《2022年软考-信息安全工程师考试题库及全真模拟冲刺卷(含答案带详解)套卷75》由会员分享,可在线阅读,更多相关《2022年软考-信息安全工程师考试题库及全真模拟冲刺卷(含答案带详解)套卷75(24页珍藏版)》请在金锄头文库上搜索。
1、2022年软考-信息安全工程师考试题库及全真模拟冲刺卷(含答案带详解)1. 单选题对于提高人员安全意识和安全操作技能来说,以下所列的安全管理方法最有效的是 ( )。问题1选项A.安全检查B.安全教育和安全培训C.安全责任追究D.安全制度约束【答案】B【解析】本题考查网络安全能力提升和安全意识的相关知识。由于题目要求的是提高人员安全意识和安全操作技能,从安全管理角度来说,最有效的方法是进行安全教育和安全培训,其余三项皆是通过外力对人员进行相关约束。只有通过安全教育和安全培训,提高了人员自身的信息安全素养,才能实现最高效的“管理”。故本题选B。点播:此类题型主要从提高自身信息安全素养方面进行考查。
2、2. 单选题确保信息仅被合法实体访问,而不被泄露给非授权的实体或供其利用的特性是指信息的( )。问题1选项A.完整性B.可用性C.保密性D.不可抵赖性【答案】C【解析】本题考查信息安全的基本属性。 Normal 0 7.8 磅 0 2 false false false EN-US ZH-CN X-NONE 保密性:保密性是指网络信息不泄露给非授权的用户、实体或程序,能够防止非授权者获取信息。完整性:完整性是指网络信息或系统未经授权不能进行更改的特性。可用性:可用性是指合法许可的用户能够及时获取网络信息或服务的特性。抗抵赖性:抗抵赖性是指防止网络信息系统相关用户否认其活动行为的特性。故本题选C
3、。点播:常见的网络信息安全基本属性主要有机密性、完整性、可用性、抗抵赖性和可控性等,此外还有真实性、时效性、合规性、隐私性等。3. 单选题以下关于网络欺骗的描述中,不正确的是( )。问题1选项A.Web欺骗是一种社会工程攻击B.DNS欺骗通过入侵网站服务器实现对网站内容的篡改C.邮件欺骗可以远程登录邮件服务器的端口 25D.采用双向绑定的方法可以有效阻止ARP欺骗【答案】B【解析】本题考查网络欺骗相关知识。DNS欺骗:是一种攻击者冒充域名服务器的欺骗行为。原理:如果可以冒充域名服务器,然后把查询的IP地址设为攻击者的IP地址,这样的话,用户上网就只能看到攻击者的主页,而不是用户想要取得的网站的
4、主页了,这就是DNS欺骗的基本原理。并不会对原网页内容进行篡改。故本题选B。点播:网络欺骗就是使入侵者相信信息系统存在有价值的、可利用的安全弱点,并具有一些可攻击窃取的资源(当然这些资源是伪造的或不重要的),并将入侵者引向这些错误的资源。它能够显著地增加入侵者的工作量、入侵复杂度以及不确定性,从而使入侵者不知道其进攻是否奏效或成功。而且,它允许防护者跟踪入侵者的行为,在入侵者之前修补系统可能存在的安全漏洞。4. 单选题关于祖冲之算法的安全性分析不正确的是( )。问题1选项A.祖冲之算法输出序列的随机性好,周期足够大B.祖冲之算法的输出具有良好的线性、混淆特性和扩散特性C.祖冲之算法可以抵抗已知
5、的序列密码分析方法D.祖冲之算法可以抵抗弱密分析【答案】B【解析】本题考查祖冲之密码相关知识。祖冲之算法是我国学者自主设计的加密和完整性算法,是一种流密码。算法由三个基本部分组成,依次为比特重组、非线性函数F、线性反馈位移寄存器(LFSR)。ZUC 算法在逻辑上采用三层结构设计,具有非常高的安全强度,能够抵抗目前常见的各种流密码攻击方法。ZUC算法本质上是一种非线性序列产生器。由此,在种子密钥的作用下,可以产生足够长的安全密钥序列。把与密钥序列明文数据模2相加,便完成了数据加密。同样,把密钥序列与密文数据模2相加,便完成了数据解密。故本题选B。5. 单选题Trust is typically
6、interpreted as a subjective belief in the reliability, honesty and security of an entity on which we depend ( )our welfare .In online environments we depend on a wide spectrun of things , ranging from computer hardware,software and data to people and organizations. A security solution always assumes
7、 certain entities function according to specific policies.To trust is precisely to make this sort of assumptions , hence , a trusted entity is the same as an entity that is assumed to function according to policy . A consequence of this is that a trust component of a system must work correctly in or
8、der for the security of that system to hold, meaning that when a trusted( )fails , then the systemsand applications that depend on it can( )be considered secure . An often cited articulation of this principle is: a trusted system or component is one that can break your security policy” ( which happe
9、ns when the trust system fails ). The same applies to a trusted party such as a service provider ( SP for short )that is , it must operate according to the agreed or assumed policy in order to ensure the expected level of securty and quality of services . A paradoxical conclusion to be drawn from th
10、is analysis is that security assurance may decrease when increasing the number of trusted components and parties that a service infrastructure depends on . This is because the security of an infrastructure consisting of many Trusted components typically follows the principle of the weakest link , th
11、at is ,in many situations the the overall security can only be as strong as the least reliable or least secure of all the trusted components. We cannot avoid using trusted security components,but the fewer the better. This is important to understand when designing the identity management architectur
12、es,that is, fewer the trusted parties in an identity management model , stronger the security that can be achieved by it .The transfer of the social constructs of identity and trust into digital and computational concepts helps in designing and implementing large scale online markets and communities
13、,and also plays an important role in the converging mobile and Internet environments . Identity management (denoted Idm hereafter ) is about recognizing and verifying the correctness of identitied in online environment .Trust management becomes a component of ( ) whenever different parties rely on e
14、ach other for identity provision and authentication . IdM and Trust management therefore depend on each other in complex ways because the correctness of the identity itself must be trusted for the quality and reliability of the corresponding entity to be trusted.IdM is also an essential concept when
15、 defining authorisation policies in personalised services.Establishing trust always has a cost , so that having complex trust requirement typically leads to high overhead in establishing the required trust . To reduce costs there will be incentives for stakeholders to “cut corners”regarding trust requirements ,which could lead to inadequate security . The challenge is to design IdM systems with relatively simple
