當(dāng)前位置：信管網(wǎng) >> 信息安全工程師 >> 每日一練 >> 文章內(nèi)容

信息安全工程師每日一練試題（2025/12/6）

來(lái)源：信管網(wǎng) 2025年12月07日【所有評(píng)論】

信息安全工程師當(dāng)天每日一練試題地址：www.richmond-chase.com/exam/ExamDay.aspx?t1=6

往期信息安全工程師每日一練試題匯總：www.richmond-chase.com/class/27/e6_1.html

信息安全工程師每日一練試題（2025/12/6）在線測(cè)試：www.richmond-chase.com/exam/ExamDay.aspx?t1=6&day=2025/12/6

點(diǎn)擊查看：更多信息安全工程師習(xí)題與指導(dǎo)

信息安全工程師每日一練試題內(nèi)容（2025/12/6）

試題1
被動(dòng)傳播的惡意代碼不包括（）
A．特洛伊木馬
B．間諜軟件
C．邏輯炸彈
D．網(wǎng)絡(luò)蠕蟲(chóng)
查看答案
試題參考答案：D
試題解析與討論：www.richmond-chase.com/exam/ExamDay.aspx?t1=6&day=2025/12/6
試題2
（）保護(hù)IP包的保密性，（）保護(hù)IP包的完整性和提供數(shù)據(jù)源認(rèn)證。
A．IP AH，IP ESP
B．IP AH，密鑰交換協(xié)議
C．IP ESP，密鑰交換協(xié)議
D．IP ESP，IP AH
查看答案
試題參考答案：D
試題解析與討論：www.richmond-chase.com/exam/ExamDay.aspx?t1=6&day=2025/12/6
試題3
Trust is typically interpreted as a subjective belief in the reliability， honesty and security of an entity on which we depend （）our welfare .In online environments we depend on a wide spectrun of things , ranging from computer hardware,software and data to people and organizations. A security solution always assumes certain entities function according to specific policies.To trust is precisely to make this sort of assumptions , hence , a trusted entity is the same as an entity that is assumed to function according to policy . A consequence of this is that a trust component of a system must work correctly in order for the security of that system to hold, meaning that when a trusted（）fails , then the sytems and applications that depend on it can（）be considered secure.An often cited articulation of this principle is:＂ a trusted system or component is one that can break your security policy” ( which happens when the trust system fails ). The same applies to a trusted party such as a service provider ( SP for short )that is , it must operate according to the agreed or assumed policy in order to ensure the expected level of securty and quality of services . A paradoxical conclusion to be drawn from this analysis is that security assurance may decrease when increasing the number of trusted components and parties that a service infrastructure depends on . This is because the security of an infrastructure consisting of many.
Trusted components typically follows the principle of the weakest link , that is ,in many situations the the overall security can only be as strong as the least reliable or least secure of all the trusted components. We cannot avoid using trusted security components,but the fewer the better. This is important to understand when designing the identity management architectures,that is, fewer the trusted parties in an identity management model , stronger the security that can be achieved by it.
The transfer of the social constructs of identity and trust into digital and computational concepts helps in designing and implementing large scale online markets and communities,and also plays an important role in the converging mobile and Internet environments.Identity management (denoted Idm hereafter ) is about recognizing and verifying the correctness of identitied in online environment .Trust management becomes a component of （）whenever different parties rely on each other for identity provision and authentication . IdM and Trust management therefore depend on each other in complex ways because the correctness of the identity itself must be trusted for the quality and reliability of the corresponding entity to be trusted.IdM is also an essential concept when defining authorisation policies in personalised services.
Establishing trust always has a cost, so that having complex trust requirement typically leads to high overhead in establishing the required trust. To reduce costs there will be incentives for stakeholders to “cut corners”regarding trust requirements ,which could lead to inadequate security . The challenge is to design IdM systems with relatively simple trust requirements.Cryptographic mechanisms are often a core component of IdM solutions,for example,for entity and data authentication.With cryptography,it is often possible to propagate trust from where it initially exists to where it is needed .The establishment of initial（）usually takes place in the physical world,and the subsequent propagation of trust happens online,often in an automated manner.
（71）A.with
B. on
C. of
D. for
（72）A.entity
B.person
C.component
D.thing
（73）A. No longer
B. never
C. always
D.often
（74）A. SP
B. IdM
C.Internet
D.entity
（75）A.trust
B.cost
C.IdM
D. solution
查看答案
試題參考答案：D、C、A、B、A
試題解析與討論：www.richmond-chase.com/exam/ExamDay.aspx?t1=6&day=2025/12/6
試題4

以下有關(guān)信息安全管理員職責(zé)的敘述，不正確的是( )
A、信息安全管理員應(yīng)該對(duì)網(wǎng)絡(luò)的總體安全布局進(jìn)行規(guī)劃
B、信息安全管理員應(yīng)該對(duì)信息系統(tǒng)安全事件進(jìn)行處理
C、信息安全管理員應(yīng)該負(fù)責(zé)為用戶編寫(xiě)安全應(yīng)用程序
D、信息安全管理員應(yīng)該對(duì)安全設(shè)備進(jìn)行優(yōu)化配置
查看答案
試題參考答案：C
試題解析與討論：www.richmond-chase.com/exam/ExamDay.aspx?t1=6&day=2025/12/6
試題5
在信息系統(tǒng)安全設(shè)計(jì)中，保證“信息及時(shí)且可靠地被訪問(wèn)和使用”是為了達(dá)到保障信息系統(tǒng)( )的目標(biāo)。
A.可用性
B.保密性
C.可控性
D.完整性
查看答案
試題參考答案：A
試題解析與討論：www.richmond-chase.com/exam/ExamDay.aspx?t1=6&day=2025/12/6
試題6
計(jì)算機(jī)病毒通常附加在正常軟件或文檔中，一旦觸發(fā)執(zhí)行，就會(huì)潛入受害用戶的計(jì)算機(jī)。以下計(jì)算機(jī)病毒以Word文檔為隱蔽載體是( )。
A．熊貓病毒
B．NIMDA病毒
C．Melissa
D．求職信病毒
查看答案
試題參考答案：C
試題解析與討論：www.richmond-chase.com/exam/ExamDay.aspx?t1=6&day=2025/12/6
試題7
網(wǎng)絡(luò)物理隔離系統(tǒng)是指通過(guò)物理隔離技術(shù)，在不同的網(wǎng)絡(luò)安全區(qū)域之間建立一個(gè)能夠?qū)崿F(xiàn)物理隔離、信息交換和可信控制的系統(tǒng)，以滿足不同安全區(qū)域的信息或數(shù)據(jù)交換。以下有關(guān)網(wǎng)絡(luò)物理隔離系統(tǒng)的敘述中，錯(cuò)誤的是( )。
A．使用網(wǎng)閘的兩個(gè)獨(dú)立主機(jī)不存在通信物理連接，主機(jī)對(duì)網(wǎng)閘只有“讀”操作
B．雙硬盤隔離系統(tǒng)在使用時(shí)必須不斷重新啟動(dòng)切換，且不易于統(tǒng)一管理
C．單向傳輸部件可以構(gòu)成可信的單向信道，該信道無(wú)任何反饋信息
D．單點(diǎn)隔離系統(tǒng)主要保護(hù)單獨(dú)的計(jì)算機(jī)，防止外部直接攻擊和干擾
查看答案
試題參考答案：A
試題解析與討論：www.richmond-chase.com/exam/ExamDay.aspx?t1=6&day=2025/12/6
試題8
source-wildcard表示發(fā)送數(shù)據(jù)包的主機(jī)IP地址的通配符掩碼，其中（）代表“忽略”，（）代表“需要匹配”，any代表任何來(lái)源的IP包。
A．T,F
B．F,T
C．1,0
D．0,1
查看答案
試題參考答案：C
試題解析與討論：www.richmond-chase.com/exam/ExamDay.aspx?t1=6&day=2025/12/6
試題9
密碼工作是黨和國(guó)家的一項(xiàng)特殊重要工作，直接關(guān)系國(guó)家政治安全、經(jīng)濟(jì)安全、國(guó)防安全和信息安全。密碼法的通過(guò)對(duì)全面提升密碼工作法治化水平起到了關(guān)鍵性作用。密碼法規(guī)定國(guó)家對(duì)密碼實(shí)行分類管理，密碼分類中不包含( )
A.核心密碼
B.普通密碼
C.商用密碼
D.國(guó)產(chǎn)密碼

查看答案
試題參考答案：D
試題解析與討論：www.richmond-chase.com/exam/ExamDay.aspx?t1=6&day=2025/12/6
試題10
在DES加密算法中,子密鑰的長(zhǎng)度和加密分組的長(zhǎng)度分別是（）。
A.56位和64位
B.48位和64位
C.48位和56位
D.64位和64位
查看答案
試題參考答案：B
試題解析與討論：www.richmond-chase.com/exam/ExamDay.aspx?t1=6&day=2025/12/6

信管網(wǎng)訂閱號(hào)

信管網(wǎng)視頻號(hào)

信管網(wǎng)抖音號(hào)

溫馨提示：因考試政策、內(nèi)容不斷變化與調(diào)整，信管網(wǎng)網(wǎng)站提供的以上信息僅供參考，如有異議，請(qǐng)以權(quán)威部門公布的內(nèi)容為準(zhǔn)！

信管網(wǎng)致力于為廣大信管從業(yè)人員、愛(ài)好者、大學(xué)生提供專業(yè)、高質(zhì)量的課程和服務(wù)，解決其考試證書(shū)、技能提升和就業(yè)的需求。

信管網(wǎng)軟考課程由信管網(wǎng)依托10年專業(yè)軟考教研傾力打造，教材和資料參編作者和資深講師坐鎮(zhèn)，通過(guò)深研歷年考試出題規(guī)律與考試大綱，深挖核心知識(shí)與高頻考點(diǎn)，為學(xué)員考試保駕護(hù)航。面授、直播＆錄播，多種班型靈活學(xué)習(xí)，滿足不同學(xué)員考證需求，降低課程學(xué)習(xí)難度，使學(xué)習(xí)效果事半功倍。