信息安全工程師當天每日一練試題地址：m.xiexiliangjiufa.com/exam/ExamDay.aspx?t1=6

往期信息安全工程師每日一練試題匯總：m.xiexiliangjiufa.com/class/27/e6_1.html

信息安全工程師每日一練試題（2020/6/11）在線測試：m.xiexiliangjiufa.com/exam/ExamDay.aspx?t1=6&day=2020/6/11

點擊查看：更多信息安全工程師習題與指導

信息安全工程師每日一練試題內容（2020/6/11）

試題1： In what way is a common gateway interface (CGI) MOST often used on a web server? 
A、Consistent way for transferring data to the application program and back to the user 
B、Computer graphics imaging method for movies and TV 
C、Graphic user interface for web design 
D、Interface to access the private gateway domain 
試題解析與討論：m.xiexiliangjiufa.com/st/2939017838.html
試題參考答案：A

試題2： During the review of a web-based software development project, an IS auditor realizes that coding standards are not enforced and code reviews are rarely carried out. This will MOST likely increase the likelihood of a successful: 
A、buffer overflow. 
B、brute force attack. 
C、distributed denial-of-service attack. 
D、war dialing attack. 
試題解析與討論：m.xiexiliangjiufa.com/st/2920117383.html
試題參考答案：A

試題3： When evaluating the controls of an EDI application, an IS auditor should PRIMARILY be concerned with the risk of: 
A、excessive transaction turnaround time. 
B、application interface failure. 
C、improper transaction authorization. 
D、nonvalidated batch totals. 
試題解析與討論：m.xiexiliangjiufa.com/st/2950622030.html
試題參考答案：C

試題4： 以下關于公鑰基礎設施（PKI）的說法中，正確的是（）
A. PKI可以解決公鑰可信性問題
B. PKI不能解決公鑰可信性問題
C. PKI只能有政府來建立
D.PKI不提供數字證書查詢服務
試題解析與討論：m.xiexiliangjiufa.com/st/3274120315.html
試題參考答案：A

試題5：

以下哪一項不是IIS服務器支持的訪問控制過濾類型？（）
A、網絡地址訪問控制
B、web服務器許可
C、NTFS許可
D、異常行為過濾

試題解析與討論：m.xiexiliangjiufa.com/st/2655029533.html
試題參考答案：D

試題6： An IS auditor has been assigned to review IT structures and activities recently outsourced to various providers. Which of the following should the IS auditor determine FIRST ? 
A、That an audit clause is present in all contracts 
B、That the SLA of each contract is substantiated by appropriate KPIs 
C、That the contractual warranties of the providers support the business needs of the organization 
D、That at contract termination, support is guaranteed by each outsourcer for new outsourcers 
試題解析與討論：m.xiexiliangjiufa.com/st/2975519032.html
試題參考答案：C

試題7：

傳統密碼學的理論基礎是（）
A、 數學
B、 物理學
C、 計算機學科
D、 力學

試題解析與討論：m.xiexiliangjiufa.com/st/2671626126.html
試題參考答案：A

試題8： Which of the following types of data validation editing checks is used to determine if a field contains data, and not zeros or blanks? 
A、Check digit 
B、Existence check 
C、Completeness check 
D、Reasonableness check 
試題解析與討論：m.xiexiliangjiufa.com/st/2976520772.html
試題參考答案：C

試題9：

下列關于信息系統生命周期中實施階段所涉及主要安全需求描述錯誤的是：（）
A．確保采購定制的設備、軟件和其他系統組件滿足已定義的安全要求
B．確保整個系統已按照領導要求進行了部署和配置
C．確保系統使用人員已具備使用系統安全功能和安全特性的能力
D．確保信息系統的使用已得到授權

試題解析與討論：m.xiexiliangjiufa.com/st/2753619114.html
試題參考答案：B

試題10： After reviewing its business processes, a large organization is deploying a new web application based on a VoIP technology. Which of the following is the MOST appropriate approach for implementing access control that will facilitate security management of the VoIP web application? 
A、Fine-grained access control 
B、Role-based access control (RBAC) 
C、Access control lists 
D、Network/service access control 
試題解析與討論：m.xiexiliangjiufa.com/st/293467653.html
試題參考答案：B