信息安全工程師當(dāng)天每日一練試題地址：www.ichunya.com/exam/ExamDay.aspx?t1=6

往期信息安全工程師每日一練試題匯總：www.ichunya.com/class/27/e6_1.html

信息安全工程師每日一練試題（2020/6/11）在線測(cè)試：www.ichunya.com/exam/ExamDay.aspx?t1=6&day=2020/6/11

點(diǎn)擊查看：更多信息安全工程師習(xí)題與指導(dǎo)

信息安全工程師每日一練試題內(nèi)容（2020/6/11）

試題1： In what way is a common gateway interface (CGI) MOST often used on a web server? 
A、Consistent way for transferring data to the application program and back to the user 
B、Computer graphics imaging method for movies and TV 
C、Graphic user interface for web design 
D、Interface to access the private gateway domain 
試題解析與討論：www.ichunya.com/st/2939017838.html
試題參考答案：A

試題2： During the review of a web-based software development project, an IS auditor realizes that coding standards are not enforced and code reviews are rarely carried out. This will MOST likely increase the likelihood of a successful: 
A、buffer overflow. 
B、brute force attack. 
C、distributed denial-of-service attack. 
D、war dialing attack. 
試題解析與討論：www.ichunya.com/st/2920117383.html
試題參考答案：A

試題3： When evaluating the controls of an EDI application, an IS auditor should PRIMARILY be concerned with the risk of: 
A、excessive transaction turnaround time. 
B、application interface failure. 
C、improper transaction authorization. 
D、nonvalidated batch totals. 
試題解析與討論：www.ichunya.com/st/2950622030.html
試題參考答案：C

試題4： 以下關(guān)于公鑰基礎(chǔ)設(shè)施（PKI）的說(shuō)法中，正確的是（）
A. PKI可以解決公鑰可信性問(wèn)題
B. PKI不能解決公鑰可信性問(wèn)題
C. PKI只能有政府來(lái)建立
D.PKI不提供數(shù)字證書(shū)查詢服務(wù)
試題解析與討論：www.ichunya.com/st/3274120315.html
試題參考答案：A

試題5：

以下哪一項(xiàng)不是IIS服務(wù)器支持的訪問(wèn)控制過(guò)濾類(lèi)型？（）
A、網(wǎng)絡(luò)地址訪問(wèn)控制
B、web服務(wù)器許可
C、NTFS許可
D、異常行為過(guò)濾

試題解析與討論：www.ichunya.com/st/2655029533.html
試題參考答案：D

試題6： An IS auditor has been assigned to review IT structures and activities recently outsourced to various providers. Which of the following should the IS auditor determine FIRST ? 
A、That an audit clause is present in all contracts 
B、That the SLA of each contract is substantiated by appropriate KPIs 
C、That the contractual warranties of the providers support the business needs of the organization 
D、That at contract termination, support is guaranteed by each outsourcer for new outsourcers 
試題解析與討論：www.ichunya.com/st/2975519032.html
試題參考答案：C

試題7：

傳統(tǒng)密碼學(xué)的理論基礎(chǔ)是（）
A、 數(shù)學(xué)
B、 物理學(xué)
C、 計(jì)算機(jī)學(xué)科
D、 力學(xué)

試題解析與討論：www.ichunya.com/st/2671626126.html
試題參考答案：A

試題8： Which of the following types of data validation editing checks is used to determine if a field contains data, and not zeros or blanks? 
A、Check digit 
B、Existence check 
C、Completeness check 
D、Reasonableness check 
試題解析與討論：www.ichunya.com/st/2976520772.html
試題參考答案：C

試題9：

下列關(guān)于信息系統(tǒng)生命周期中實(shí)施階段所涉及主要安全需求描述錯(cuò)誤的是：（）
A．確保采購(gòu)定制的設(shè)備、軟件和其他系統(tǒng)組件滿足已定義的安全要求
B．確保整個(gè)系統(tǒng)已按照領(lǐng)導(dǎo)要求進(jìn)行了部署和配置
C．確保系統(tǒng)使用人員已具備使用系統(tǒng)安全功能和安全特性的能力
D．確保信息系統(tǒng)的使用已得到授權(quán)

試題解析與討論：www.ichunya.com/st/2753619114.html
試題參考答案：B

試題10： After reviewing its business processes, a large organization is deploying a new web application based on a VoIP technology. Which of the following is the MOST appropriate approach for implementing access control that will facilitate security management of the VoIP web application? 
A、Fine-grained access control 
B、Role-based access control (RBAC) 
C、Access control lists 
D、Network/service access control 
試題解析與討論：www.ichunya.com/st/293467653.html
試題參考答案：B