天天性综合,麻豆va一区二区三区久久浪,美丽姑娘免费观看在线观看中文版

當前位置：信管網 >> 信息安全工程師 >> 每日一練 >> 文章內容

信息安全工程師每日一練試題（2022/7/1）

來源：信管網 2022年07月02日【所有評論】

信息安全工程師當天每日一練試題地址：www.xcpkj.com/exam/ExamDay.aspx?t1=6

往期信息安全工程師每日一練試題匯總：www.xcpkj.com/class/27/e6_1.html

信息安全工程師每日一練試題（2022/7/1）在線測試：www.xcpkj.com/exam/ExamDay.aspx?t1=6&day=2022/7/1

點擊查看：更多信息安全工程師習題與指導

信息安全工程師每日一練試題內容（2022/7/1）

試題1
The modern study of symmetric-key ciphers relates mainly to the study of block ciphers and stream ciphers and to their applications. A block cipher is, in a sense, a modern embodiment of Alberti's polyalphabetic cipher: block ciphers take as input a block of （71 ）and a key, and output a block of ciphertext of the same size. Since messages are almost always longer than a single block, some method of knitting together successive blocks is required. Several have been developed, some with better security in one aspect or another than others. They are the mode of operations and must be carefully considered when using a block cipher in a cryptosystem.
The Data Encryption Standard (DES) and the Advanced Encryption Standard (AES) are( 72 )designs which have been designated cryptography standards by the US government (though DES's designation was finally withdrawn after the AES was adopted). Despite its deprecation as an official standard, DES (especially its still-approved and much more secure triple-DES variant) remains quite popular; it is used across a wide range of applications, from ATM encryption to e-mail privacy and secure remote access. Many other block ciphers have been designed and released, with considerable variation in quality. Many have been thoroughly broken. See Category: Block ciphers.
Stream ciphers, in contrast to the ‘block’type, create an arbitrarily long stream of key material, which is combined ( 73 )the plaintext bit-by-bit or character-by-character, somewhat like the one-time pad. In a stream cipher, the output( 74 )is created based on an internal state which changes as the cipher operates. That state change is controlled by the key, and, in some stream ciphers, by the plaintext stream as well. RC4 is an example of a well-known, and widely used, stream cipher; see Category: Stream ciphers.
Cryptographic hash functions (often called message digest functions) do not necessarily use keys, but are a related and important class of cryptographic algorithms. They take input data (often an entire message), and output a short fixed length hash, and do so as a one-way function. For good ones, ( 75 ) (two plaintexts which produce the same hash) are extremely difficult to find.
Message authentication codes (MACs) are much like cryptographic hash functions, except that a secret key is used to authenticate the hash value on receipt. These block an attack against plain hash functions.
（71）
A.plaintext
B.ciphertext
C.data
D.hash
（72）
A.stream cipher
B.hash function
C.Message authentication code
D.Block cipher
（73）
A.of
B.for
C.with
D.in
（74）
A.hash
B.stream
C.ciphertext
D.plaintext
（75）
A.collisions
B.image
C.preimage
D.solution
查看答案
試題參考答案：A、D、C、B、A
試題解析與討論：www.xcpkj.com/st/4115223167.html
試題2
通用入侵檢測框架模型（CIDF）由事件產生器、事件分析器、響應單元和事件數據庫四個部分組成。其中向系統(tǒng)其他部分提供事件的是（）
A．事件產生器
B．事件分析器
C．響應單元
D．事件數據庫
查看答案
試題參考答案：A
試題解析與討論：www.xcpkj.com/st/5226223863.html
試題3
網絡安全漏洞是網絡安全管理工作的重要內容，網絡信息系統(tǒng)的漏洞主要來自兩個方面：非技術性安全漏洞和技術性安全漏洞。以下屬于非技術性安全漏洞主要來源的是 ( )
A．緩沖區(qū)溢出
B．輸入驗證錯誤
C．網絡安全特權控制不完備
D．配置錯誤
查看答案
試題參考答案：C
試題解析與討論：www.xcpkj.com/st/522697983.html
試題4
入侵檢測技術包括異常入侵檢測和誤用入侵檢測。以下關于誤用檢測技術的描述中，正確的是（）。
A.誤用檢測根據對用戶正常行為的了解和掌握來識別入侵行為
B.誤用檢測根據掌握的關于入侵或攻擊的知識來識別入侵行為
C.誤用檢測不需要建立入侵或攻擊的行為特征庫
D.誤用檢測需要建立用戶的正常行為特征輪廓
查看答案
試題參考答案：B
試題解析與討論：www.xcpkj.com/st/4112521300.html
試題5
惡意代碼是指為達到惡意目的而專門設計的程序或代碼。以下惡意代碼中，屬于腳本病毒的是（）。
A. Worm. Sasser, f
B. Trojan. Huigezi. a
C. Harm. formac. f
D. Script. Redlof
查看答案
試題參考答案：D
試題解析與討論：www.xcpkj.com/st/4110512003.html
試題6
SYN 掃描首先向目標主機發(fā)送連接請求，當目標主機返回響應后，立即切斷連接過程，并查看響應情況。果目標主機返回（），表示目標主機的該端口開放。
A．SYN/ACK
B．RESET 信息
C．RST/ACK
D．ID頭信息
查看答案
試題參考答案：A
試題解析與討論：www.xcpkj.com/st/5223223655.html
試題7
能有效控制內部網絡和外部網絡之間的訪問及數據傳輸，從而達到保護內部網絡的信息不受外部非授權用戶的訪問和對不良信息的過濾的安全技術是（）
A.入侵檢測
B.反病毒軟件
C.防火墻
D.計算機取證
查看答案
試題參考答案：C
試題解析與討論：www.xcpkj.com/st/327375395.html
試題8
Trust is typically interpreted as a subjective belief in the reliability， honesty and security of an entity on which we depend （）our welfare .In online environments we depend on a wide spectrun of things , ranging from computer hardware,software and data to people and organizations. A security solution always assumes certain entities function according to specific policies.To trust is precisely to make this sort of assumptions , hence , a trusted entity is the same as an entity that is assumed to function according to policy . A consequence of this is that a trust component of a system must work correctly in order for the security of that system to hold, meaning that when a trusted（）fails , then the sytems and applications that depend on it can（）be considered secure.An often cited articulation of this principle is:＂ a trusted system or component is one that can break your security policy” ( which happens when the trust system fails ). The same applies to a trusted party such as a service provider ( SP for short )that is , it must operate according to the agreed or assumed policy in order to ensure the expected level of securty and quality of services . A paradoxical conclusion to be drawn from this analysis is that security assurance may decrease when increasing the number of trusted components and parties that a service infrastructure depends on . This is because the security of an infrastructure consisting of many.
Trusted components typically follows the principle of the weakest link , that is ,in many situations the the overall security can only be as strong as the least reliable or least secure of all the trusted components. We cannot avoid using trusted security components,but the fewer the better. This is important to understand when designing the identity management architectures,that is, fewer the trusted parties in an identity management model , stronger the security that can be achieved by it.
The transfer of the social constructs of identity and trust into digital and computational concepts helps in designing and implementing large scale online markets and communities,and also plays an important role in the converging mobile and Internet environments.Identity management (denoted Idm hereafter ) is about recognizing and verifying the correctness of identitied in online environment .Trust management becomes a component of （）whenever different parties rely on each other for identity provision and authentication . IdM and Trust management therefore depend on each other in complex ways because the correctness of the identity itself must be trusted for the quality and reliability of the corresponding entity to be trusted.IdM is also an essential concept when defining authorisation policies in personalised services.
Establishing trust always has a cost, so that having complex trust requirement typically leads to high overhead in establishing the required trust. To reduce costs there will be incentives for stakeholders to “cut corners”regarding trust requirements ,which could lead to inadequate security . The challenge is to design IdM systems with relatively simple trust requirements.Cryptographic mechanisms are often a core component of IdM solutions,for example,for entity and data authentication.With cryptography,it is often possible to propagate trust from where it initially exists to where it is needed .The establishment of initial（）usually takes place in the physical world,and the subsequent propagation of trust happens online,often in an automated manner.
（71）A.with
B. on
C. of
D. for
（72）A.entity
B.person
C.component
D.thing
（73）A. No longer
B. never
C. always
D.often
（74）A. SP
B. IdM
C.Internet
D.entity
（75）A.trust
B.cost
C.IdM
D. solution
查看答案
試題參考答案：D、C、A、B、A
試題解析與討論：www.xcpkj.com/st/389944612.html
試題9

以下對OSI（開放系統(tǒng)互聯(lián)）參考模型中數據鏈路層的功能敘述中，描述最貼切是（）
A、保證數據正確的順序、無差錯和完整
B、控制報文通過網絡的路由選擇
C、提供用戶與網絡的接口
D、處理信號通過介質的傳輸
查看答案
試題參考答案：A
試題解析與討論：www.xcpkj.com/st/2848820346.html
試題10
IP地址欺騙的發(fā)生過程，下列順序正確的是（）。①確定要攻擊的主機A；②發(fā)現和他有信任關系的主機B；③猜測序列號；④成功連接，留下后面；⑤將B利用某種方法攻擊癱瘓。
A.①②⑤③④
B.①②③④⑤
C.①②④③⑤
D.②①⑤③④
查看答案
試題參考答案：A
試題解析與討論：www.xcpkj.com/st/3273328170.html