1、A%Systemroot%B%Systemroot%system32samC%Systemroot%system32configD%Systemroot%configC516.SQLSERVER中下面那个存储过程可以执行系统命令?A、xp_regreadB、xp_commandC、xp_cmdshellD、sp_password611LINUX中,什么命令可以控制口令的存活时间?AchageBpasswdCchmodDumaskA76Kerberos提供的最重要的安全服务是?A鉴别B机密性C完整性D可用性85在密码学中,对RSA算法的描述正确的是?ARSA是秘密密钥算法和对称密钥算法BRSA是
2、非对称密钥算法和公钥算法CRSA是秘密密钥算法和非对称密钥算法DRSA是公钥算法和对称密钥算法93某种防火墙的缺点是没有办法从非常细微之处来分析数据包,但它的优点是非常快,这种防火墙是以下的哪一种?A电路级网关B应用级网关C会话层防火墙D包过滤防火墙D102一般的防火墙不能实现以下哪项功能?A隔离公司网络和不可信的网络B防止病毒和特络依木马程序C隔离内网D访问控制112、在对WindowsDNS访问控制时,可以采用的安全措施是:A、限定允许区域复制的服务器IP,防止区域信息被获取B、配置允许递归查询的IP地址列表C、如果DNS服务器有多个IP时,DNS服务只绑定在某个本地IP地址上D、以上都不
3、正确AC12Which of the following layers of TCP/IP stacks is the most difficult to secure?A. PhysicalB. NetworkC. TransportD. ApplicationAnswer: D134、在对IIS脚本映射做安全配置的过程中,下面说法正确的是:A、无用的脚本映射会给IIS引入安全隐患B、木马后门可能会通过脚本映射来实现C、在脚本映射中,可以通过限制get、head、put等方法的使用,来对客户端的请求做限制D、以上说法均不正确14当发生下述情况时,应立即撤销帐号或更改帐号口令,并做好记录:()
4、。A、帐号使用者由于岗位职责变动、离职等原因,不再需要原有访问权限时。B、临时性或阶段性使用的帐号,在工作结束后。C、帐号使用者违反了有关口令管理规定。D、有迹象表明口令可能已经泄露。1510、下面对于Apache安全配置说法,错误的是:A、chroot可以使apache运行在一个相对独立的环境中,使入侵者的破坏限定在一个范围内B、Mod_Dosevasive模块是一个用来防止DoS的模块C、Mod_Rewrite模块可以用来检查客户端提交的请求,进行限制和检查D、apache本身不带有防止缓冲溢出的功能,需要安装相关的安全模块来实现169、下面关于Apache的用户验证说法,错误的是?A、A
5、pache不支持基于主机名称的验证B、支持采用MIMEbase64编码发送的普通验证模式C、采用SSL协议,可以有效的保护帐号密码信息及数据D、Apache采用普通验证模式时,采用的是操作系统上的帐号和密码AD178、在Apache上,有个非常重要的安全模块Mod_Security,下面哪些是这个模块具备的功能:A、基于IP的访问控制B、缓冲区溢出的保护C、对SQL注入有一定的防止作用D、对请求方法和请求内容,进行过滤控制BCD185、在Apache中可以采用修改http响应信息的方式,达到伪装和隐藏apache的目的。下面说法正确的是:A、通过ServerTokens可以控制apacheSe
6、rver回送给客户端的回应头域是否包含关于服务器OS类型和编译进的模块描述信息B、当客户端请求失败时,apache将发送错误提示页面到客户端,这些错误页面是webserver开发商自己定义的,IIS和apache的是不一样的C、因为页脚模板里面通常包含apache的版本信息,关闭ServerSignature功能,服务器产生的错误页面将不引用页脚模板D、将错误提示页面更换成IIS的错误提示页面,可以迷惑入侵者对于webserver软件的判断193、下面关于apache的一些基本参数配置,说法正确的是:A、ServerRoot是用来指定web根目录的,通常缺省网页index.html就在这个目录
7、下B、DocumentRoot是用来存放apache帮组文档的,应该及时删除掉此目录C、HostnameLookups指令可以启用Apache的DNS查询功能,打开此功能,将会影响web服务器的性能201、Apache安装配置完成后,有些不用的文件应该及时删除掉。下面可以采用的做法是:A、将源代码文件转移到其他的机器上,以免被入侵者来重新编译apacheB、删除系统自带的缺省网页,一般在htdocs目录下C、删除cgi例子脚本D、删除源代码文件,将使apache不能运行,应禁止一般用户对这些文件的读权限2110、关于DNS服务域名递归查询说法正确的是A、一般客户机和服务器之间域名查询为非递归方
8、式查询。B、一般DNS服务器之间递归方式查询。C、为了确保安全,需要限制对DNS服务器进行域名递归查询的服务器或主机。D、域名服务器的递归查询功能缺省为关闭的,不允许机器或主机进行域名递归查询。229、针对下列配置,描述正确的说法为:/etc/named.confoptionsdirectory/var/named;allow-query202.96.44.0/24;allow-transfer192.168.100.0/24;none;A、允许进行域名查询的主机IP列表为202.96.44.0/24B、允许进行区域记录传输的主机IP列表为192.168.100.0/24C、允许进行域名查询的
9、主机IP列表为192.168.100.0/24D、允许进行区域记录传输的主机IP列表为202.96.44.0/24AB235、关于向DNS服务器提交动态DNS更新,针对下列配置,描述正确的说法为:allow-update202.96.44.0/24;A、允许向本DNS服务器进行区域传输的主机IP列表为202.96.44.0/24B、允许向本DNS服务器进行域名递归查询的主机IP列表202.96.44.0/24C、允许向本DNS服务器提交动态DNS更新的主机IP列表202.96.44.0/24D、缺省时为拒绝所有主机的动态DNS更新提交。244在区域文件传输(Zonetransfers)中DNS
10、服务使用哪个端口?A、TCP53B、UDP53C、UDP23D、TCP23259、下面那些方法,可以实现对IIS重要文件的保护或隐藏?A、通过修改注册表,将缺省配置文件改名,并转移路径B、将wwwroot目录,更改到非系统分区C、修改日志文件的缺省位置D、将脚本文件和静态网页存放到不同目录,并分配不同权限26What is the major security issue with standard NIS (Network Information System)?A. It is impossible to enforce a centralized login schemeB. NIS p
11、rovides no authentication requirement in its native stateC. There is no way to encrypt data being transferredD. NIS is a legacy service and, as such, is only used in order, less secure operating systems andnetworks B274.以下Windows2000注册表中,常常包含病毒或者后门启动项的是:A、HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsNT
12、CurrentVersionICMB、HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunC、HKEY_CURRENT_SUERSoftwareMicrosoftSharedD、HKEY_CURRENT_USERSoftwareMicrosoftCydoor28You notice that your FTP service reveals unnecessary information about your server. Which of thefollowing is the most efficient solution
13、 to this problem?A. Filter out the login banner using a packet filterB. Disable the service in questionC. Place the service behind the firewallD. Disable the login banner for the service29What host-level information would you want to obtain so you can exploit defaults and patches?A. ServersB. Router
14、s and switchesC. DatabasesD. Firewall types A30Which tool, service or command will enable you to learn the entire address range used by an organizationor company?A. TracerouteB. NslookupC. Port scannerD. Ping scanner31Which type of attack can use a worm or packet sniffer to crash systems, causing lo
15、w resources and/orconsuming bandwidth?A. Denial-of-service attackB. Illicit server attackC. Man-in-the-middle attackD. Virus attack32Which service, tool or command allows a remote or local user to learn the directories or files that areaccessible on the network?B. Share scanner33Kerstin connected to
16、 an e-commerce site and brought a new mouse pad with her credit card for $5.00plus shipping and handling. She never received her mouse pad so she called her credit card company tocancel the transaction. She was not charged for the mouse pad, but she received multiple charges sheknew nothing about. S
17、he tried to connect to the site again but could not find it. Which type of hackingattack occurred?B. Hijacking attackC. Illicit server attackD. Spoofing attack34Which command, tool or service on a UNIX network converts names to IP addresses and IP addresses tonames, and can also specify which server
18、s are mail servers?A. Port scannerB. TracerouteC. HostD. Nslookup C35Luke is documenting all of his network attributes. He wants to know the type of network-levelinformation that is represented by the locations of access panels, wiring closets and server rooms. Whichof the following is the correct t
19、erm for this activity?A. Network mappingB. IP service routingC. Router and switch designingD. War dialing36In a typical corporate environment, which of the following resources demands the highest level ofsecurity on the network?A. PurchasingB. EngineeringC. SalesD. Accounting37因系统能力或者管理原因无法按用户创建帐号时,
20、应采取如下管理措施:A、明确共享帐号责任人,责任人负责按照上述流程要求提出共享帐号审批表,并在审批表中注明该共享帐号的所有用户名单。B、限制共享帐号的使用人数,建立相关管理制度保证系统的每项操作均可以对应到执行操作的具体人员。C、限定使用范围和使用环境。D、建立完善的操作记录制度,对交接班记录、重要操作记录表等。E、定期更新共享帐号密码。ABCDE38In a Linux system, how do you stop the POP3, IMAPD, and FTP services?A. By changing the permissions on the configuration fi
21、le that controls the service (/sbin/inetd), thenrecompiling /etc/inetd.configB. By commenting out the service using the # symbol in the text file /etc/inetd.conf, then restarting theinetd daemonC. By recompiling the system kernel, making sure you have disabled that serviceD. By commenting out the se
22、rvice using the $ symbol in the text file /etc/inetd.conf, then restarting theinetd daemon.39对于程序运行或者程序自身由于管理需要访问其它系统所使用的专用帐号,应符合如下要求:A、只允许系统和设备之间通信使用,不得作为用户登录帐号使用。B、将此类帐号的维护管理权限统一授权给该系统的系统管理员,由后者归口管理。C、该系统的管理员负责建立该类帐号列表,并进行变更维护。40What are the security issues that arise in the use of the NFS (Networ
23、k File System)?A. Synchronization of user and group IDs is poor, so it is easy to spoof trusted hosts and user names.B. The lack of logging in one place or on one machine, and the multiple logs this then requires, cancreate bottlenecksC. The possibility arises for Cleartext passwords to be sniffed o
24、n the network if it does not use SecureRPC.D. NFS uses a weak authentication scheme and transfers information in encrypted form41Which of the following best describes the problem with share permissions and share points in WindowsNT?A. Share points must be the same value as the directory that serves
25、the share pointB. Share points contains permissions; and any file under the share point must possess the samepermissionsC. Share permissions are exclusive to root directories and files; they do not involve share points, whichdefine user permissionsD. Share points are set when connection is establish
26、ed, therefore the static nature of file permissions canconflict with share points if they are not set with read and write permissions for everyone.42Michel wants to write a computer virus that will cripple UNIX systems. What is going to be the mainobstacle preventing him from success?A. UNIX compute
27、rs are extremely difficult to access illicitly over the internet, and therefore computerviruses are not an issue with UNIX systemsB. Due to the file permission structure and the number of variations in the UNIX hardwarearchitectures, a virus would have to gain root privileges as well as identify the
28、 hardware and UNIXflavor in use.C. Due to availability of effective free anti-virus tools, computer viruses are caught early and often.Michels virus would have to evade detection for it to succeed.D. Due to the extensive use of ANSI C in the programming of UNIX, the virus would have to mimicsome of the source code used in the infected iteration of the UNIX operating system43中国移动网络运行维护规程落实了
copyright@ 2008-2023 冰点文库 网站版权所有
经营许可证编号:鄂ICP备19020893号-2
升级会员 