信息安全工程師當(dāng)天每日一練試題地址：http://www.xiexiliangjiufa.com/exam/ExamDay.aspx?t1=6

往期信息安全工程師每日一練試題匯總：http://www.xiexiliangjiufa.com/class27-6-1.aspx

信息安全工程師每日一練試題（2017/6/25）在線(xiàn)測(cè)試：http://www.xiexiliangjiufa.com/exam/ExamDay.aspx?t1=6&day=2017/6/25

信息安全工程師每日一練試題內(nèi)容（2017/6/25）

試題1：

為了對(duì)計(jì)算機(jī)信息系統(tǒng)的安全威脅有更全面、更深刻的認(rèn)識(shí)，信息應(yīng)用系統(tǒng)安全威脅的分類(lèi)方法一般用（ ）三種“綜合分類(lèi)”方法。
A. 高、中、低
B. 對(duì)象的價(jià)值、實(shí)施的手段、影響（結(jié)果）
C. 按風(fēng)險(xiǎn)性質(zhì)、按風(fēng)險(xiǎn)結(jié)果、按風(fēng)險(xiǎn)源
D. 自然事件、人為事件、系統(tǒng)薄弱環(huán)節(jié)

試題解析與討論：http://www.xiexiliangjiufa.com/st/22979.html
試題參考答案：C

試題2：

訪(fǎng)問(wèn)控制是為了限制訪(fǎng)問(wèn)主體對(duì)訪(fǎng)問(wèn)客體的訪(fǎng)問(wèn)權(quán)限，從而使計(jì)算機(jī)系統(tǒng)在合法范圍內(nèi)使用的安全措施，以下關(guān)于訪(fǎng)問(wèn)控制的敘述中，（）是不正確的
A、訪(fǎng)問(wèn)控制包括2個(gè)重要的過(guò)程：鑒別和授權(quán)
B、訪(fǎng)問(wèn)控制機(jī)制分為2種：強(qiáng)制訪(fǎng)問(wèn)控制(MAC)和自主訪(fǎng)問(wèn)控制（DAC）
C、RBAC基于角色的訪(fǎng)問(wèn)控制對(duì)比DAC的先進(jìn)之處在于用戶(hù)可以自主的將訪(fǎng)問(wèn)的權(quán)限授給其它用戶(hù)
D、RBAC不是基于多級(jí)安全需求的，因?yàn)榛赗BAC的系統(tǒng)中主要關(guān)心的是保護(hù)信息的完整性，即”誰(shuí)可以對(duì)什么信息執(zhí)行何種動(dòng)作”

試題解析與討論：http://www.xiexiliangjiufa.com/st/1926829474.html
試題參考答案：C

試題3：

訪(fǎng)問(wèn)控制表與訪(fǎng)問(wèn)能力表相比，具有以下那個(gè)特點(diǎn)：（）
A、訪(fǎng)問(wèn)控制表更容易實(shí)現(xiàn)訪(fǎng)問(wèn)權(quán)限的特點(diǎn)
B、訪(fǎng)問(wèn)能力表更容易瀏覽訪(fǎng)問(wèn)權(quán)限
C、訪(fǎng)問(wèn)控制表回收訪(fǎng)問(wèn)權(quán)限更困難
D、訪(fǎng)問(wèn)控制表更適用于集中式系統(tǒng)

試題解析與討論：http://www.xiexiliangjiufa.com/st/2651922542.html
試題參考答案：D

試題4：

網(wǎng)絡(luò)安全領(lǐng)域，VPN通常用于建立（）之間的安全訪(fǎng)問(wèn)通道。
A、 總部與分支機(jī)構(gòu)、與合作伙伴、與移動(dòng)辦公用戶(hù)、遠(yuǎn)程用戶(hù);
B、 客戶(hù)與客戶(hù)、與合作伙伴、遠(yuǎn)程用戶(hù);
C、 同一個(gè)局域網(wǎng)用戶(hù);
D、 僅限于家庭成員;

試題解析與討論：http://www.xiexiliangjiufa.com/st/267601432.html
試題參考答案：A

試題5：

關(guān)于監(jiān)理過(guò)程中成本控制，下列說(shuō)法中正確的是?（）
A．成本只要不超過(guò)預(yù)計(jì)的收益即可
B．成本應(yīng)控制得越低越好
C．成本控制由承建單位實(shí)現(xiàn)，監(jiān)理單位只能記錄實(shí)際開(kāi)銷(xiāo)
D．成本控制的主要目的是在批準(zhǔn)的預(yù)算條件下確保項(xiàng)目保質(zhì)按期完成

試題解析與討論：http://www.xiexiliangjiufa.com/st/273878960.html
試題參考答案：D

試題6： An organization has a mix of access points that cannot be upgraded to stronger security and newer access points having advanced wireless security. An IS auditor recommends replacing the nonupgradeable access points. Which of the following would BEST justify the IS auditor's recommendation? 
A、The new access points with stronger security are affordable. 
B、The old access points are poorer in terms of performance. 
C、The organization's security would be as strong as its weakest points. 
D、The new access points are easier to manage. 
試題解析與討論：http://www.xiexiliangjiufa.com/st/2927616282.html
試題參考答案：C

試題7： An IS auditor who has discovered unauthorized transactions during a review of EDI transactions is likely to recommend improving the: 
A、EDI trading partner agreements. 
B、physical controls for terminals. 
C、authentication techniques for sending and receiving messages. 
D、program change control procedures. 
試題解析與討論：http://www.xiexiliangjiufa.com/st/293215913.html
試題參考答案：C

試題8： Which of the following types of firewalls would BEST protect a network from an Internet attack? 
A、Screened subnet firewall 
B、Application filtering gateway 
C、Packet filtering router 
D、Circuit-level gateway 
試題解析與討論：http://www.xiexiliangjiufa.com/st/294741104.html
試題參考答案：A

試題9： When segregation of duties concerns exist between IT support staff and end users, what would be a suitable compensating control? 
A、Restricting physical access to computing equipment 
B、Reviewing transaction and application logs 
C、Performing background checks prior to hiring IT staff 
D、Locking user sessions after a specified period of inactivity 
試題解析與討論：http://www.xiexiliangjiufa.com/st/2955015870.html
試題參考答案：B

試題10： Many organizations require an employee to take a mandatory vacation (holiday) of a week or more to: 
A、ensure the employee maintains a good quality of life, which will lead to greater productivity. 
B、reduce the opportunity for an employee to commit an improper or illegal act. 
C、provide proper cross-training for another employee. 
D、eliminate the potential disruption caused when an employee takes vacation one day at a time. 
試題解析與討論：http://www.xiexiliangjiufa.com/st/297414698.html
試題參考答案：B