最新版精选安全专业模拟考试复习题库588题含答案.docx

1、最新版精选安全专业模拟考试复习题库588题含答案2020年安全专业考试复习题库588题【含答案】一、选择题1按照国家和信息产业部的安全等级划分方法，定级对象的安全等级从低到高依次划分为：（）。A、1到3级。B、1到4级。C、1到5级。D、1到6级。参考答案：C2While assessing the risk of a network, which step are you conducting when you determine whether thenetwork can differentiate itself from other networks?A. Considering th

2、e business concernsB. Analyzing, categorizing and prioritizing resourcesC. Evaluating the existing perimeter and internal securityD. Using the existing management and control architectureAnswer: C3What host-level information would you want to obtain so you can exploit defaults and patches?A. Servers

3、B. Routers and switchesC. DatabasesD. Firewall typesAnswer: A4Which tool, service or command will enable you to learn the entire address range used by an organizationor company?A. TracerouteB. NslookupC. Port scannerD. Ping scannerAnswer: D5Which type of attack uses a simple or complex program that

4、self-replicates and/or deposits a payload ona remote or local computer?A. Dictionary attackB. Hijacking attackC. Illicit server attackD. Virus attackAnswer: D6Which service, tool or command allows a remote or local user to learn the directories or files that areaccessible on the network?A. Tracerout

5、eB. Share scannerC. Port scannerD. Ping scannerAnswer: B7Which service, command or tool allows a remote user to interface with a system as if he were sitting atthe terminal?A. HostB. FingerC. SetRequestD. TelnetAnswer: D8Abjee is going to log on to his network. His network does not employ traffic pa

6、dding mechanisms. Whywill it be easy for someone to steal his password?A. Because his password could be more than two weeks oldB. Because of he predictability of the length of the login and password promptsC. Because the Cleartext user name and password are not encryptedD. Because there is no provis

7、ion for log analysis without traffic padding, thus no accountability whenpasswords are lostAnswer: B9What is a spoofing attack?A. A hacker pretends to be the superuser and spoofs a user into allowing him into the systemB. A hacker calls a user and pretends to be a system administrator in order to ge

8、t the users passwordC. A computer (or network) pretends to be a trusted host (or network)D. A hacker gains entrance to the building where the network resides and accesses the system bypretending to be an employeeAnswer: C10In a Linux system, how do you stop the POP3, IMAPD, and FTP services?A. By ch

9、anging the permissions on the configuration file that controls the service (/sbin/inetd), thenrecompiling /etc/inetd.configB. By commenting out the service using the # symbol in the text file /etc/inetd.conf, then restarting theinetd daemonC. By recompiling the system kernel, making sure you have di

10、sabled that serviceD. By commenting out the service using the $ symbol in the text file /etc/inetd.conf, then restarting theinetd daemon.Answer: B11Which of the following is the best way to secure CGI scripts?A. Configure the firewall to filter CGI at ports 80 and 443B. Disable anonymous HTTP logins

11、 when using CGIC. Ensure that the code checks all user inputD. Active Java on the primary web serverAnswer: B12审核管理应支持以下响应方式：（）。A、提醒管理员逾期事件；B、提醒管理员逾期临近时间；C、禁用逾期用户；D、停用逾期密码并强迫用户修改密码。参考答案：ABCD13Kerstin wants to improve the security on her FTP server. She is worried about password-sniffing attacks.Whic

12、h of the following is the best action for her to take?A. Disable anonymous loginsB. Allow only anonymous loginsC. Configure the firewall to block port 21D. Place the FTP server outside of the firewallAnswer: B14公司网络的终端设备允许通过方式以下方式接入：（）A、802.1X认证B、安全网关认证C、MAC地址绑定参考答案：ABC15风险评估的内容包括：（）A、识别网络和信息系统等信息资产

13、的价值。B、发现信息资产在技术、管理等方面存在的脆弱性、威胁。C、评估威胁发生概率、安全事件影响，计算安全风险。D、有针对性的提出改进措施、技术方案和管理要求。参考答案：ABCD16安全事件监控信息主要来自以下方面：（）。A、网络安全设备或网络安全监控系统监测到的安全告警信息。B、政府相关部门或上级主管单位、有限公司通报的安全事件信息。C、安全事件投诉。参考答案：ABC17在确定安全域划分的原则后，需要对支撑的网络架构进行规划，分为（）。A、接入层B、接口汇聚层C、核心交换层D、子系统层参考答案：BCD18安全域划分的根本原则包括：（）。A、业务保障原则B、结构简化原则C、等级保护原则D、生命

14、周期原则参考答案：ABCD19网管系统的边界主要分类描述正确的是：（）。A、与CMNet的接口风险最低B、支撑系统间接口风险最高C、集团-省公司、网元接口风险较低参考答案：C20对于程序运行或者程序自身由于管理需要访问其它系统所使用的专用帐号，应符合如下要求：（）。A、只允许系统和设备之间通信使用，不得作为用户登录帐号使用。B、将此类帐号的维护管理权限统一授权给该系统的系统管理员，由后者归口管理。C、该系统的管理员负责建立该类帐号列表，并进行变更维护。参考答案：ABC21因系统能力或者管理原因无法按用户创建帐号时，应采取如下管理措施：（）。A、明确共享帐号责任人，责任人负责按照上述流程要求提出

15、共享帐号审批表，并在审批表中注明该共享帐号的所有用户名单。B、限制共享帐号的使用人数，建立相关管理制度保证系统的每项操作均可以对应到执行操作的具体人员。C、限定使用范围和使用环境。D、建立完善的操作记录制度，对交接班记录、重要操作记录表等。E、定期更新共享帐号密码。参考答案：ABCDE22设备日志应支持记录用户对设备的操作,记录需要包括（）。A、用户账号、操作时间、操作内容以及操作结果。B、操作系统、操作时间、操作内容以及操作结果。C、操作次数、操作时间、操作内容以及操作结果。D、登陆次数、操作时间、操作内容以及操作结果。参考答案：A2329.下列哪些操作可以看到自启动项目？A注册表B开始菜单

16、C任务管理器Dmsconfig参考答案：ABD24终端安全管理目标：规范支撑系统中终端用户的行为，降低来自支撑系统终端的安全威胁，重点解决以下问题（）。A、终端接入和配置管理；终端账号、秘密、漏洞补丁等系统安全管理；桌面及主机设置管理；终端防病毒管理B、终端账号、秘密、漏洞补丁等系统安全管理；桌面及主机设置管理；终端防病毒管理C、终端接入和配置管理；桌面及主机设置管理；终端防病毒管理D、终端接入和配置管理；终端账号、秘密、漏洞补丁等系统安全管理；桌面及主机设置管理参考答案：A25What is the different between digital signature mechanisms

17、 and simple encryption?A. Digital signatures are generally 128-bit encryption, whereas simple encryption is generally 56 bitsB. Digital signatures are verified by third parties that vouch for the veracity of the sender and thecontentsC. Digital signatures carry timestamps, whereas standard encryptio

18、n does notD. Standard encryption mechanisms have no provision for traffic padding to thwart password sniffersAnswer: B266、在对Window系统进行安全配置时，下面可以采用的安全措施是：A、禁止用户帐号自动登录B、帐号登录时，应该启用ctrl+del+alt登录方式C、设置帐号登录闲置时间，避免无人值守时，被恶意用户使用机器D、系统关机时要清除页面文件参考答案：ABCD27What is the standard method for securing individual

19、e-mail messages sent between a company and otherusers that do not use that e-mail server?A. Invoke encryption at the e-mail serverB. Invoke encryption on each clientC. Filter firewall port 42 on the company firewallD. Store all e-mail messages on a separate partitionAnswer: B28You have installed a p

20、roxy server that authenticates users. However, you find that one user has bypassedthe proxy server by entering the default gateway IP address. How can you solve this problem?A. Configure the default gateway to deny access to all systemsB. Confront the userC. Reconfigure the users machineD. Configure

21、 the default gateway to reject all requests to all systems except for the proxy serverAnswer: D29Which application is used to learn about an operating systems type and patch level?A. TracerouteB. NmapC. WhoisD. PingAnswer: B30Ulf is a systems administrator. He sees that an attacker from a remote loc

22、ation is sending invalid packets,trying to monopolize Ulfs connection so that a denial of service occurs. What characteristic of theactivity makes Ulf think this is a denial-of-service attack?A. Bandwidth consumptionB. Hijacking of internal user resourcesC. PollingD. Use of an illicit serverAnswer:

23、A31Which directory holds the Microsoft NT operating system on an NT 4.0 server (using defaultinstallation)?A. windowsB. winntC. winnt4.0D. program filesAnswer: B32Which of the following do hackers target because it usually communicates in Cleartext?A. RouterB. DNS serverC. FTP serverD. E-mail server

24、Answer: C33A hacker has just changed the information for a zone during a zone transfer. This attack caused falseinformation to be passed on to network hosts as if it were legitimate. Which type of server is the target insuch an attack?A. An e-mail serverB. A DNS serverC. A routerD. A FTP serverAnswe

25、r: B34What is the name of the risk assessment stage in which you bypass login accounts and passwords?A. PenetrationB. ControlC. ActivationD. DiscoveryAnswer: A35Which type of attack uses a database or databases to guess a password in order to gain access to acomputer system?A. Hijacking attackB. Vir

26、us attackC. Dictionary attackD. Man-in-the-middle attackAnswer: C36Which type of attack occurs when a hacker obtains passwords and other information from legitimatetransactions?A. Man-in-the-middle attackB. Denial-of-service attackC. Dictionary attackD. Illicit server attackAnswer: A37What is proble

27、matic about a new NTFS partition?A. The 38Which of the following layers of TCP/IP stacks is the most difficult to secure?A. PhysicalB. NetworkC. TransportD. ApplicationAnswer: D39Which ports are used by SNMP?A. UDP ports 161 and 162B. UDP ports 20 and 21C. TCP ports 161 and 162D. TCP ports 20 and 21

28、Answer: A40Luke must advise his users about which client to employ when accessing remote systems. Which of thefollowing is a connection-oriented protocol that can contain unencrypted password information fromTelnet sessions?A. TCPB. TTPC. HTTPD. UDPAnswer: A41Laura is a system administrator who want

29、s to block all NNTP traffic between her network and theInternet. How should she configure her firewall?A. Disable anonymous logins in the NNTP configuration managerB. Configure all routers to block broadcast packetsC. Configure the firewall to block port 119D. Configure the firewall to block port 25

30、Answer: C42You are using a packet sniffer to capture transmissions between two remote systems. However, you findthat you can only capture packets between your own system and another. What is the problem?A. You have configure your filter incorrectlyB. You are sniffing packets in a switch networkC. Tc

31、pdump captures packets only between your host and another hostD. Your system does not have its default gateway configuredAnswer: B43Which protocol is normally used to communicate errors or other conditions at the IP layer, but has alsobeen used to conduct denial-of-service attacks?A. TCPB. ICMPC. SNMPD. UDPAnswer: B44Which of the following is the correct order of events in