信息安全工程師當天每日一練試題地址：www.conferencecallsmadeeasy.com/exam/ExamDay.aspx?t1=6

往期信息安全工程師每日一練試題匯總：www.conferencecallsmadeeasy.com/class/27/e6_1.html

信息安全工程師每日一練試題（2020/6/17）在線測試：www.conferencecallsmadeeasy.com/exam/ExamDay.aspx?t1=6&day=2020/6/17

點擊查看：更多信息安全工程師習題與指導

信息安全工程師每日一練試題內(nèi)容（2020/6/17）

試題1：

下面關于信息系統(tǒng)安全保障的說法不正確的是：（）
A．信息系統(tǒng)安全保障與信息系統(tǒng)的規(guī)劃組織、開發(fā)采購、實施交付、運行維護和廢棄等生命周期密切相關
B.信息系統(tǒng)安全保障要素包括信息的完整性、可用性和保密性
C．信息系統(tǒng)安全需要從技術、工程、管理和人員四個領域進行綜合保障
D．信息系統(tǒng)安全保障需要將信息系統(tǒng)面臨的風險降低到可接受的程度，從而實現(xiàn)其業(yè)務使命

試題解析與討論：www.conferencecallsmadeeasy.com/st/274765362.html
試題參考答案：B

試題2：

UDP需要使用（）地址，來給相應的應用程序發(fā)送用戶數(shù)據(jù)報。
A．端口
B．應用程序
C．因特網(wǎng)
D．物理

試題解析與討論：www.conferencecallsmadeeasy.com/st/2681129680.html
試題參考答案：A

試題3： Which of the following is the initial step in creating a firewall policy? 
A、A cost-benefit analysis of methods for securing the applications 
B、Identification of network applications to be externally accessed 
C、Identification of vulnerabilities associated with network applications to be externally accessed 
D、Creation of an applications traffic matrix showing protection methods 
試題解析與討論：www.conferencecallsmadeeasy.com/st/2932915672.html
試題參考答案：B

試題4：

下列哪個漏洞不是由于未對輸入做過濾造成的?（）
A、 DOS攻擊
B、 SQL注入
C、 日志注入
D、 命令行注入

試題解析與討論：www.conferencecallsmadeeasy.com/st/2674812408.html
試題參考答案：A

試題5： The PRIMARY objective of testing a business continuity plan is to: 
A、familiarize employees with the business continuity plan. 
B、ensure that all residual risks are addressed. 
C、exercise all possible disaster scenarios. 
D、identify limitations of the business continuity plan. 
試題解析與討論：www.conferencecallsmadeeasy.com/st/298207737.html
試題參考答案：D

試題6： To determine if unauthorized changes have been made to production code the BEST audit procedure is to: 
A、examine the change control system records and trace them forward to object code files. 
B、review access control permissions operating within the production program libraries. 
C、examine object code to find instances of changes and trace them back to change control records. 
D、review change approved designations established within the change control system. 
試題解析與討論：www.conferencecallsmadeeasy.com/st/2952511964.html
試題參考答案：C

試題7：

為了保證系統(tǒng)日志可靠有效，以下哪一項不是日志必需具備的特征。（）
A．統(tǒng)一而精確地的時間
B．全面覆蓋系統(tǒng)資產(chǎn)
C．包括訪問源、訪問目標和訪問活動等重要信息
D．可以讓系統(tǒng)的所有用戶方便的讀取

試題解析與討論：www.conferencecallsmadeeasy.com/st/256595532.html
試題參考答案：D

試題8： The MAJOR advantage of the risk assessment approach over the baseline approach to information security management is that it ensures: 
A、information assets are overprotected. 
B、a basic level of protection is applied regardless of asset value. 
C、appropriate levels of protection are applied to information assets. 
D、an equal proportion of resources are devoted to protecting all information assets. 
試題解析與討論：www.conferencecallsmadeeasy.com/st/2918014096.html
試題參考答案：C

試題9： Regarding a disaster recovery plan, the role of an IS auditor should include: 
A、identifying critical applications. 
B、determining the external service providers involved in a recovery test. 
C、observing the tests of the disaster recovery plan. 
D、determining the criteria for establishing a recovery time objective (RTO).
試題解析與討論：www.conferencecallsmadeeasy.com/st/293841268.html
試題參考答案：C

試題10：

NAT技術不能實現(xiàn)以下哪個功能？（）
A.對應用層協(xié)議進行代理
B.隱藏內(nèi)部地址
C.增加私有組織的地址空間
D.解決IP地址不足問題

試題解析與討論：www.conferencecallsmadeeasy.com/st/270685258.html
試題參考答案：A