{"msg":"第一节 安全性","code":200,"data":{"currentIndex":null,"examId":null,"examTime":null,"questionList":[{"id":"796239130672517121","title":"<p><strong>请作答第<span style=\"color: red\">2</span>个空。</strong></p>信息系统安全可划分为物理安全、网络安全、系统安全和应用安全，（8）属于系统安全，（9）属于应用安全。","analyze":"机房安全属于物理安全，入侵检测属于网络安全，漏洞补丁管理属于系统安全，而数据库安全则是应用安全。","multi":0,"questionType":1,"answer":"D","chooseItem":["796239131616235521"],"itemList":[{"id":"796239131570098177","questionId":"796239130672517121","content":" 机房安生","answer":0,"chooseValue":"A"},{"id":"796239131586875393","questionId":"796239130672517121","content":" 入侵检测","answer":0,"chooseValue":"B"},{"id":"796239131603652609","questionId":"796239130672517121","content":" 漏洞补丁管理","answer":0,"chooseValue":"C"},{"id":"796239131616235521","questionId":"796239130672517121","content":" 数据库安全","answer":1,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796239140269084673","title":"支持安全Web应用的协议是（7）。","analyze":"本题考查网络安全方面的知识。<br>Web服务的标准协议是HTTP协议，HTTPS对HTTP协议增加了一些安全特性，WINS是Windows系统的一种协议，SOAP是基于HTTP和XML,用于Web Service的简单对象访问协议。","multi":0,"questionType":1,"answer":"A","chooseItem":["796239141326049281"],"itemList":[{"id":"796239141326049281","questionId":"796239140269084673","content":" HTTPS","answer":1,"chooseValue":"A"},{"id":"796239141338632193","questionId":"796239140269084673","content":" HTTPD","answer":0,"chooseValue":"B"},{"id":"796239141355409409","questionId":"796239140269084673","content":" SOAP","answer":0,"chooseValue":"C"},{"id":"796239141372186625","questionId":"796239140269084673","content":" HTTP","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796239119469531137","title":"以下关于电子商务的叙述，正确的是（37）。","analyze":"电子商务的过程与传统商务的过程是一致的，包括识别商品、选择、协商、购买、递送、售后服务等过程，这些过程有些可以电子化，有些不能（如递送、售后服务等），因此利用电子商务系统向消费者在线销售产品，并没有超越传统的零售方式。<br>虽然产品的存储、打包、运送和跟踪等，对组织的成功非常重要，但是考虑到成本、效益和专业区分，这些过程通常会外包给专门的仓储公司、货运公司。电子商务支付系统是电子商务基础设施的关键组成部分，但是用于电子商务系统应用于Internet网上，为防止用户信用卡、账号等信息被探测和监听，常常采用安全套接字层（SSL)技术来保证敏感、关键数据的安全。SSL包括握手阶段，该阶段用来认证服务期，决定使用的加密算法并在发送和接收方之间交换密钥。<br>电子购物车的功能是跟踪客户选择的购买物品，目前购物车的实现主要是通过Cookie方式实现，可能会在服务器的数据库中存放购物车内容信息，购物车功能不是由Web服务器软件实现的。","multi":0,"questionType":1,"answer":"C","chooseItem":["796239120480358401"],"itemList":[{"id":"796239120425832449","questionId":"796239119469531137","content":" 利用电子商务系统向消费者在线销售产品，已经超越了传统的零售方式","answer":0,"chooseValue":"A"},{"id":"796239120459386881","questionId":"796239119469531137","content":" 产品的存储、打包、运送和跟踪等，对组织的成功非常重要，几乎没有制造商或零售商将这些行为外包","answer":0,"chooseValue":"B"},{"id":"796239120480358401","questionId":"796239119469531137","content":" SSL通信协议用于保护电子商务交易中的敏感数据","answer":1,"chooseValue":"C"},{"id":"796239120505524225","questionId":"796239119469531137","content":" 购物车功能是由Web服务器软件来实现的","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796239127728115713","title":"<p><strong>请作答第<span style=\"color: red\">1</span>个空。</strong></p>信息系统安全可划分为物理安全、网络安全、系统安全和应用安全，（8）属于系统安全，（9）属于应用安全。","analyze":"机房安全属于物理安全，入侵检测属于网络安全，漏洞补丁管理属于系统安全，而数据库安全则是应用安全。","multi":0,"questionType":1,"answer":"C","chooseItem":["796239128646668289"],"itemList":[{"id":"796239128617308161","questionId":"796239127728115713","content":" 机房安全","answer":0,"chooseValue":"A"},{"id":"796239128629891073","questionId":"796239127728115713","content":" 入侵检测","answer":0,"chooseValue":"B"},{"id":"796239128646668289","questionId":"796239127728115713","content":" 漏洞补丁管理","answer":1,"chooseValue":"C"},{"id":"796239128659251201","questionId":"796239127728115713","content":" 数据库安全","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796239124741771265","title":"信息安全的威胁有多种，其中（39）是指通过对系统进行长期监听，利用统计分析方法对诸如通信频度、通信的信息流向、通信总量的变化等参数进行研究，从中发现有价值的信息和规律。","analyze":"本题考查信息化（信息安全）方面的基础知识。<br>业务流分析属于信息安全威胁的一种。它通过对系统进行长期监听，利用统计分析方法诸如通信频度、通信的信息流向、通信总量的变化等参数进行研究，从中发现有价值的信息规律。","multi":0,"questionType":1,"answer":"D","chooseItem":["796239125744209921"],"itemList":[{"id":"796239125664518145","questionId":"796239124741771265","content":" 窃听","answer":0,"chooseValue":"A"},{"id":"796239125693878273","questionId":"796239124741771265","content":" 信息泄露","answer":0,"chooseValue":"B"},{"id":"796239125723238401","questionId":"796239124741771265","content":" 旁路控制","answer":0,"chooseValue":"C"},{"id":"796239125744209921","questionId":"796239124741771265","content":" 业务流分析","answer":1,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796233815319138305","title":"()不属于基于生物特征的认证技术。","analyze":"生物特征识别技术主要是指通过人类生物特征进行身份认证的一种技术，这里的生物特征通常具有唯一的（与他人不同）、可以测量或可自动识别和验证、遗传性或终身不变等特点。所谓生物识别的核心在于如何获取这些生物特征，并将之转换为数字信息，存储于计算机中，利用可靠的匹配算法来完成验证与识别个人身份的过程。<br> 身体特征包括：指纹、静脉、掌型、视网膜、虹膜、人体气味、脸型、甚至血管、DNA、骨骼等。","multi":0,"questionType":1,"answer":"C","chooseItem":["796233816300605441"],"itemList":[{"id":"796233816241885185","questionId":"796233815319138305","content":" 指纹识别","answer":0,"chooseValue":"A"},{"id":"796233816271245313","questionId":"796233815319138305","content":" 人脸识别","answer":0,"chooseValue":"B"},{"id":"796233816300605441","questionId":"796233815319138305","content":" 口令","answer":1,"chooseValue":"C"},{"id":"796233816325771265","questionId":"796233815319138305","content":" 虹膜识别","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796233818297094145","title":"()属于公钥加密算法。","analyze":"本题考查信息安全基础知识。<br> 对称加密算法包括：DES（数据加密标准）、AES。","multi":0,"questionType":1,"answer":"B","chooseItem":["796233819240812545"],"itemList":[{"id":"796233819211452417","questionId":"796233818297094145","content":" AES","answer":0,"chooseValue":"A"},{"id":"796233819240812545","questionId":"796233818297094145","content":" RSA","answer":1,"chooseValue":"B"},{"id":"796233819270172673","questionId":"796233818297094145","content":" MD5","answer":0,"chooseValue":"C"},{"id":"796233819299532801","questionId":"796233818297094145","content":" DES","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796234786178879489","title":"以下用于在网络应用层和传输层之间提供加密方案的协议是（ ）。","analyze":"本题考查加密方案及相关协议。<br>PGP用于对邮件进行加密，针对邮件消息，属应用层;IPSec用于对IP报文进行认证和加密，属网络层；DES是加密算法，不分层；SSL在网络应用层和传输层之间提供加密方案。","multi":0,"questionType":1,"answer":"B","chooseItem":["796234787151958017"],"itemList":[{"id":"796234787118403585","questionId":"796234786178879489","content":" PGP","answer":0,"chooseValue":"A"},{"id":"796234787151958017","questionId":"796234786178879489","content":" SSL","answer":1,"chooseValue":"B"},{"id":"796234787181318145","questionId":"796234786178879489","content":" IPSec","answer":0,"chooseValue":"C"},{"id":"796234787206483969","questionId":"796234786178879489","content":" DES","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796233987696644097","title":"<p><strong>请作答第<span style=\"color: red\">1</span>个空。</strong></p>信息系统的安全是一个复杂的综合体，涉及系统的方方面面， 其中（61）是指保护计算机设备、设施和其他媒体免遭地震、水灾、火灾、有害气体和其他环境事故（例如，电磁辐射等）破坏的措施和过程。（62）是计算机信息系统安全的重要环节，其实质是保证系统的正常运行，不因偶然的或恶意的侵扰而遭到破坏，使系统可靠、连续地运行，服务不被中断。","analyze":"本题考查计算机信息系统的安全体系。<br> 信息系统的安全是个复杂的综合体，涉及系统的方方面面， 其中实体安全是指保护计算机设备、设施和其他媒体免遭地震、水灾、火灾、有害气体和其他环境事故（例如，电磁辐射等）破坏的措施和过程。运行安全是计算机信息系统安全的重要环节，其实质是保证系统的正常运行，不因偶然的或恶意的侵扰而遭到破坏，使系统可靠、连续地运行，服务不被中断。","multi":0,"questionType":1,"answer":"D","chooseItem":["796233988791357441"],"itemList":[{"id":"796233988699082753","questionId":"796233987696644097","content":" 信息安全","answer":0,"chooseValue":"A"},{"id":"796233988732637185","questionId":"796233987696644097","content":" 人员安全","answer":0,"chooseValue":"B"},{"id":"796233988761997313","questionId":"796233987696644097","content":" 运行安全","answer":0,"chooseValue":"C"},{"id":"796233988791357441","questionId":"796233987696644097","content":" 实体安全","answer":1,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796233991026921473","title":"<p><strong>请作答第<span style=\"color: red\">2</span>个空。</strong></p>信息系统的安全是一个复杂的综合体，涉及系统的方方面面， 其中（61）是指保护计算机设备、设施和其他媒体免遭地震、水灾、火灾、有害气体和其他环境事故（例如，电磁辐射等）破坏的措施和过程。（62）是计算机信息系统安全的重要环节，其实质是保证系统的正常运行，不因偶然的或恶意的侵扰而遭到破坏，使系统可靠、连续地运行，服务不被中断。","analyze":"本题考查计算机信息系统的安全体系。<br> 信息系统的安全是个复杂的综合体，涉及系统的方方面面， 其中实体安全是指保护计算机设备、设施和其他媒体免遭地震、水灾、火灾、有害气体和其他环境事故（例如，电磁辐射等）破坏的措施和过程。运行安全是计算机信息系统安全的重要环节，其实质是保证系统的正常运行，不因偶然的或恶意的侵扰而遭到破坏，使系统可靠、连续地运行，服务不被中断。","multi":0,"questionType":1,"answer":"C","chooseItem":["796233992176160769"],"itemList":[{"id":"796233992113246209","questionId":"796233991026921473","content":" 信息安全","answer":0,"chooseValue":"A"},{"id":"796233992142606337","questionId":"796233991026921473","content":" 人员安全","answer":0,"chooseValue":"B"},{"id":"796233992176160769","questionId":"796233991026921473","content":" 运行安全","answer":1,"chooseValue":"C"},{"id":"796233992205520897","questionId":"796233991026921473","content":" 实体安全","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796235213192581121","title":"<p><strong>请作答第<span style=\"color: red\">2</span>个空。</strong></p>据统计，截至2017年2月，全球一半以上的网站已使用HTTPS 协议进行数据传输，原HTTP 协议默认使用（69）端口，HTTPS使用（70）作为加密协议，默认使用443端口。","analyze":"本题考查HTTP协议和HTTPS基础知识。<br>HTTP (超文本传输协议）被用于在Web浏览器和网站服务器之间传递信息，HTTP协议以明文方式发送内容，不提供任何方式的数据加密，如果攻击者截取了Web浏览器和网站服务器之间的传输报文，就可以直接读懂其中的信息，因此，HTTP协议不适合传输一些敏感信息，比如：信用卡号、密码等支付信息。 <br>为了数据传输的安全，HTTPS (安全套接字层超文本传输协议）在HTTP的基础上加入了SSL协议，SSL依靠证书来验证服务器的身份，并为浏览器和服务器之间的通信加密。","multi":0,"questionType":1,"answer":"B","chooseItem":["796235214304071681"],"itemList":[{"id":"796235214270517249","questionId":"796235213192581121","content":" RSA","answer":0,"chooseValue":"A"},{"id":"796235214304071681","questionId":"796235213192581121","content":" SSL","answer":1,"chooseValue":"B"},{"id":"796235214333431809","questionId":"796235213192581121","content":" SSH","answer":0,"chooseValue":"C"},{"id":"796235214354403329","questionId":"796235213192581121","content":" SHA-1","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796234298637176833","title":"某电子商务网站为实现用户安全访问，应使用的协议是( )。","analyze":"本题考查网络安全知识。<br> HTTP(超文本传输协议）用于在Web浏览器和网站服务器之间传递信息，HTTP协议以明文方式发送内容，不提供任何方式的数据加密，如果攻击者截取了Web浏览器和网站服务器之间的传输报文，就可以直接读懂其中的信息，因此，HTTP协议不适合传输一些敏感信息，如信用卡号、密码等支付信息。为了数据传输的安全，HTTPS在HTTP的基础上加入了SSL协议，SSL依靠证书来验证服务器的身份，并为浏览器和服务器之间的通信加密。<br> WAP(无线通信协议）是在数字移动电话、互联网或其他个人数字助理机（PDA)乃至未来的信息家电之间进行通信的全球性开放标准。<br> IMAP(Internet消息访问协议）提供面向用户的邮件收取服务，常用的版本是IMAP4。IMAP4改进了POP3的不足，用户可以通过浏览信件头来决定是否收取、删除和检索邮件的特定部分，还可以在服务器上创建或更改文件夹或邮箱，它除了支持POP3协议的脱机操作模式外，还支持联机操作和断连接操作。它为用户提供了有选择地从邮件服务器接收邮件的功能、基于服务器的信息处理功能和共享信箱功能。","multi":0,"questionType":1,"answer":"C","chooseItem":["796234299559923713"],"itemList":[{"id":"796234299534757889","questionId":"796234298637176833","content":" HTTP","answer":0,"chooseValue":"A"},{"id":"796234299547340801","questionId":"796234298637176833","content":" WAP","answer":0,"chooseValue":"B"},{"id":"796234299559923713","questionId":"796234298637176833","content":" HTTPS","answer":1,"chooseValue":"C"},{"id":"796234299568312321","questionId":"796234298637176833","content":" IMAP","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796233821337964545","title":"确保计算机系统机密性的方法不包括()。","analyze":"备份虽然能够保证数据的可用性和完整性，但并不能确保机密性。相反，备份可能会增加数据泄露的风险。因为备份通常是未经加密的，并且可能存储在不安全的设备或媒介中，如果备份数据被恶意获取，可能导致数据泄露。\n<br>\n而加密、认证和授权都是确保计算机系统机密性的有效方法。加密可以防止未经授权的人员访问和获取计算机系统中的敏感数据；认证可以验证用户的身份，确保只有合法的用户才能访问计算机系统；授权可以限制用户的权限，确保用户只能访问其所需的授权资源，从而减少数据泄露的风险。","multi":0,"questionType":1,"answer":"D","chooseItem":["796233822281682945"],"itemList":[{"id":"796233822248128513","questionId":"796233821337964545","content":" 加密","answer":0,"chooseValue":"A"},{"id":"796233822256517121","questionId":"796233821337964545","content":" 认证","answer":0,"chooseValue":"B"},{"id":"796233822269100033","questionId":"796233821337964545","content":" 授权","answer":0,"chooseValue":"C"},{"id":"796233822281682945","questionId":"796233821337964545","content":" 备份","answer":1,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null}]}}