：

對惡意代碼的預(yù)防，需要采取增強(qiáng)安全防范策略與意識等措施，關(guān)于以下預(yù)防措施或意識，說法錯(cuò)誤的是：（）
A．在使用來自外部的移動(dòng)介質(zhì)前，需要進(jìn)行安全掃描
B．限制用戶對管理員權(quán)限的使用
C．開放所有端口和服務(wù)，充分使用系統(tǒng)資源
D．不要從不可信來源下載或執(zhí)行應(yīng)用程序

試題解析與討論：www.jazzmuze.com/st/2570110865.html
試題參考答案：C

試題7：

信息系統(tǒng)的業(yè)務(wù)特性應(yīng)該從哪里獲取?（）
A．機(jī)構(gòu)的使命
B．機(jī)構(gòu)的戰(zhàn)略背景和戰(zhàn)略目標(biāo)
C．機(jī)構(gòu)的業(yè)務(wù)內(nèi)容和業(yè)務(wù)流程
D．機(jī)構(gòu)的組織結(jié)構(gòu)和管理制度

試題解析與討論：www.jazzmuze.com/st/2571219255.html
試題參考答案：B

試題8： 強(qiáng)制訪問控制(MAC)可通過使用敏感標(biāo)簽對所有用戶和資源強(qiáng)制執(zhí)行安全策略。 MAC中用戶訪問信息的讀寫關(guān)系包括下讀、上寫、下寫和上讀四種，其中用戶級別高于文件級別的讀寫操作是 （  ）。
A.下讀
B.上寫
C.下寫
D.上讀
試題解析與討論：www.jazzmuze.com/st/4110411018.html
試題參考答案：C

試題9：

通過向被攻擊者發(fā)送大量的ICMP 回應(yīng)請求，消耗被攻擊者的資源來進(jìn)行響應(yīng)，直至被攻擊者再也無法處理有效的網(wǎng)絡(luò)信息流時(shí)，這種攻擊稱之為：（）
A．Land 攻擊
B．Smurf 攻擊
C．Ping of Death 攻擊
D．ICMP Flood

試題解析與討論：www.jazzmuze.com/st/257053690.html
試題參考答案：D

試題10： Trust is typically interpreted as a subjective belief in the reliability， honesty and  security  of an entity on which we depend （ ）our welfare .In online environments we depend on a wide spectrun of things , ranging from computer hardware,software and data to people and organizations. A security solution always assumes certain entities function according to specific policies.To trust is precisely to make this sort of assumptions , hence , a trusted entity is the same as an entity that is assumed to function according to  policy . A consequence of this is that a trust component of a system must work correctly in order   for the security of that system to hold, meaning that when a trusted（  ）fails , then the sytems and applications that depend on it can（  ）be considered secure.An often cited articulation of this principle is:＂ a trusted system or component is one that can break your security policy” ( which happens when the trust system fails ). The same applies to a trusted party such as a service provider ( SP for short )that is , it must operate according to the agreed or assumed   policy in order to ensure the expected level of securty and quality of services . A paradoxical   conclusion to be drawn from this analysis is that security assurance may decrease when increasing the number of trusted components and parties that a service infrastructure depends on . This is because the security of an infrastructure consisting of many.
Trusted components typically follows the principle of the weakest link , that is ,in many situations the the overall security can only be as strong as the least reliable or least secure of all the trusted components. We cannot avoid using trusted security components,but the fewer the better. This is important to understand when designing the  identity management architectures,that is, fewer the trusted parties in an identity management model , stronger the security that can be achieved by it.
The transfer of the social constructs of identity and trust into digital and computational concepts helps in designing and implementing large scale online markets and communities,and also plays an important role in the converging mobile and Internet environments.Identity management (denoted Idm hereafter ) is about recognizing and verifying the correctness of identitied in online environment .Trust management becomes a component of （  ）whenever different parties rely on each other for identity provision and authentication . IdM and Trust management therefore depend on each other in complex ways because the correctness of the identity itself must be trusted for the quality and reliability of the corresponding entity to be trusted.IdM is also an essential concept when defining  authorisation policies in personalised services.
Establishing trust always has a cost, so that having  complex trust requirement typically leads to high overhead in establishing the required trust. To reduce costs there will be incentives for stakeholders to “cut corners”regarding trust requirements ,which could lead to inadequate security . The challenge is to design IdM systems with relatively simple trust requirements.Cryptographic mechanisms are often a core component of IdM solutions,for example,for entity and data authentication.With cryptography,it is often possible to propagate trust from where it initially exists to where it is needed .The establishment of initial（  ）usually takes place in the physical world,and the subsequent propagation of trust happens online,often in an automated manner.
（71）A.with
B. on
C. of
D. for
（72）A.entity
B.person
C.component
D.thing
（73）A. No longer
B. never
C. always
D.often
（74）A. SP
B. IdM
C.Internet
D.entity
（75）A.trust
B.cost
C.IdM
D. solution
試題解析與討論：www.jazzmuze.com/st/389944612.html
試題參考答案：D、C、A、B、A