信息安全工程師當天每日一練試題地址:www.richmond-chase.com/exam/ExamDay.aspx?t1=6
往期信息安全工程師每日一練試題匯總:www.richmond-chase.com/class/27/e6_1.html
信息安全工程師每日一練試題(2020/9/16)在線測試:www.richmond-chase.com/exam/ExamDay.aspx?t1=6&day=2020/9/16
點擊查看:更多信息安全工程師習(xí)題與指導(dǎo)
信息安全工程師每日一練試題內(nèi)容(2020/9/16)
試題
1: 安全電子交易協(xié)議SET是由VISA和Mastercard兩大信用卡組織聯(lián)合開發(fā)的電子商務(wù)安全協(xié)議,以下關(guān)于SET的敘述中,正確的是( )。
A.SET通過向電子商務(wù)各參與方發(fā)放驗證碼來確認各方的身份,保證網(wǎng)上支付的安全性
B.SET不需要可信第三方認證中心的參與
C.SET要實現(xiàn)的主要目標包括保障付款安全、確定應(yīng)用的互通性和達到全球市場的可接受性
D.SET協(xié)議主要使用的技術(shù)包括:流密碼、公鑰密碼和數(shù)字簽名等
試題解析與討論:
www.richmond-chase.com/st/3898217226.html試題參考答案:C
試題
2:
下列信息系統(tǒng)安全說法正確的是: ()
A、加固所有的服務(wù)器和網(wǎng)絡(luò)設(shè)備就可以保證網(wǎng)絡(luò)的安全
B、只要資金允許就可以實現(xiàn)絕對的安全
C、斷開所有的服務(wù)可以保證信息系統(tǒng)的安全
D、信息系統(tǒng)安全狀態(tài)會隨著業(yè)務(wù)的變化而變化,因此網(wǎng)絡(luò)安全狀態(tài)需要根據(jù)不同的業(yè)務(wù)而調(diào)整相應(yīng)的網(wǎng)絡(luò)安全策略
試題解析與討論:
www.richmond-chase.com/st/2639628243.html試題參考答案:D
試題
3: When auditing a disaster recovery plan for a critical business area, an IS auditor finds that it does not cover all the systems. Which of the following is the MOST appropriate action for the IS auditor?
A、Alert management and evaluate the impact of not covering all systems.
B、Cancel the audit.
C、Complete the audit of the systems covered by the existing disaster recovery plan.
D、Postpone the audit until the systems are added to the disaster recovery plan.
試題解析與討論:
www.richmond-chase.com/st/2955825390.html試題參考答案:A
試題
4:
下面各種方法,哪個是制定災(zāi)難恢復(fù)策略必須最先評估的()
A.所有的威脅可以被完全移除
B.一個可以實現(xiàn)的成本效益,內(nèi)置的復(fù)原
C.恢復(fù)時間可以優(yōu)化
D.恢復(fù)成本可以最小化
試題解析與討論:
www.richmond-chase.com/st/2617311749.html試題參考答案:B
試題
5: Which of the following backup techniques is the MOST appropriate when an organization requires extremely granular data restore points, as defined in the recovery point objective (RPO)?
A、Virtual tape libraries
B、Disk-based snapshots
C、Continuous data backup
D、Disk-to-tape backup
試題解析與討論:
www.richmond-chase.com/st/297542029.html試題參考答案:C
試題
6:
為了保護企業(yè)的知識產(chǎn)權(quán)和其它資產(chǎn),當終止與員工的聘用關(guān)系時下面哪一項是最好的方法?()
A.進行離職談話,讓員工簽署保密協(xié)議,禁止員工賬號,更改密碼
B.進行離職談話,禁止員工賬號,更改密碼
C.讓員工簽署跨邊界協(xié)議
D.列出員工在解聘前需要注意的所有責任
試題解析與討論:
www.richmond-chase.com/st/2721328368.html試題參考答案:A
試題
7: An IS auditor evaluating logical access controls should FIRST:
A、document the controls applied to the potential access paths to the system.
B、test controls over the access paths to determine if they are functional.
C、evaluate the security environment in relation to written policies and practices.
D、obtain an understanding of the security risks to information processing.
試題解析與討論:
www.richmond-chase.com/st/297254392.html試題參考答案:D
試題
8:
鑒別的基本途徑有三種:所知、所有和個人特征,以下哪一項不是基于你所知道的:()
A.口令
B.令牌
C.知識
D.密碼
試題解析與討論:
www.richmond-chase.com/st/2561120462.html試題參考答案:B
試題
9: When a new system is to be implemented within a short time frame, it is MOST important to:
A、finish writing user manuals.
B、perform user acceptance testing.
C、add last-minute enhancements to functionalities.
D、ensure that the code has been documented and reviewed.
試題解析與討論:
www.richmond-chase.com/st/2922112949.html試題參考答案:B
試題
10:
以下關(guān)于IPSec協(xié)議的敘述中,正確的是()
A、IPSec協(xié)議是解決IP協(xié)議安全問題的一種方案
B、IPSec協(xié)議不能提供完整性
C、IPSec協(xié)議不能提供機密性保護
D、IPSec協(xié)議不能提供認證功能
試題解析與討論:
www.richmond-chase.com/st/2849818821.html試題參考答案:A