信息系統(tǒng)安全工程師認(rèn)證考試題（中英對(duì)照版）

信息系統(tǒng)安全工程師認(rèn)證考試題(中英對(duì)照版)BConductanonlinepasswordattackuntiltheaccou允許未分配的磁盤(pán)空間所需的覆蓋量恢復(fù)介質(zhì)頻率使用自動(dòng)分析可以最好地檢測(cè)到以下哪些漏洞?有效的跨站請(qǐng)求偽造(CSRF)漏洞多步驟進(jìn)程攻擊漏洞業(yè)務(wù)邏輯缺陷漏洞典型的源代碼漏洞BItaffectsotherstepsinthecertificationandDThesystemengineeringprocessworkswithselectedsecusticdisasterscenarioswhilemaint6.Whichofthefollowingprovidestheminimumredtoperformajobfunctionandrestrictstheusertoadom7.Asoftwaredevelopmentpanyhasashorttimeliasoftwareproduct.Thesoftwaredevelopmenttptshouldsoftwaredevelopersconsiderwhenusingopen-AesregularlyexploitthosevulnBOpensourcelibrariescanbeusedbyeveryone,andttandingthatthevulnerabilitiesintheselibrarieOpensourcelibrariesareconstantlyupdated,tavulnerabilityexistsforanadversary口OpensourcelibrariescontainunKnownvulnerab8.Afterfollowingtheprocessesdefintplan,asuperuserhasupgradedadevicewithinanInform.Whatstepwouldbetakentoensuret9.WhenintheSoftwareDevelopmentLifeCycle(SDLC)MUSTsoftwaresecurityfunctionalrequirAAfterthesystempreliminarydesignhasbeendevelopedacuritycategorizationBAfterthevulnerabilityanalysishasbeenperformedandCAfterthesystempreliminarydesignhasbeendevelopedaDAfterthebusinessfunctionalanalysisandthedatasecur更容易改變它可以保存在用戶(hù)的個(gè)人身上它更難復(fù)制更容易控制anin-depthapplicationandsecuritytestofthesyd一家公司雇傭了外部供應(yīng)商對(duì)新的工資系統(tǒng)進(jìn)行滲透測(cè)試。該公司的內(nèi)部測(cè)試團(tuán)隊(duì)已經(jīng)對(duì)該系統(tǒng)進(jìn)行了深入的應(yīng)用和安全測(cè)試，并確定其滿(mǎn)足安全要求。然而，外部供應(yīng)商發(fā)現(xiàn)了一些重大的安全弱點(diǎn)，即敏感的個(gè)人數(shù)據(jù)被未加密地發(fā)送到稅務(wù)處理系統(tǒng)。造成安全問(wèn)題的最可能的原因是什么?無(wú)法執(zhí)行接口測(cè)試未進(jìn)行陰性測(cè)試性能測(cè)試不足應(yīng)用程序級(jí)別測(cè)試不足連接兩個(gè)校園網(wǎng)的光纖鏈路中斷。工程師應(yīng)使用以下哪些工具來(lái)檢測(cè)光纖鏈路的確切斷點(diǎn)?光時(shí)域反射儀音頻發(fā)生器熔接機(jī)電纜測(cè)試器ichofthefollowingwouldbetheLEASTeffectivep14.Informationsecuringanewfirewall.Whichofthefollowingfailurerioritizesecurityintheeventoffailhousedevelopedapplication.DuAcquisitionprocess.panyAspecifiedthesecurityretOnanOperatingSystem(0S)thatpanyAhasneveruMeetsallsecurity-andfunctionalrequirementsasResponse,whatstepshouldAMoveaheadwiththeacpjisitionprocess,andpurchaseDEnterintocontractnegotiationsensuringServiceDPasswordandpletelyAutomatedPublicTuringtesttotApplicationprogrammingInterface(API)accessforfedeatehardwareandsoftwareinventoideringacquiringasucderstandingofthestartup'ssecurityposture一家成熟的信息技術(shù)(IT)咨詢(xún)公司正在考慮收購(gòu)一家成功的本地創(chuàng)業(yè)公司。為了全面了解初創(chuàng)公司的安全狀況，哪種評(píng)估類(lèi)型提供了最佳信息?滲透測(cè)試桌面練習(xí)一個(gè)安全威脅模型etimeittakestoperformnetwork,system,alianceauditswhileincreasingqualityandef大型企業(yè)的安全遵從性經(jīng)理希望減少執(zhí)行網(wǎng)絡(luò)、系統(tǒng)和應(yīng)用程序安全23.Whichoneofthefol帶來(lái)重大的安全風(fēng)險(xiǎn)?支持安全Shel1(SSH)版本2協(xié)議。25.Amobiledeviceapplicationthatrestrictsthestorageofuserinf26.WhichofthefollowingistheBESTwaytoprotecta27.WhileclassifyingcreditcarddatarelatedtoParyDataSecurityStandards(PCIDSS),whichofthefollowin28.Whendeterminingdataandinformationassethandsofthespecifictoolsetbeingused,whichofthefollowingisoneoion,whatshouldbetheanalyst'sFIRS30.Asasecuritymangerwhichofthefollowingis31.InwhichprocessMUSTsecuritybeconsidere32.WhatistheFIRSTstepthatshouldbeconsid33.WhichofthefollowingstatementsisTRUEA測(cè)試輸入是從給定的功能規(guī)范的導(dǎo)出邊界中獲得的BItischaracterizedbythestatelessbehaviorof它的特征是在一個(gè)函數(shù)中實(shí)現(xiàn)的進(jìn)程的無(wú)狀態(tài)行為通過(guò)只考慮該分區(qū)中的一個(gè)代表值，就可以覆蓋整個(gè)分區(qū)DItisusefulfortestingmunicationsprotocolsan它對(duì)測(cè)試通信協(xié)議和圖形用戶(hù)界面很有用在處理安全事件的后果時(shí)，下列哪一種安全控制最合適?偵查和恢復(fù)控制ataSecurityStandard(P一個(gè)組織機(jī)構(gòu)必須遵守支付卡行業(yè)數(shù)據(jù)安全標(biāo)準(zhǔn)(PCI-DSS),保護(hù)包36.AvulnerabilityassessmentreporthasTheclientindicatesthatonethirdofthehosInwhichphaseoftheassessmentwasthiserror37.WhichofthefollowingBESTdescribesRecoDpartysolutionsareKnownfortransferringtherisktotheven攻擊樹(shù)對(duì)下列哪一個(gè)最有用?確定系統(tǒng)安全范圍生成攻擊庫(kù)枚舉威脅評(píng)估拒絕服務(wù)(DoS)攻擊t,thesecuritypractitionerperformsmultipletypesofteststoconfefield,thesecuritypractitionercreat在允許web應(yīng)用程序進(jìn)入生產(chǎn)環(huán)境之前，安全從業(yè)者會(huì)執(zhí)行多種類(lèi)型的測(cè)試，以確認(rèn)web應(yīng)用程序是否按照預(yù)期執(zhí)行。要測(cè)試用戶(hù)名字段，安全從業(yè)者創(chuàng)建一個(gè)測(cè)試，在該字段中輸入超出允許的字符。下面哪項(xiàng)最佳測(cè)試描述了所執(zhí)行的測(cè)試類(lèi)型?誤用案例測(cè)試滲透測(cè)試網(wǎng)絡(luò)會(huì)話(huà)測(cè)試接口測(cè)試獲得對(duì)受長(zhǎng)時(shí)間復(fù)雜密碼保護(hù)的文件的未經(jīng)授權(quán)訪(fǎng)問(wèn)的最有效的方法是什么?蠻力攻擊頻率分析社會(huì)工程字典式攻擊xistingsystems.WhichofthefollowingtechniquesaddARequirethecloud1AMprovidertousedeclarativesecurityinsteadofprogrammaticauthenticationcproxymodeinfrontoftheserviceprovidebasedauthenticationchepremiseAuthenticationGatewayService(AGS)Infrontofthprovider.43.WhichofthefollowingistheMOSTeffectivemethod44.WhenconfiguringExtensibleAuthenticationProtothenticationtypesistheMOD45.WhatistheBESTmethodifaninvestigatorwishestorivewhichmaybeusedasevALeavetheharddriveinplaceanduseonlyverifiedanperatingSystems(0S)utilities...序BLogintothesystemandimmediatelymakeacopyofalaWriteOnce,ReadMany...CRemovetheharddrivefromthesystemandmakeacopyoftotingthesystemandanalyctedofdefineddataelements.Which47.Adisadvantageofanapplicationfilteringfire48.Anorganizationisdesigningalargeenterprise-classificationlevelareaswithincreasinESTwaytoensuredocumentconfidentialityintheAencryptthecontentsoftherepositoryanddocuButilizeIntrusionDetectionSystem(IDS)setdropconnectionsiftoomanyrequestsfordocumentsaredDisclosureAgreements(NDA).49.TheMAINreasonanorganizationconductsasecurit50.AnIntrusionDetectionSystem(IDS)hasrts.WhichofthefollowingBESTdescribeswhatB、AddressResolutionProtoc51.Whomustapprovemodificationstoanorganfrastructureconfigur52.Acriminalorganizationisplanninganork.WhichofthefollowingistheMOSTsevereatCSensitiveinformationisgatheredonthr53.RefertotheinformationbeloAnorganizationhashiredaninformationsecurityofficirsecuritydepartment.Theofficerhasadequatetislackingtheothernecessaryponentstohaveaneffecment.Giventhenumberofpriorities,whichofthefollowilikelyinfluencetheselect54.WhichofthefollowingBESTmitigatestemusingidentityfederationandSecurityAssertionMa雙因素認(rèn)證數(shù)字證書(shū)和硬件令牌定時(shí)會(huì)話(huà)和安全套接字層(SSL)帶有字母數(shù)字和特殊字符的密碼個(gè)人對(duì)網(wǎng)絡(luò)的訪(fǎng)問(wèn)最好是基于風(fēng)險(xiǎn)矩陣業(yè)務(wù)需求數(shù)據(jù)分類(lèi)thesharedrecoverysitelacksadequatedatarestorahatwouldbeimpactedbythisfactifleftu57.WhichofthefollowingprovidestheMOSTsec58.Inconfigurationmanagement,whatbaselimationMUSTbemaintainedforeachputAOperatingsystemandversion,patchlevel,applCport59.WhichofthefollowingistheBESTmethodingintroducedintoaproducti60.WhichfactorsMUSTbeconsideredwhencladsupportingassetsforriskmanagement,legaldASystemowerrolesandresponsibililes,ageandsecuredevelopentlBDatastewardshiproles,datahandingandstoragestandards,datalifCplianceofficerolesandresponsiblities,classifiedmatingstandards,storagesystemlifDSystemauthorizationrolesandrepA