CISSP操作安全习题
CISSP考试练习(习题卷23)
CISSP考试练习(习题卷23)第1部分:单项选择题,共100题,每题只有一个正确答案,多选或少选均不得分。
1.[单选题]哪些美国政府分类标签适用于一旦披露可能对国家安全造成严重损害并要求分类机构能够描述或识别将造成的损害的信息?A)机密B)秘密C)机密D)绝密答案:B解析:2.[单选题]在IKE / IPsec因特网密钥交换协议/网络网际安全协议中,关于预共享密钥身份验证,哪一项不是正确的?A)预共享密钥身份验证通常基于简单的密码。
B)需要一个PKI公钥基础设施来工作。
C)只需要一个对所有VPN连接的预共享密钥。
D)对庞大用户群体的昂贵的密钥管理。
答案:B解析:3.[单选题]互联网通常被称为一个全球的网络是由于:A)端点网络和互联网提供商覆盖全球B)限制网络和互联网提供商覆盖全球C)私有网络和互联网提供商覆盖全球D)公有网络和互联网提供商覆盖全球答案:D解析:<p>Internet It specifically refers to the global network of public networks and Internet Service Providers (ISPs) throughout the world.</p>4.[单选题]以下哪一项可能导致对凭据管理系统的拒绝服务 (DoS) 攻击?A)延迟撤销或销毁 凭据B)修改证书 撤销 名单C)未经授权的续订或 重新发行D)退役后令牌使用答案:B解析:5.[单选题]以下哪一项被认为是防止电子邮件欺骗的最佳做法?A)垃圾邮件过滤B)加密 签名C)统一资源定位器 (URL) 过滤D)反向域名服务 (DNS) 查找答案:B解析:the adopting organization?A)数据分类Data classificationB)网络控制Network controlC)应用层控制Application layer controlD)人身安全Physical security答案:A解析:7.[单选题]这个职位最能在下面的情况下:雇员从多个账户刮取小额资金,将资金存入自己的银行账户中?A)数据摆弄B)数据诡计C)数据隐藏D)数据屏蔽答案:B解析:8.[单选题]安全操作中心 (SOC)在服务器上收到事件响应通知,服务器上插有主动入侵者,该入侵者已植入后门。
CISSP考试练习(习题卷9)
CISSP考试练习(习题卷9)第1部分:单项选择题,共100题,每题只有一个正确答案,多选或少选均不得分。
1.[单选题]在业务连续性计划 (BCP) 的设计中编写计划程序的主要目的是什么?What is the MAIN purpose for writing planned procedures in the design of Business Continuity Plans (BCP)?A)尽量减少失败的风险。
Minimize the risk of failureB)消除不必要的决策。
Eliminate unnecessary decision making.C)建立责任线。
Establish lines of responsibility.D)加速恢复过程。
Accelerate the recovery process.答案:A解析:2.[单选题]以下哪项是正式信息分类计划的主要优势?A)一个。
它最大限度地减少了系统日志记录要求。
B)它支持风险评估。
C)它减少了资产漏洞。
D)它推动了审计流程。
答案:B解析:3.[单选题]Which of the following is MOST critical in a contract in a contract for data disposal on a hard drive with a third party? 在与第三方签订的硬盘数据处理合同中,以下哪项是最关键的?A)Authorized destruction times授权销毁时间B)Allowed unallocated disk space允许的未分配磁盘空间C)Amount of overwrites required所需覆盖量D)Frequency of recovered media恢复介质的频率答案:C解析:4.[单选题]When performing an investigation with the potential for legal action, what should be the analyst's FIRST consideration? 当进行可能采取法律行动的调查时,分析员应首先考虑什么?A)Chain-of-custody产销监管链B)Authorization to collect收款授权书C)Court admissibility法院受理D)Data decryption数据解密答案:A解析:5.[单选题]Between which pair of Open System Interconnection(OSI)Reference Model layers are routers used as a communications device? 路由器在哪对开放系统互连(OSI)参考模型层之间用作通信设备?A)Transport and Session传输层和会话层B)Data-Link and Transport数据链路层和传输层C)Network and Session网络层和会话层D)Physical and Data-Link物理层和数据链路层答案:B解析:6.[单选题]RAID 磁盘名称等级 1 将数据从一个磁盘组到一个磁盘组A)将数据复制到另一种磁盘或轴承上。
CISSP考试练习(习题卷8)
CISSP考试练习(习题卷8)第1部分:单项选择题,共100题,每题只有一个正确答案,多选或少选均不得分。
1.[单选题]以下所有项目都应包含在业务影响分析中,即 (BIA)调查问卷,以排除问题A)确定发生业务中断的风险B)确定业务流程的技术依赖性C)识别业务中断的运营影响D)识别业务中断的财务影响答案:B解析:2.[单选题](04143) 在变更生产系统的数据库模式时,应该执行以下哪些活动?A)在开发环境构建变更,进行用户验收测试,制定回退策略,在生产环境实施变更B)在开发环境构建变更,进行用户验收测试,制定回退策略,在生产环境实施变更C)在开发环境构建变更,进行用户验收测试,制定回退策略,在生产环境实施变更D)在开发环境构建变更,进行用户验收测试,制定回退策略,在生产环境实施变更答案:C解析:3.[单选题]Which of the following vulnerabilities can be BEST detected using automated analysis? 使用自动分析可以最好地检测以下哪种漏洞?A)Valid cross-site request forgery(CSRF)vulnerabilities有效的跨站点请求伪造(CSRF)漏洞B)Multi-step process attack vulnerabilities多步骤进程攻击漏洞C)Business logic flaw vulnerabilities业务逻辑缺陷漏洞D)Typical source code vulnerabilities典型的源代码漏洞答案:D解析:4.[单选题]测试自定义应用程序代码的最有效方法是什么?A)阴性 测试B)白盒 测试C)笔配对 测试D)黑匣子 测试答案:B解析:5.[单选题]This statement is the formal requirement for:橙皮书指出,"硬件和软件功能应提供可以用于定期验证[可信计算基]TCB的现场硬件和固件元素的正确操作"。
CISSP考试练习(习题卷27)
CISSP考试练习(习题卷27)第1部分:单项选择题,共100题,每题只有一个正确答案,多选或少选均不得分。
1.[单选题]管理人要求管理高级成员对会计系统数据库进行具体更改。
管理员被特别指示不要跟踪或证明机票的变化。
以下哪一个是最好的行动方针?A)忽略请求,不执行电子 更改。
B)按要求执行更改,并依靠下一次审计来检测和报告 情况。
C)执行更改,但无论如何创建更改票证,以确保具有完全 可追溯性。
D)使用公司举报流程直接通知审计委员会或内部审计 。
答案:D解析:2.[单选题]以下哪一项是缓解零日漏洞的最佳方法?(选择最佳答案)Which one of the following is the BEST way to mitigate zero-day exploits?(Select the best answer)A)修补系统以修复零日漏洞。
Patching a system to fix the zero-day vulnerability.B)通过向媒体写入随机数据来擦除媒体Wiping media by writing random data to itC)强化系统,使其仅提供所需的功能Hardening a system so that it provides only required functionalityD)通过向媒体写入一系列零来擦除媒体Wiping media by writing a series of zeroes to it答案:C解析:3.[单选题]Lauren 在网络连接的两端监测流量,她发现某个公共IP 地址的入站流量出现在生产网络的内部边缘,其内部主机使用的是RFC1918预留地址,她估计该网络在边界处使用什么样的技术?A)NATB)VLANC)S/NATD)BGP答案:A解析:网络地址转换(NAT)将内部地址转换为外部地址。
VLAN(虚拟局域网)用于逻辑划分网络,BGP(边界网关协议)是路由协议,S/NAT 是生造的词。
CISSP考试练习(习题卷3)
CISSP考试练习(习题卷3)第1部分:单项选择题,共100题,每题只有一个正确答案,多选或少选均不得分。
1.[单选题]你认为下列哪一个是最安全的身份验证方式?A)生物识别B)密码C)令牌D)票证授予答案:A解析:<p>Biometric authentication systems take advantage of an individual's unique physical characteristics in order to authenticate that person's identity. Various forms of biometric authentication include face, voice, eye, hand, signature, and fingerprint, each have their own advantages and disadvantages. When combined with the use of a PIN it can provide two factors authentication.</p>2.[单选题]Kevin 正在为他的组织制定持续的安全监控策略。
在确定评估和监测频率时,通常不使用以下哪一项?A)威胁情报B)系统分类/影响级别C)安全控制操作负担D)组织风险承受能力答案:C解析:根据 NIST SP 800-137,组织应使用以下因素来确定评估和监控频率:安全控制波动性、系统分类/影响级别、提供关键功能的安全控制或特定评估对象、已识别弱点的安全控制、组织风险容忍度、威胁信息、漏洞信息、风险评估结果、监控策略审查的输出和报告要求。
3.[单选题]Brenda 的组织最近完成了对竞争对手公司的收购。
以下哪一项任务最不可能成为收购期间处理的组织流程的一部分?Brenda’s organization recently completed the acquisition of a competitor firm. Which one of the following tasks would be LEAST likely to be part of the organizational processes addressed during the acquisition?A)安保职能的整合Consolidation of security functionsB)安全工具的集成Integration of security toolsC)知识产权保护Protection of intellectual propertyD)安全政策文件Documentation of security policies答案:C解析:与收购(一家公司购买另一家公司)相比,在资产剥离(子公司被分拆为一个独立的组织)期间,知识产权保护是一个更大的问题。
CISSP考试练习(习题卷17)
CISSP考试练习(习题卷17)第1部分:单项选择题,共100题,每题只有一个正确答案,多选或少选均不得分。
1.[单选题]攻击者最有可能以以下哪项为目标来获得对系统的特权访问?A)一个。
写入系统资源的程序B)写入用户目录的程序C)包含敏感信息的日志文件D)包含系统调用的日志文件答案:A解析:2.[单选题]组织进行安全审计的主要目的是什么? What is the PRIMARY purpose for an organization to conduct a security audit?A)确保组织遵守明确定义的标准To ensure the organization is adhering to a well-defined standardB)确保组织应用安全控制来减轻已识别的风险To ensure the organization is applying security controls to mitigate identified risksC)确保组织有效地配置信息系统To ensure the organization is configuring information systems efficientlyD)确保组织记录调查结果To ensure the organization is documenting findings答案:A解析:3.[单选题]Joanna是她所在组织的CISO,在她的安全运营监督角色中,她希望确保对与安全相关的变更进行管理监督。
在大多数组织中,她应该关注什么系统来跟踪此类数据?A)SIEM系统The SIEM systemB)IPS系统The IPS systemC)CMS工具The CMS toolD)ITSM工具The ITSM tool答案:D解析:IT服务管理或ITSM工具包括变更管理以及Joanna正在寻找的批准和审查流程的类型。
SIEM 帮助处理安全日志和事件,IPS查找入侵和不需要的流量,CMS是一种内容管理工具。
CISSP考试练习(习题卷13)
CISSP考试练习(习题卷13)第1部分:单项选择题,共100题,每题只有一个正确答案,多选或少选均不得分。
1.[单选题]Frank 的团队正在测试他公司的开发人员为其应用程序基础架构构建的新 API。
以下哪一项不是您希望Frank 的团队发现的常见 API 问题?A)不正确的加密B)对象级授权问题C)用户认证问题D)缺乏速率限制答案:A解析:2.[单选题]您的公司实施了一个基于生物识别的系统来控制对计算机房的访问。
当阈值(1 到 10)设置为 5 时,错误接受率 (FAR) 和错误拒绝率 (FRR) 成功 10 分之 5 。
以下哪一项是高级计算机房实体安全的最佳配置?(Wentz QOTD)A)降低交叉错误率(CER)B)提高等差错率(EER)。
C)降低可(敏感性)D)提高阈值(threshold)答案:D解析:3.[单选题]下列哪一项是安全的主要目标?A)网络的边界范围B)CIA 三元组C)独立系统D)互联网答案:B解析:安全的主要目的和目标是保密性、完整性和有效性,通常称为CIA 三元组。
4.[单选题]RAID磁盘阵列软件可以在操作系统中运行得更快,因为它既不使用硬件级的对等驱动器?A)简单涂磁也不磁盘镜像。
B)硬涂磁也不磁盘镜像C)简单奇偶校验也不磁盘镜像D)简单涂磁也不奇偶校验答案:A解析:<p>This is true, if we do not use parity in our RAID implementation, like RAID 1 (Mirroring) or RAID 0 (Stripping) we can improve performance because the CPU does not need waste cycles to make the parity calculations. For example this can be achieved in Windows 2000 server through the use of RAID 0 (No fault tolerance, just stripping in 64kb chunks) or RAID 1 (Mirroring through a file system driver). This is not the case of RAID 5 that actually use parity to provide fault tolerance.</p>5.[单选题]What do Capability Maturity Models(CMM)serve as a benchmark for in an organization? 能力成熟度模型(CMM)作为组织中的基准是什么?A)Experience in the industry行业经验B)Definition of security profiles安全配置文件的定义C)Human resource planning efforts人力资源规划工作D)Procedures in systems development系统开发过程答案:D解析:6.[单选题]All of the following items should be included in a Business ImpactAnalysis(BIA)questionnaire EXCEPT questions that以下所有项目都应包括在业务影响分析(BIA)问卷中,但以下问题除外:A)determine the risk of a business interruption occurring确定发生业务中断的风险B)determine the technological dependence of the business processes确定业务流程的技术依赖性C)Identify the operational impacts of a business interruption确定业务中断的运营影响D)Identify the financial impacts of a business interruption确定业务中断的财务影响答案:B解析:7.[单选题]为什么会发生缓冲区溢出?A)因为缓冲区只能容纳这么多的数据。
CISSP考试练习(习题卷18)
CISSP考试练习(习题卷18)第1部分:单项选择题,共100题,每题只有一个正确答案,多选或少选均不得分。
1.[单选题]当证书颁发机构创建Renee的数字证书时,它使用什么密钥对完成的证书进行数字签名?A)Renee的公钥B)Renee的私钥C)CA的公钥D)CA的私钥答案:D解析:证书创建过程的最后一步是数字签名。
在此步骤中,证书颁发机构使用自己的私钥对证书进行签名。
The last step of the certificate creation process is the digital signature.During this step, the certificate authority signs the certificate using its own private key.2.[单选题]媒体标记和媒体标签有何区别?A)媒体标记是指使用人可读的安全属性,而媒体 标记是指在内部数据结构中使用安全属性 。
B)媒体标记是指 使用人可读的安全属性,而媒体 标记是指在内部数据结构中使用安全属性 。
C)媒体标签是指公共政策/法律要求的安全属性,而媒体标记是指内部组织政策所要求的安全属性。
D)媒体标记是指公共政策/法律要求的安全属性,而媒体标记是指由内部组织政策重新标记的安全属性。
答案:D解析:3.[单选题]Computer programs based on human logic using if-then statements and inference engines, also known as?通过使用IF-then语句和推理引擎的,基于人类逻辑的计算机程序,也被称为?A)Expert system.专家系统B)Artificial neural network.人工神经网络C)Distributed computing environment.分布式计算环境D)Enterprise Java-beans.企业java bean答案:A解析:4.[单选题]以下哪项是实现使用中数据控件的主要好处?A)一个。
CISSP考试练习(习题卷2)
CISSP考试练习(习题卷2)第1部分:单项选择题,共100题,每题只有一个正确答案,多选或少选均不得分。
1.[单选题]实施最小特权原则的最终结果是指?A)用户可以访问所有系统。
B)用户只能访问他们需要知道的信息。
C)当用户职位改变时,会得到新增的特权D)授权蠕变答案:B解析:<p>The principle of least privilege refers to allowing users to have only the access they need and not anything more. Thus, certain users may have no need to access any of the files on specific systems.</p>2.[单选题]基于角色的访问控制 (RBAC)的一个重要特征是什么?A)支持强制访问控制 (MAC)B)简化访问权限管理C)依靠杜蒂的旋转D)需要两个因素 身份验证答案:B解析:3.[单选题]以下哪一选项不是合适用户账户管理的元素?A)用于跟踪访问权限的流程应予以实施。
B)在敏感职位定期重新筛选人员C)应该定期审查用户账户D)用户应该永远不会被转出了其当前职责答案:D解析:4.[单选题]Ed 负责确定一项服务,该项服务可为其雇主提供低延迟、高性能和高可用性的内容托管。
他应该采用什么类型的解决方案,以确保雇主的全球客户能够快捷、可靠地访问内容?A)热站点B)CDN(内容分发网络)C)冗余服务器D)P2P CDN(对等的内容分发网络)答案:B解析:内容分发网络(CDN)可提供可靠、低延迟、基于地理位置的内容分发。
CDN可以满足本题的要求。
企业一般不会选择P2P CDN(例如 BitTorrent)。
冗余服务器和热站点可以提供高可用性,但无法满足其他要求。
A Content Distribution Network (CDN) is designed to providereliable, low-latency,geographically distributed content distribution. In this scenario, a CDN is an ideal solution. A P2P CDN likeBitTorrent isn't a typical choice for a commercial entity,whereas redundant servers or a hot site can provide high availability but won't provide the remaining requirements.5.[单选题]IP 数据包可以分为两部分:报头和有效载荷。
CISP试题及答案(整理版)
CISP(注册信息安全专业人员)试题及答案(整理版)一、选择题(每题2分,共40分)1. 以下哪一项不是我国信息安全的基本原则?A. 安全第一B. 预防为主C. 用户至上D. 技术优先答案:D2. 以下哪一项不属于信息安全的技术手段?A. 防火墙B. 杀毒软件C. 数据加密D. 人工审核答案:D3. 在以下哪种情况下,不需要进行网络安全风险评估?A. 系统升级B. 网络结构变更C. 业务流程变更D. 系统正常运行答案:D4. 以下哪种安全漏洞类型属于跨站脚本攻击(XSS)?A. SQL注入B. 目录遍历C. 文件包含D. 跨站请求伪造(CSRF)答案:D5. 以下哪种加密算法属于对称加密算法?A. RSAB. DSAC. AESD. ECC答案:C6. 在以下哪种情况下,数字证书不能保证数据完整性?A. 数据在传输过程中被篡改B. 数据在传输过程中被加密C. 数据在传输过程中被压缩D. 数据在传输过程中被签名答案:A7. 以下哪项不属于网络钓鱼攻击的手段?A. 发送假冒邮件B. 假冒网站C. 恶意软件D. 社交工程答案:C8. 以下哪种安全防护措施可以防止恶意代码执行?A. 防火墙B. 入侵检测系统C. 沙箱D. 杀毒软件答案:C9. 以下哪项属于物理安全措施?A. 数据加密B. 防火墙C. 身份认证D. 电子门禁系统答案:D10. 以下哪种安全事件属于内部攻击?A. 网络扫描B. 拒绝服务攻击C. 偷窃设备D. 社交工程答案:C二、填空题(每题2分,共20分)1. 信息安全包括________、________、________和________四个方面。
答案:保密性、完整性、可用性和合法性2. 在网络安全风险评估过程中,需要考虑________、________和________三个方面的因素。
答案:资产、威胁和脆弱性3. 数字证书包含________、________、________和________四个部分。
CISSP考试练习(习题卷10)
CISSP考试练习(习题卷10)第1部分:单项选择题,共100题,每题只有一个正确答案,多选或少选均不得分。
1.[单选题]物理安全设计,最好的原则?A)CPTEDB)成本最低C)最安全考虑D)方便救援答案:A解析:CPTED,“通过环境预防犯罪” ,该理论不期望 改变个体的犯罪动机,而是寄希望于积极的社会行为预防犯罪。
2.[单选题]在开放系统互连 (OSI)模型中,哪个层负责通过通信网络传输二进制数据?A)应用 层B)物理层C)数据链接层D)网络层答案:B解析:3.[单选题]信息技术 (IT) 专业人员参加关于当前事件响应方法的网络安全研讨会。
正在遵守什么道德规范规范?A)为校长提供勤奋和称职 的服务B)保护社会、 联邦和 基础设施C)推进和保护 职业D)行为可敬、诚实、公正、负责和 合法答案:C解析:4.[单选题]如果偏离了组织级的安全政策,就需要以下哪一项?A)风险减少B)风险控制C)风险分担D)风险接受答案:D解析:<p>A deviation from an organization-wide security policy requires you to manage the risk. If you deviate from the security policy then you are required to accept the risks that might occur.</p>5.[单选题]以下哪种方法是 减轻活跃用户工作站数据盗窃的最有效方法?A)实施全盘 加密B)启用多因素 身份验证C)部署文件完整性 检查器D)便携式设备的禁用答案:D解析:B)Vulnerabilities are proactively identified. 主动发现漏洞。
C)Risk is lowered to an acceptable level. 风险降低到可接受的水平。
CISSP考试练习(习题卷21)
CISSP考试练习(习题卷21)第1部分:单项选择题,共100题,每题只有一个正确答案,多选或少选均不得分。
1.[单选题]哪种攻击是公钥加密系统中最常用的攻击方式?A)选择明文攻击B)仅密文攻击C)选择密文攻击D)自适应选择明文攻击答案:A解析:A chosen-ciphertext attack is one in which cryptannlyst may choose a piece of ciphertext and attempt to obtain the corresponding decrypted plantext.This type of attack is generally most applicable to public-key cryptosystems.2.[单选题]用来限制统计数据库查询的信息推论的保护机制是A)指定最大的查询集大小B)指定最小的查询集大小,但禁止所有的查询,除了在数据库中的记录C)指定最小的查询集大小D)指定最大的查询集大小,但禁止所有的查询,除了在数据库中的记录答案:B解析:3.[单选题]以下哪项限制了个人执行特定过程的所有步骤的能力?A)一个。
工作轮换B)职责分离C)最小特权D)强制性假期答案:B解析:4.[单选题]什么加密算法将为储存于USB 盘上的数据提供强大保护?A)TLSB)SHA1C)AESD)DES答案:C解析:略章节:模拟考试2022015.[单选题]Activity to baseline, tailor, and scope security controls tikes place dring which National Institute of Standards and Technology(NIST)Risk Management Framework(RMF)step? 制定基线、调整和范围安全控制的活动表明,国家标准与技术研究所(NIST)风险管理框架(RMF)采取了哪一步?A)Authorize IS. 授权IS。
CISSP考试练习(习题卷7)
CISSP考试练习(习题卷7)第1部分:单项选择题,共100题,每题只有一个正确答案,多选或少选均不得分。
1.[单选题]Shandra wants to secure an encryption key. Which location would be the most difficult to protect, if the key was kept and used in that location?A)On a local networkB)On diskC)In memoryD)On a public network答案:C解析:2.[单选题]以下哪一位人员通常负责履行高级管理层委派的操作数据保护职责, 例如验证数据完整性测试备份和管理安全策略?A)Data custodian数据保管人B)Data owner数据拥有者C)User用户D)Auditor审核员答案:A解析:数据保管人角色分配给负责实施策略和高级管理层定义的安全控制的个人。
数据所有者确实对这些任务承担最终责任, 但数据所有者通常是将运营责任委派给数据保管人的高级领导。
章节:模拟考试2022013.[单选题]使用自主访问控制(DAC)的系统容易受到下列哪一选项的攻击?A)特洛伊木马B)电话截断C)电子欺骗D)同步洪流答案:C解析:<p>An attempt to gain access to a system by posing as an authorized user. Synonymous with impersonating, masquerading, or mimicking. Spoofing - The act of replacing the valid source and/or destination IP address and node numbers with false ones. Spoofing attack - any attack that involves spoofed or modified packets.</p>4.[单选题]应急预案演习的目的是做以下哪项?A)培训人员的作用和职责B)验证服务水平协议C)培训维护人员D)验证操作度量答案:A解析:5.[单选题]以下哪项是使用手动补丁而不是自动补丁管理的最佳理由?Which of the following is the BEST reason to apply patches manually instead of automated patch management?A)安装补丁所需的成本将会降低The cost required to install patches will be reduced.B)系统易受攻击的时间将减少The time during which systems will remain vulnerable to an exploit will be decreased.C)目标系统驻留在隔离网络中The target systems reside within isolated networks.D)增加覆盖大的地理区域的能力The ability to cover large geographic areas is increased.答案:C解析:隔离网络里,不能连接补丁服务器,只能手动打补丁。
CISSP考试练习(习题卷6)
CISSP考试练习(习题卷6)第1部分:单项选择题,共100题,每题只有一个正确答案,多选或少选均不得分。
1.[单选题]业务连续性计划可以通过一些测试来进行评估。
哪种测试类型是持续进行,直到真正地搬到了异地设施处并真正配置了替换设备为止?A)Parallel test 并行测试B)Checklist test 检查表测试C)Structured walk- through test 组织排练测试D)Simulation test 模拟测试答案:A解析:略章节:模拟考试2022012.[单选题]在制定灾难恢复计划 (DRP) 时,以下哪一项是最重要的考虑因素?A)系统的动态重构B)停机成本C)所有业务流程的恢复策略D)遏制策略答案:B解析:3.[单选题]组织定期进行自己的渗透测试。
测试有效时必须涵盖以下哪些方案?A)第三方供应商,可访问 sy茎B)系统管理员访问 受到损害C)访问系统的内部攻击者D)内部用户意外访问 数据答案:C解析:4.[单选题]今天的骇客,他们主要需求动机是:A)帮助社会加固他们的网路B)对他们的行为得到认同C)看他们技能能把他们带多远D)得到经济回报答案:D解析:<p>A few years ago the best choice for this question would have been seeing how far their skills can take them. Today this has changed greatly; most crimes committed are financially motivated.</p>5.[单选题]以下哪项是降低外部洪水攻击的最佳方法?which of the following is the BEST way to reduce the impact of an externally sourced flood attack?A)在防火墙上存储源地址Store the source address at the firewallB)使用阻止源地址的服务Have this service provide blocking the source addressC)阻止所有入栈流量,直到洪水结束Block all inbound trafffic until the flood endsD)让源服务提供商屏蔽地址Let the source service provider block the address答案:A解析:6.[单选题]Compared with hardware cryptography, software cryptography is generally与硬件密码学相比,软件密码学通常A)less expensive and slower. 更便宜,速度更慢。
CISSP考试练习(习题卷15)
CISSP考试练习(习题卷15)第1部分:单项选择题,共100题,每题只有一个正确答案,多选或少选均不得分。
1.[单选题]George is responsible for setting and tuning the thresholds for his company behavior-based IDS.Which of thefollowing outlines the possibilities of not doing this activity properly?乔治负责设置和他的公司基于行为的入侵检测系统的阈值调整。
以下哪一项概括不做这个活动的可能性?A)lf the threshold is set too low, non-intrusive activities are considered attacks (false positives) if the threshold is set too high, then malicious activities are not identified (false negatives).如果阈值设置太低,非侵入性的活动被认为是攻击(假阳性).如果阈值设置太高,则未识别恶意活动(假阴性)B)If the threshold is set too low, non-intrusive activities are considered attacks (false negatives) f the threshold is set to high, then malicious activities are not identified (false positives).如果阈值设置太低,非侵入性的活动被认为是攻击(假阴性)。
如果阈值设置太高,则未识别恶意活动(假阳性)C)if the threshold is set too high, non-intrusive activities are considered attacks (false positives).if the threshold is set too low, then malicious activities are not identified (false negatives).如果阈值设置太高,非侵入性的活动被认为是攻击(假阳性)。
CISSP考试练习(习题卷31)
CISSP考试练习(习题卷31)第1部分:单项选择题,共100题,每题只有一个正确答案,多选或少选均不得分。
1.[单选题]在市售软件包中通常包含哪些功能专为访问控制而设计?A)密码或加密B)文件 加密C)源库 控制D)文件 身份验证答案:A解析:2.[单选题](04160) 把字典攻击和暴力破解结合起来的,针对口令的攻击是:A)社会工程B)社会工程C)社会工程D)社会工程答案:B解析:3.[单选题]用户需要访问权限,以便查看员工群体的平均工资。
哪种控制会阻止用户获得员工个人的工资?A)限制对预定义 查询的访问B)将数据库分离成一个小麻木的分区,每个分区都有单独的安全 级别C)实施基于角色的访问控制 (RBAC)D)减少出于统计目的访问系统的人数答案:C解析:4.[单选题]以下哪一个是使用配置管理的主要原因?A)提供集中 管理B)减少更改次数C)减少升级过程中的错误D)在安全控制方面提供一致性答案:D解析:5.[单选题]Robert 负责保护用于处理信用卡信息的系统。
什么样的安全控制框架应该指导他的行动?A)HIPAAB)PCI DSSC)SOXD)GLBA答案:B解析:支付卡行业数据安全标准 (PCI DSS) 管理信用卡信息的存储. 处理和传输。
Sarbanes Oxley (SOX) 法案规范上市公司的财务报告活动。
《健康保险流通与责任法案》 (HIPAA) 规范了受保护健康信息(PHI) 的处理。
Gramm Leach Bliley 法案 (GLBA) 规范个人财务信息的处理。
章节:模拟考试2022016.[单选题]suspicious code within the operating system?下面哪种病毒检测技术是业界最近采用的,监控可疑代码在操作系统内的执行?A)Behavior blocking行为封锁B)Fingerprint detection指纹探测C)Feature based detection基于特征检测D)Heuristic detection 启发式检测答案:A解析:7.[单选题]以下抑制火灾的方法中,哪种方法对环境友好且最适合数据中心?A)惰性气体灭火 系统B)哈龙气体灭火 系统C)干管 洒水器D)湿管 洒水器答案:C解析:8.[单选题]以下哪种技术可以最好地防止缓冲区溢出?Which of the following techniques BEST prevents buffer overflows?A)边界和边缘偏移Boundary and perimeter offsetB)字符集编码Character set encodingC)代码审计Code auditingD)变量类型和位长Variant type and bit length答案:B解析:9.[单选题]下面哪一个模型实际上是一个包含模型软件开发的模型的元模型?A)瀑布模型。
CISSP考试练习(习题卷22)
CISSP考试练习(习题卷22)第1部分:单项选择题,共100题,每题只有一个正确答案,多选或少选均不得分。
1.[单选题]During an internal audit of an organizational Information Security Management System(ISMS), nonconformities are identified. In which of the following management stages are nonconformities reviewed, assessed and/or corrected by the organization? 在对组织信息安全管理系统(ISMS)进行内部审计期间,发现了不符合项。
组织在以下哪个管理阶段审查、评估和/或纠正不符合项?A)Planning计划B)Operation活动C)Assessment评估D)Improvement改善答案:B解析:2.[单选题]如果,选择静态的连接到一个终端,使用哪个技术是安全的?A)443B)22C)80D)21答案:B解析:22端口是SSH协议应用,SSH 为建立在应用层基础上的安全协议。
SSH 是较可靠,专为远程登录会话和其他网络服务提供安全性的协议。
利用 SSH 协议可以有效防止远程管理过程中的信息泄露问题。
SSH最初是UNIX系统上的一个程序,后来又迅速扩展到其他操作平台。
3.[单选题]Jim希望允许合作组织的ActiveDirectory森林(B)访问他的域森林(A)的资源,但不希望允许其域中的用户访问B的资源。
他也不希望信任在形成时通过域树向上流动。
他应该怎么做?A)建立一个双向传递信任B)建立单向传递信任C)建立单向不可转移信任D)建立双向不可转移信任答案:C解析:允许一个森林域访问另一个森林域的资源而不希望反过来的访问,是单向信任的例子。
因为Jim 不希望信任路径随着域树形成而流动,所以这种信任必须是不可转移的。
CISSP考试练习(习题卷32)
CISSP考试练习(习题卷32)第1部分:单项选择题,共100题,每题只有一个正确答案,多选或少选均不得分。
1.[单选题]在数据分类方案中,数据归A)信息技术 (IT) 经理。
B)业务经理。
C)最终用户。
D)系统证券经理 。
答案:B解析:2.[单选题]Kathleen工作的公司已将大多数员工转移到远程工作,并希望确保他们用于语音、视频和基于文本的协作的多媒体协作平台是安全的。
以下哪些安全选项将提供最佳用户体验,同时为通信提供适当的安全性?The company that Kathleen works for has moved to remote work for most employees and wants to ensure that the multimedia collaboration platform that they use for voice, video, and text-based collaboration is secure. Which of the following security options will provide the best user experience while providing appropriate security for communications?A)需要将基于软件的VPN连接到企业网络,以供所有的协作平台使用。
Require software-based VPN to the corporate network for all use of the collaboration platform.B)要求对所有通信使用SIPS和SRTPRequire the use of SIPS and SRTP for all communications.C)对协作平台的所有流量使用TLSUse TLS for all traffic for the collaboration platform.D)将安全 VPN 端点部署到每个远程位置并使用点对点 VPN 进行通信。
CISSP考试练习(习题卷1)
CISSP考试练习(习题卷1)第1部分:单项选择题,共100题,每题只有一个正确答案,多选或少选均不得分。
1.[单选题]为什么必须很好地保护 Kerberos 服务器免受未经授权的访问?A)我不包含所有客户的密钥 。
B)它始终以根本 特权运作。
C)它包含所有服务的门票 。
D)它包含所有网络实体的互联网协议 (IP) 地址 。
答案:A解析:2.[单选题]Data backup verification efforts should:数据备份验证工作应该:A)Have the smallest scope possible.尽可能有最小的范围B)Be based on the threats to the organization.基于组织面临的各种威胁C)Maximize impact on business.最大化对业务的影响D)Focus on user data.关注用户数据答案:B解析:3.[单选题]审计期间将收集的数据量主要由A)审计范围。
B)审计师的经验 水平。
C)数据A的可用性。
D)数据的完整性。
答案:A解析:4.[单选题]可能造成的事件或事件的系统或网络造成的损害称为A)劣势B)威胁代理C)威胁D)漏洞答案:C解析:<p>可能对信息系统或网络造成危害的事件或活动。
</p>5.[单选题]As a security manger which of the following is the MOST effective practice for providing value to an organization? 作为安全经理,以下哪项是为组织提供价值的最有效实践?A)Assess business risk and apply security resources accordingly. 评估业务风险并相应地应用安全资源。
B)Coordinate security implementations with internal audit. 协调安全实施与内部审计。
CISSP考试练习(习题卷14)
CISSP考试练习(习题卷14)第1部分:单项选择题,共100题,每题只有一个正确答案,多选或少选均不得分。
1.[单选题]以下哪一个是需要系统重新认证和重新认证的主要原因?A)协助数据所有者确定未来的敏感性和临 界性B)向软件开发团队保证所有安全问题 都已 得到解决C)验证安全保护仍为组织安全政策所接受D)帮助安全团队接受或拒绝新的实施和生产系统答案:C解析:2.[单选题]以下哪一项 是获得识别和支持时要获得的最佳指标访问管理 (IAM) 解决方案?A)应用连接成功导致数据 泄露B)连接故障后恢复系统的管理费用C)实施错误限制的员工系统超时D)支持密码重置请求所需的服务台成本答案:D解析:3.[单选题]通常用什么术语来指 通过从受信任的源伪造数据包来将一台机器验证到另一台机器的技术?A)中间人 (MITM) 攻击B)蓝精灵C)会话 重定向D)欺骗答案:D解析:4.[单选题]在SSD驱动器废弃时,为什么要物理破坏SSD驱动器以防止数据泄露?A)消磁只能部分擦除SSD上的数据B)SSD没有数据残留C)SSD无法进行零填充D)内置的擦除命令在一些SSD上不是完全有效的答案:D解析:研究表明,在SSD 上清除数据的传统方法是不可靠的。
SSD 将数据扇区重新映射为损耗均衡的一部分,并且擦除命令在不同品牌SSD 上的执行效果可能不太一样。
零填充同样也可用于清除SSD上的文件,但也可能存在像擦除命令那样的情况。
消磁对SSD 来说无效,因为SSD 是闪存介质,而不是磁介质。
SSD 没有数据剩磁问题。
Research has shown that traditional methods of sanitizing files on SSDs were not reliable.SSDs remap data sectors as part of wear leveling,and erase commands are not consistently effective across multiple SSD brands.5.[单选题]儿童在线隐私保护法COPPA旨在保护使用互联网的儿童的隐私。
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
CISSP认证考试培训习题CBK Domain 7 - 运作安全1.Operations Security seeks to primarily protect against which of thefollowing?A.object reuseB.facility disasterpromising emanationsD.asset threatsD2.Notifying the appropriate parties to take action in order to determine theextent of the severity of an incident and to remediate the incident's effects includes:A.Intrusion Evaluation (IE) and ResponseB.Intrusion Recognition (IR) and ResponseC.Intrusion Protection (IP) and ResponseD.Intrusion Detection (ID) and ResponseD3.What is the main issue with media reuse?A.DegaussingB.Data remanenceC.Media destructionD.PurgingB4.This type of control is used to ensure that transactions are properly enteredinto the system once. Elements of this type of control may include counting data and time stamping it with the date it was entered or edited?A.Processing ControlsB.Output ControlsC.Input ControlsD.Input/Output ControlsC5.Which of the following questions is less likely to help in assessing controlsover audit trails?A.Does the audit trail provide a trace of user actions?B.Are incidents monitored and tracked until resolved?C.Is access to online logs strictly controlled?D.Is there separation of duties between security personnel who administer theaccess control function and those who administer the audit trail?B6.Which of the following is the most reliable, secure means of removing datafrom magnetic storage media such as a magnetic tape, or a cassette?A.DegaussingB.Parity Bit ManipulationC.CertificationD.Buffer overflowA7.What is the most secure way to dispose of information on a CD-ROM?A.SanitizingB.Physical damageC.DegaussingD.Physical destructionD8.Which of the following ensures that security is not breached when a systemcrash or other system failure occurs?A.trusted recoveryB.hot swappableC.redundancyD.secure bootA9.Hardware availability reports allow the identification of the followingproblems except for:A.Inadequate training for operatorsB.Excessive operating systems maintenanceer dissatisfactionD.Inadequate hardware facilitiesC10.Which of the following is not a valid reason to use external penetrationservice firms rather than corporate resources?A.They are more cost-effectiveB.They offer a lack of corporate biasC.They use highly talented ex-hackersD.They insure a more complete reportingC11.When it comes to magnetic media sanitization, what difference can be madebetween clearing and purging information?A.Clearing completely erases the media whereas purging only removes file headers,allowing the recovery of files.B.Clearing renders information unrecoverable by a keyboard attack and purgingrenders information unrecoverable against laboratory attack.C.They both involve rewriting the media.D.Clearing renders information unrecoverable against a laboratory attack andpurging renders information unrecoverable to a keyboard attack.B12.What security procedure forces an operator into collusion with an operatorof a different category to have access to unauthorized data?A.Enforcing regular password changes.B.Management monitoring of audit logs.C.Limiting the specific accesses of operations personnel.D.Job rotation of people through different assignments.C13.Who is responsible for setting user clearances to computer-basedinformation?A.Security administratorsB.OperatorsC.Data ownersD.Data custodiansA14.Which of the following is used to interrupt opportunity to create collusion tosubvert operation for fraudulent purposes?A.Separation of dutiesB.Rotation of dutiesC.Principle of need-to-knowD.Principle of least privilegeB15.Unrestricted access to production programs should be given to which of thefollowing?A.maintenance programmers onlyB.system owner, on requestC.no oneD.auditorsC16.Overwriting and/or degaussing is used to clear and purge all of the followingexcept which of the following?A.random access memoryB.read-only memoryC.magnetic core memoryD.magnetic hard disksB17.An electrical device (AC or DC) which can generate coercive magnetic forcefor the purpose of reducing magnetic flux density to zero on storage media or other magnetic media is called:A. a magnetic field.B. a degausser.C.magnetic remanence.D.magnetic saturation.B18.Which of the following in not a critical security aspect of OperationsControls?A.Controls over hardwareB.Data media usedC.Operators using resourcesD.Environmental controlsD19.Which of the following should not be accessible by a computer operator?A.Operations documentationputer consoleC.Source code of applicationsrmation security guidelinesC20.Which one of the following functions provides the least effectiveorganizational reporting structure for the Information Systems Security function?A.IS quality assuranceB.IS resource managementC.IS operationsD.Corporate securityC21.What should a company do first when disposing of personal computers thatonce were used to store confidential data?A.Overwrite all data on the hard disk with zeroesB.Delete all data contained on the hard diskC.Demagnetize the hard diskD.Low level format the hard disk22.What is the most effective means of determining how controls arefunctioning within an operating system?A.Interview with computer operatorB.Review of software control features and/or parametersC.Review of operating system manualD.Interview with product vendorB23.Which TCSEC (Orange Book) level requires the system to clearly identifyfunctions of security administrator to perform security-related functions?A.C2B.B1C.B2D.B3D24.According to the Orange Book, which security level is the first to requiretrusted recovery?A.A1B.B2C.B3D.B1C25.Which of the following are functions that are compatible in a properlysegregated environment?A.Application programming and computer operation.B.Systems programming and job control analysis.C.Access authorization and database administration.D.System development and systems maintenance.D26.Which of the following rules is less likely to support the concept of leastprivilege?A.The number of administrative accounts should be kept to a minimum.B.Administrators should use regular accounts when performing routine operationslike reading mail.C.Permissions on tools that are likely to be used by hackers should be as restrictiveas possible.D.Only data to and from critical systems and applications should be allowedthrough the firewall.D27.Which level of "least privilege" enables operators the right to modify datadirectly in its original location, in addition to data copied from the original location?A.Access ChangeB.Read/WriteC.Access RewriteD.Access ModifyA28.Which of the following is not an Orange Book-defined life cycle assurancerequirement?A.Security testingB.Design specification and testingC.Trusted distributionD.System integrityD29.Which of the following questions is less likely to help in assessing controlsover production?A.Are there processes for ensuring that only authorized users pick up, receive, ordeliver input and output information and media?B.Are audit trails used for receipt of sensitive inputs/outputs?C.Is media sanitized for reuse?D.Are confidentiality or security agreements required for employees assigned towork with sensitive information?D30.Ensuring that printed reports reach proper users and that receipts aresigned before releasing sensitive documents are examples of:A.Deterrent controlsB.Output controlsrmation flow controlsD.Asset controlsB31.Intrusion Detection (ID) and Response is not a:A.preventive control.B.detective control.C.monitoring control.D.reactive control.A32.A periodic review of user account management should not determine:A.Conformity with the concept of least privilege.B.Whether active accounts are still being used.C.Strength of user-chosen passwords.D.Whether management authorizations are up-to-date.C33.The primary reason for enabling software audit trails is which of thefollowing?A.Improve system efficiency.B.Improve response time for users.C.Establish responsibility and accountability.D.Provide useful information to track down processing errors.C34.Which of the following is true related to network sniffing?A.Sniffers allow an attacker to monitor data passing across a network.B.Sniffers alter the source address of a computer to disguise and exploit weakauthentication methods.C.Sniffers take over network connections.D.Sniffers send IP fragments to a system that overlap with each other.A35.Which of the following questions is less likely to help in assessing controlsover hardware and software maintenance?A.Is access to all program libraries restricted and controlled?B.Are integrity verification programs used by applications to look for evidences ofdata tampering, errors, and omissions?C.Is there version control?D.Are system components tested, documented, and approved prior to promotion toproduction?B36.This type of vulnerability enables the intruder to re-route data traffic from anetwork device to a personal machine. This diversion enables the intruder to capture data traffic to and from the devices for analysis or modification, or to steal the password file from the server and gain access to user accounts:work Address Translationwork Address Hijackingwork Address Supernettingwork Address Sniffing37.Which of the following is NOT a technique used to perform a penetrationtest?A.sending noiseB.scanning and probingC.war dialingD.sniffingA38.In what way can violation clipping levels assist in violation tracking andanalysis?A.Clipping levels set a baseline for normal user errors, and violations exceeding thatthreshold will be recorded for analysis of why the violations occurred.B.Clipping levels enable a security administrator to customize the audit trail torecord only those violations which are deemed to be security relevant.C.Clipping levels enable the security administrator to customize the audit trail torecord only actions for users with access to usercodes with a privileged status. D.Clipping levels enable a security administrator to view all reductions in securitylevels which have been made to usercodes which have incurred violations.A39.Which of the following are functions that are compatible in a properlysegregated environment?A.Data entry and job schedulingB.Database administration and systems securityC.Systems analyst and application programmingD.Security administration and systems programmingC40.Which of the following is not concerned with configuration management?A.HardwareB.SoftwareC.DocumentationD.They all are concerned with configuration management.D41.What is the main objective of proper separation of duties?A.To prevent employees from disclosing sensitive information.B.To ensure access controls are in place.C.To ensure that no single individual can compromise a system.D.To ensure that audit trails are not tampered with.C42.Which trusted facility management concept implies that two operators mustreview and approve the work of each other?A.Two-man controlB.Dual controlC.Double controlD.Segregation controlA43.Which choice below is NOT a security goal of an audit mechanism?A.Deter perpetrators' attempts to bypass the system protection mechanismsB.Review employee production output recordsC.Review patterns of access to individual objectsD.Discover when a user assumes a functionality with privileges greater than hisownB44.Which choice below would NOT be considered a benefit of employingincident-handling capability?A.An individual acting alone would not be able to subvert a security process orcontrol.B.It enhances internal communications and the readiness of the organization torespond to incidents.C.It assists an organization in preventing damage from future incidents.D.Security training personnel would have a better understanding of users'knowledge of security issues.A45.Which choice below is the BEST description of operational assurance?A.Operational assurance is the process of examining audit logs to reveal usage thatidentifies misuse.B.Operational assurance has the benefit of containing and repairing damage fromincidents.C.Operational assurance is the process of reviewing an operational system to seethat security controls are functioning correctly.D.Operational assurance is the process of performing pre-employment backgroundscreening.C46.Which choice below MOST accurately describes a Covert Storage Channel?A. A process that manipulates observable system resources in a way that affectsresponse timeB.An information transfer path within a systemC. A communication channel that allows a process to transfer information in amanner that violates the system's security policyD.An information transfer that involves the direct or indirect writing of a storagelocation by one process and the direct or indirect reading of the storage location by another processD47.Which choice below is NOT an example of a media control?A.Sanitizing the media before dispositionB.Printing to a printer in a secured roomC.Physically protecting copies of backup mediaD.Conducting background checks on individualsD48.Which statement below is the BEST example of "separation of duties"?A.An activity that checks on the system, its users, or the environment.B.Getting users to divulge their passwords.C.One person initiates a request for a payment and another authorizes that samepayment.D. A data entry clerk may not have access to run database analysis reports.C49.Which minimum TCSEC security class category specifies "trusteddistribution" controls?A.C2B.B2C.B3D.A1D50.Which statement below is accurate about the concept of Object Reuse?A.Object reuse protects against physical attacks on the storage medium.B.Object reuse ensures that users do not obtain residual information from systemresources.C.Object reuse applies to removable media only.D.Object reuse controls the granting of access rights to objects.B。