信息安全工程師當(dāng)天每日一練試題地址：m.xiexiliangjiufa.com/exam/ExamDay.aspx?t1=6

往期信息安全工程師每日一練試題匯總：m.xiexiliangjiufa.com/class/27/e6_1.html

信息安全工程師每日一練試題（2020/5/27）在線測試：m.xiexiliangjiufa.com/exam/ExamDay.aspx?t1=6&day=2020/5/27

點(diǎn)擊查看：更多信息安全工程師習(xí)題與指導(dǎo)

信息安全工程師每日一練試題內(nèi)容（2020/5/27）

試題1：

Kerberos是一種常用的身份認(rèn)證協(xié)議，它采用的加密算法是（）
A、Elgamal
B、DES
C、MD5
D、RSA

試題解析與討論：m.xiexiliangjiufa.com/st/2847116804.html
試題參考答案：B

試題2： An advantage of using sanitized live transactions in test data is that: 
A、all transaction types will be included. 
B、every error condition is likely to be tested. 
C、no special routines are required to assess the results. 
D、test transactions are representative of live processing. 
試題解析與討論：m.xiexiliangjiufa.com/st/2980621533.html
試題參考答案：D

試題3： An IS auditor reviewing an accounts payable system discovers that audit logs are not being reviewed. When this issue is raised with management the response is that additional controls are not necessary because effective system access controls are in place. The BEST response the auditor can make is to: 
A、review the integrity of system access controls. 
B、accept management's statement that effective access controls are in place. 
C、stress the importance of having a system control framework in place. 
D、review the background checks of the accounts payable staff. 
試題解析與討論：m.xiexiliangjiufa.com/st/2949127830.html
試題參考答案：C

試題4： IS management has decided to install a level 1 Redundant Array of Inexpensive Disks (RAID) system in all servers to compensate for the elimination of offsite backups. The IS auditor should recommend: 
A、upgrading to a level 5 RAID. 
B、increasing the frequency of onsite backups. 
C、reinstating the offsite backups. 
D、establishing a cold site in a secure location. 
試題解析與討論：m.xiexiliangjiufa.com/st/2971625907.html
試題參考答案：C

試題5： To address the risk of operations staff's failure to perform the daily backup, management requires that the systems administrator sign off on the daily backup. This is an example of risk: 
A、avoidance. 
B、transference. 
C、mitigation. 
D、acceptance. 
試題解析與討論：m.xiexiliangjiufa.com/st/293614033.html
試題參考答案：C

試題6：

軟件安全保障的思想是在軟件的全生命周期中貫徹風(fēng)險(xiǎn)管理的思想，在有限資源前提下實(shí)現(xiàn)軟件安全最優(yōu)防護(hù)，避免防范不足帶來的直接損失，也需要關(guān)注過度防范造成的間接損失。在以下軟件安全開發(fā)策略中，不符合軟件安全保障思想的是：（）
A.在軟件立項(xiàng)時(shí)考慮到軟件安全相關(guān)費(fèi)用，經(jīng)費(fèi)中預(yù)留了安全測試、安全評審相關(guān)費(fèi)用，確保安全經(jīng)費(fèi)得到落實(shí)
B．在軟件安全設(shè)計(jì)時(shí)，邀請軟件安全開發(fā)專家對軟件架構(gòu)設(shè)計(jì)進(jìn)行評審，及時(shí)發(fā)現(xiàn)架構(gòu)設(shè)計(jì)中存在的安全不足
C．確保對軟編碼人員進(jìn)行安全培訓(xùn)，使開發(fā)人員了解安全編碼基本原則和方法，確保開發(fā)人員編寫出安全的代碼
D．在軟件上線前對軟件進(jìn)行全面安全性測試，包括源代碼分析、模糊測試、滲透測試，未經(jīng)以上測試的軟件不允許上線運(yùn)行

試題解析與討論：m.xiexiliangjiufa.com/st/274129679.html
試題參考答案：D

試題7： The PRIMARY purpose for meeting with auditees prior to formally closing a review is to: 
A、confirm that the auditors did not overlook any important issues. 
B、gain agreement on the findings. 
C、receive feedback on the adequacy of the audit procedures. 
D、test the structure of the final presentation. 
試題解析與討論：m.xiexiliangjiufa.com/st/2977619346.html
試題參考答案：B

試題8： 不屬于物理安全威脅的是（  ）。
A.電源故障
B.物理攻擊
C.自然災(zāi)害
D.字典攻擊
試題解析與討論：m.xiexiliangjiufa.com/st/3897917382.html
試題參考答案：D

試題9：

通過社會工程的方法進(jìn)行非授權(quán)訪問的風(fēng)險(xiǎn)可以通過以下方法避免：（）
A.   安全意識程序
B.非對稱加密
C. 入侵偵測系統(tǒng)
D. 非軍事區(qū)

試題解析與討論：m.xiexiliangjiufa.com/st/2587326758.html
試題參考答案：A

試題10： The GREATEST benefit in implementing an expert system is the: 
A、capturing of the knowledge and experience of individuals in an organization. 
B、sharing of knowledge in a central repository. 
C、enhancement of personnel productivity and performance. 
D、reduction of employee turnover in key departments. 
試題解析與討論：m.xiexiliangjiufa.com/st/2982910796.html
試題參考答案：A