信息安全工程師當(dāng)天每日一練試題地址：m.xiexiliangjiufa.com/exam/ExamDay.aspx?t1=6

往期信息安全工程師每日一練試題匯總：m.xiexiliangjiufa.com/class/27/e6_1.html

信息安全工程師每日一練試題（2020/6/17）在線測(cè)試：m.xiexiliangjiufa.com/exam/ExamDay.aspx?t1=6&day=2020/6/17

點(diǎn)擊查看：更多信息安全工程師習(xí)題與指導(dǎo)

信息安全工程師每日一練試題內(nèi)容（2020/6/17）

試題1：

下面關(guān)于信息系統(tǒng)安全保障的說(shuō)法不正確的是：（）
A．信息系統(tǒng)安全保障與信息系統(tǒng)的規(guī)劃組織、開發(fā)采購(gòu)、實(shí)施交付、運(yùn)行維護(hù)和廢棄等生命周期密切相關(guān)
B.信息系統(tǒng)安全保障要素包括信息的完整性、可用性和保密性
C．信息系統(tǒng)安全需要從技術(shù)、工程、管理和人員四個(gè)領(lǐng)域進(jìn)行綜合保障
D．信息系統(tǒng)安全保障需要將信息系統(tǒng)面臨的風(fēng)險(xiǎn)降低到可接受的程度，從而實(shí)現(xiàn)其業(yè)務(wù)使命

試題解析與討論：m.xiexiliangjiufa.com/st/274765362.html
試題參考答案：B

試題2：

UDP需要使用（）地址，來(lái)給相應(yīng)的應(yīng)用程序發(fā)送用戶數(shù)據(jù)報(bào)。
A．端口
B．應(yīng)用程序
C．因特網(wǎng)
D．物理

試題解析與討論：m.xiexiliangjiufa.com/st/2681129680.html
試題參考答案：A

試題3： Which of the following is the initial step in creating a firewall policy? 
A、A cost-benefit analysis of methods for securing the applications 
B、Identification of network applications to be externally accessed 
C、Identification of vulnerabilities associated with network applications to be externally accessed 
D、Creation of an applications traffic matrix showing protection methods 
試題解析與討論：m.xiexiliangjiufa.com/st/2932915672.html
試題參考答案：B

試題4：

下列哪個(gè)漏洞不是由于未對(duì)輸入做過(guò)濾造成的?（）
A、 DOS攻擊
B、 SQL注入
C、 日志注入
D、 命令行注入

試題解析與討論：m.xiexiliangjiufa.com/st/2674812408.html
試題參考答案：A

試題5： The PRIMARY objective of testing a business continuity plan is to: 
A、familiarize employees with the business continuity plan. 
B、ensure that all residual risks are addressed. 
C、exercise all possible disaster scenarios. 
D、identify limitations of the business continuity plan. 
試題解析與討論：m.xiexiliangjiufa.com/st/298207737.html
試題參考答案：D

試題6： To determine if unauthorized changes have been made to production code the BEST audit procedure is to: 
A、examine the change control system records and trace them forward to object code files. 
B、review access control permissions operating within the production program libraries. 
C、examine object code to find instances of changes and trace them back to change control records. 
D、review change approved designations established within the change control system. 
試題解析與討論：m.xiexiliangjiufa.com/st/2952511964.html
試題參考答案：C

試題7：

為了保證系統(tǒng)日志可靠有效，以下哪一項(xiàng)不是日志必需具備的特征。（）
A．統(tǒng)一而精確地的時(shí)間
B．全面覆蓋系統(tǒng)資產(chǎn)
C．包括訪問源、訪問目標(biāo)和訪問活動(dòng)等重要信息
D．可以讓系統(tǒng)的所有用戶方便的讀取

試題解析與討論：m.xiexiliangjiufa.com/st/256595532.html
試題參考答案：D

試題8： The MAJOR advantage of the risk assessment approach over the baseline approach to information security management is that it ensures: 
A、information assets are overprotected. 
B、a basic level of protection is applied regardless of asset value. 
C、appropriate levels of protection are applied to information assets. 
D、an equal proportion of resources are devoted to protecting all information assets. 
試題解析與討論：m.xiexiliangjiufa.com/st/2918014096.html
試題參考答案：C

試題9： Regarding a disaster recovery plan, the role of an IS auditor should include: 
A、identifying critical applications. 
B、determining the external service providers involved in a recovery test. 
C、observing the tests of the disaster recovery plan. 
D、determining the criteria for establishing a recovery time objective (RTO).
試題解析與討論：m.xiexiliangjiufa.com/st/293841268.html
試題參考答案：C

試題10：

NAT技術(shù)不能實(shí)現(xiàn)以下哪個(gè)功能？（）
A.對(duì)應(yīng)用層協(xié)議進(jìn)行代理
B.隱藏內(nèi)部地址
C.增加私有組織的地址空間
D.解決IP地址不足問題

試題解析與討論：m.xiexiliangjiufa.com/st/270685258.html
試題參考答案：A