{"msg":"系统安全分析与设计","code":200,"data":{"currentIndex":null,"examId":null,"examTime":null,"questionList":[{"id":"796239130672517121","title":"<p><strong>请作答第<span style=\"color: red\">2</span>个空。</strong></p>信息系统安全可划分为物理安全、网络安全、系统安全和应用安全，（8）属于系统安全，（9）属于应用安全。","analyze":"机房安全属于物理安全，入侵检测属于网络安全，漏洞补丁管理属于系统安全，而数据库安全则是应用安全。","multi":0,"questionType":1,"answer":"D","chooseItem":["796239131616235521"],"itemList":[{"id":"796239131570098177","questionId":"796239130672517121","content":" 机房安生","answer":0,"chooseValue":"A"},{"id":"796239131586875393","questionId":"796239130672517121","content":" 入侵检测","answer":0,"chooseValue":"B"},{"id":"796239131603652609","questionId":"796239130672517121","content":" 漏洞补丁管理","answer":0,"chooseValue":"C"},{"id":"796239131616235521","questionId":"796239130672517121","content":" 数据库安全","answer":1,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796239140269084673","title":"支持安全Web应用的协议是（7）。","analyze":"本题考查网络安全方面的知识。<br>Web服务的标准协议是HTTP协议，HTTPS对HTTP协议增加了一些安全特性，WINS是Windows系统的一种协议，SOAP是基于HTTP和XML,用于Web Service的简单对象访问协议。","multi":0,"questionType":1,"answer":"A","chooseItem":["796239141326049281"],"itemList":[{"id":"796239141326049281","questionId":"796239140269084673","content":" HTTPS","answer":1,"chooseValue":"A"},{"id":"796239141338632193","questionId":"796239140269084673","content":" HTTPD","answer":0,"chooseValue":"B"},{"id":"796239141355409409","questionId":"796239140269084673","content":" SOAP","answer":0,"chooseValue":"C"},{"id":"796239141372186625","questionId":"796239140269084673","content":" HTTP","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796239119469531137","title":"以下关于电子商务的叙述，正确的是（37）。","analyze":"电子商务的过程与传统商务的过程是一致的，包括识别商品、选择、协商、购买、递送、售后服务等过程，这些过程有些可以电子化，有些不能（如递送、售后服务等），因此利用电子商务系统向消费者在线销售产品，并没有超越传统的零售方式。<br>虽然产品的存储、打包、运送和跟踪等，对组织的成功非常重要，但是考虑到成本、效益和专业区分，这些过程通常会外包给专门的仓储公司、货运公司。电子商务支付系统是电子商务基础设施的关键组成部分，但是用于电子商务系统应用于Internet网上，为防止用户信用卡、账号等信息被探测和监听，常常采用安全套接字层（SSL)技术来保证敏感、关键数据的安全。SSL包括握手阶段，该阶段用来认证服务期，决定使用的加密算法并在发送和接收方之间交换密钥。<br>电子购物车的功能是跟踪客户选择的购买物品，目前购物车的实现主要是通过Cookie方式实现，可能会在服务器的数据库中存放购物车内容信息，购物车功能不是由Web服务器软件实现的。","multi":0,"questionType":1,"answer":"C","chooseItem":["796239120480358401"],"itemList":[{"id":"796239120425832449","questionId":"796239119469531137","content":" 利用电子商务系统向消费者在线销售产品，已经超越了传统的零售方式","answer":0,"chooseValue":"A"},{"id":"796239120459386881","questionId":"796239119469531137","content":" 产品的存储、打包、运送和跟踪等，对组织的成功非常重要，几乎没有制造商或零售商将这些行为外包","answer":0,"chooseValue":"B"},{"id":"796239120480358401","questionId":"796239119469531137","content":" SSL通信协议用于保护电子商务交易中的敏感数据","answer":1,"chooseValue":"C"},{"id":"796239120505524225","questionId":"796239119469531137","content":" 购物车功能是由Web服务器软件来实现的","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796239127728115713","title":"<p><strong>请作答第<span style=\"color: red\">1</span>个空。</strong></p>信息系统安全可划分为物理安全、网络安全、系统安全和应用安全，（8）属于系统安全，（9）属于应用安全。","analyze":"机房安全属于物理安全，入侵检测属于网络安全，漏洞补丁管理属于系统安全，而数据库安全则是应用安全。","multi":0,"questionType":1,"answer":"C","chooseItem":["796239128646668289"],"itemList":[{"id":"796239128617308161","questionId":"796239127728115713","content":" 机房安全","answer":0,"chooseValue":"A"},{"id":"796239128629891073","questionId":"796239127728115713","content":" 入侵检测","answer":0,"chooseValue":"B"},{"id":"796239128646668289","questionId":"796239127728115713","content":" 漏洞补丁管理","answer":1,"chooseValue":"C"},{"id":"796239128659251201","questionId":"796239127728115713","content":" 数据库安全","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796239124741771265","title":"信息安全的威胁有多种，其中（39）是指通过对系统进行长期监听，利用统计分析方法对诸如通信频度、通信的信息流向、通信总量的变化等参数进行研究，从中发现有价值的信息和规律。","analyze":"本题考查信息化（信息安全）方面的基础知识。<br>业务流分析属于信息安全威胁的一种。它通过对系统进行长期监听，利用统计分析方法诸如通信频度、通信的信息流向、通信总量的变化等参数进行研究，从中发现有价值的信息规律。","multi":0,"questionType":1,"answer":"D","chooseItem":["796239125744209921"],"itemList":[{"id":"796239125664518145","questionId":"796239124741771265","content":" 窃听","answer":0,"chooseValue":"A"},{"id":"796239125693878273","questionId":"796239124741771265","content":" 信息泄露","answer":0,"chooseValue":"B"},{"id":"796239125723238401","questionId":"796239124741771265","content":" 旁路控制","answer":0,"chooseValue":"C"},{"id":"796239125744209921","questionId":"796239124741771265","content":" 业务流分析","answer":1,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796233815319138305","title":"()不属于基于生物特征的认证技术。","analyze":"生物特征识别技术主要是指通过人类生物特征进行身份认证的一种技术，这里的生物特征通常具有唯一的（与他人不同）、可以测量或可自动识别和验证、遗传性或终身不变等特点。所谓生物识别的核心在于如何获取这些生物特征，并将之转换为数字信息，存储于计算机中，利用可靠的匹配算法来完成验证与识别个人身份的过程。<br> 身体特征包括：指纹、静脉、掌型、视网膜、虹膜、人体气味、脸型、甚至血管、DNA、骨骼等。","multi":0,"questionType":1,"answer":"C","chooseItem":["796233816300605441"],"itemList":[{"id":"796233816241885185","questionId":"796233815319138305","content":" 指纹识别","answer":0,"chooseValue":"A"},{"id":"796233816271245313","questionId":"796233815319138305","content":" 人脸识别","answer":0,"chooseValue":"B"},{"id":"796233816300605441","questionId":"796233815319138305","content":" 口令","answer":1,"chooseValue":"C"},{"id":"796233816325771265","questionId":"796233815319138305","content":" 虹膜识别","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796233818297094145","title":"()属于公钥加密算法。","analyze":"本题考查信息安全基础知识。<br> 对称加密算法包括：DES（数据加密标准）、AES。","multi":0,"questionType":1,"answer":"B","chooseItem":["796233819240812545"],"itemList":[{"id":"796233819211452417","questionId":"796233818297094145","content":" AES","answer":0,"chooseValue":"A"},{"id":"796233819240812545","questionId":"796233818297094145","content":" RSA","answer":1,"chooseValue":"B"},{"id":"796233819270172673","questionId":"796233818297094145","content":" MD5","answer":0,"chooseValue":"C"},{"id":"796233819299532801","questionId":"796233818297094145","content":" DES","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796234786178879489","title":"以下用于在网络应用层和传输层之间提供加密方案的协议是（ ）。","analyze":"本题考查加密方案及相关协议。<br>PGP用于对邮件进行加密，针对邮件消息，属应用层;IPSec用于对IP报文进行认证和加密，属网络层；DES是加密算法，不分层；SSL在网络应用层和传输层之间提供加密方案。","multi":0,"questionType":1,"answer":"B","chooseItem":["796234787151958017"],"itemList":[{"id":"796234787118403585","questionId":"796234786178879489","content":" PGP","answer":0,"chooseValue":"A"},{"id":"796234787151958017","questionId":"796234786178879489","content":" SSL","answer":1,"chooseValue":"B"},{"id":"796234787181318145","questionId":"796234786178879489","content":" IPSec","answer":0,"chooseValue":"C"},{"id":"796234787206483969","questionId":"796234786178879489","content":" DES","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796233987696644097","title":"<p><strong>请作答第<span style=\"color: red\">1</span>个空。</strong></p>信息系统的安全是一个复杂的综合体，涉及系统的方方面面， 其中（61）是指保护计算机设备、设施和其他媒体免遭地震、水灾、火灾、有害气体和其他环境事故（例如，电磁辐射等）破坏的措施和过程。（62）是计算机信息系统安全的重要环节，其实质是保证系统的正常运行，不因偶然的或恶意的侵扰而遭到破坏，使系统可靠、连续地运行，服务不被中断。","analyze":"本题考查计算机信息系统的安全体系。<br> 信息系统的安全是个复杂的综合体，涉及系统的方方面面， 其中实体安全是指保护计算机设备、设施和其他媒体免遭地震、水灾、火灾、有害气体和其他环境事故（例如，电磁辐射等）破坏的措施和过程。运行安全是计算机信息系统安全的重要环节，其实质是保证系统的正常运行，不因偶然的或恶意的侵扰而遭到破坏，使系统可靠、连续地运行，服务不被中断。","multi":0,"questionType":1,"answer":"D","chooseItem":["796233988791357441"],"itemList":[{"id":"796233988699082753","questionId":"796233987696644097","content":" 信息安全","answer":0,"chooseValue":"A"},{"id":"796233988732637185","questionId":"796233987696644097","content":" 人员安全","answer":0,"chooseValue":"B"},{"id":"796233988761997313","questionId":"796233987696644097","content":" 运行安全","answer":0,"chooseValue":"C"},{"id":"796233988791357441","questionId":"796233987696644097","content":" 实体安全","answer":1,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796233991026921473","title":"<p><strong>请作答第<span style=\"color: red\">2</span>个空。</strong></p>信息系统的安全是一个复杂的综合体，涉及系统的方方面面， 其中（61）是指保护计算机设备、设施和其他媒体免遭地震、水灾、火灾、有害气体和其他环境事故（例如，电磁辐射等）破坏的措施和过程。（62）是计算机信息系统安全的重要环节，其实质是保证系统的正常运行，不因偶然的或恶意的侵扰而遭到破坏，使系统可靠、连续地运行，服务不被中断。","analyze":"本题考查计算机信息系统的安全体系。<br> 信息系统的安全是个复杂的综合体，涉及系统的方方面面， 其中实体安全是指保护计算机设备、设施和其他媒体免遭地震、水灾、火灾、有害气体和其他环境事故（例如，电磁辐射等）破坏的措施和过程。运行安全是计算机信息系统安全的重要环节，其实质是保证系统的正常运行，不因偶然的或恶意的侵扰而遭到破坏，使系统可靠、连续地运行，服务不被中断。","multi":0,"questionType":1,"answer":"C","chooseItem":["796233992176160769"],"itemList":[{"id":"796233992113246209","questionId":"796233991026921473","content":" 信息安全","answer":0,"chooseValue":"A"},{"id":"796233992142606337","questionId":"796233991026921473","content":" 人员安全","answer":0,"chooseValue":"B"},{"id":"796233992176160769","questionId":"796233991026921473","content":" 运行安全","answer":1,"chooseValue":"C"},{"id":"796233992205520897","questionId":"796233991026921473","content":" 实体安全","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796235213192581121","title":"<p><strong>请作答第<span style=\"color: red\">2</span>个空。</strong></p>据统计，截至2017年2月，全球一半以上的网站已使用HTTPS 协议进行数据传输，原HTTP 协议默认使用（69）端口，HTTPS使用（70）作为加密协议，默认使用443端口。","analyze":"本题考查HTTP协议和HTTPS基础知识。<br>HTTP (超文本传输协议）被用于在Web浏览器和网站服务器之间传递信息，HTTP协议以明文方式发送内容，不提供任何方式的数据加密，如果攻击者截取了Web浏览器和网站服务器之间的传输报文，就可以直接读懂其中的信息，因此，HTTP协议不适合传输一些敏感信息，比如：信用卡号、密码等支付信息。 <br>为了数据传输的安全，HTTPS (安全套接字层超文本传输协议）在HTTP的基础上加入了SSL协议，SSL依靠证书来验证服务器的身份，并为浏览器和服务器之间的通信加密。","multi":0,"questionType":1,"answer":"B","chooseItem":["796235214304071681"],"itemList":[{"id":"796235214270517249","questionId":"796235213192581121","content":" RSA","answer":0,"chooseValue":"A"},{"id":"796235214304071681","questionId":"796235213192581121","content":" SSL","answer":1,"chooseValue":"B"},{"id":"796235214333431809","questionId":"796235213192581121","content":" SSH","answer":0,"chooseValue":"C"},{"id":"796235214354403329","questionId":"796235213192581121","content":" SHA-1","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796234298637176833","title":"某电子商务网站为实现用户安全访问，应使用的协议是( )。","analyze":"本题考查网络安全知识。<br> HTTP(超文本传输协议）用于在Web浏览器和网站服务器之间传递信息，HTTP协议以明文方式发送内容，不提供任何方式的数据加密，如果攻击者截取了Web浏览器和网站服务器之间的传输报文，就可以直接读懂其中的信息，因此，HTTP协议不适合传输一些敏感信息，如信用卡号、密码等支付信息。为了数据传输的安全，HTTPS在HTTP的基础上加入了SSL协议，SSL依靠证书来验证服务器的身份，并为浏览器和服务器之间的通信加密。<br> WAP(无线通信协议）是在数字移动电话、互联网或其他个人数字助理机（PDA)乃至未来的信息家电之间进行通信的全球性开放标准。<br> IMAP(Internet消息访问协议）提供面向用户的邮件收取服务，常用的版本是IMAP4。IMAP4改进了POP3的不足，用户可以通过浏览信件头来决定是否收取、删除和检索邮件的特定部分，还可以在服务器上创建或更改文件夹或邮箱，它除了支持POP3协议的脱机操作模式外，还支持联机操作和断连接操作。它为用户提供了有选择地从邮件服务器接收邮件的功能、基于服务器的信息处理功能和共享信箱功能。","multi":0,"questionType":1,"answer":"C","chooseItem":["796234299559923713"],"itemList":[{"id":"796234299534757889","questionId":"796234298637176833","content":" HTTP","answer":0,"chooseValue":"A"},{"id":"796234299547340801","questionId":"796234298637176833","content":" WAP","answer":0,"chooseValue":"B"},{"id":"796234299559923713","questionId":"796234298637176833","content":" HTTPS","answer":1,"chooseValue":"C"},{"id":"796234299568312321","questionId":"796234298637176833","content":" IMAP","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796233821337964545","title":"确保计算机系统机密性的方法不包括()。","analyze":"备份虽然能够保证数据的可用性和完整性，但并不能确保机密性。相反，备份可能会增加数据泄露的风险。因为备份通常是未经加密的，并且可能存储在不安全的设备或媒介中，如果备份数据被恶意获取，可能导致数据泄露。\n<br>\n而加密、认证和授权都是确保计算机系统机密性的有效方法。加密可以防止未经授权的人员访问和获取计算机系统中的敏感数据；认证可以验证用户的身份，确保只有合法的用户才能访问计算机系统；授权可以限制用户的权限，确保用户只能访问其所需的授权资源，从而减少数据泄露的风险。","multi":0,"questionType":1,"answer":"D","chooseItem":["796233822281682945"],"itemList":[{"id":"796233822248128513","questionId":"796233821337964545","content":" 加密","answer":0,"chooseValue":"A"},{"id":"796233822256517121","questionId":"796233821337964545","content":" 认证","answer":0,"chooseValue":"B"},{"id":"796233822269100033","questionId":"796233821337964545","content":" 授权","answer":0,"chooseValue":"C"},{"id":"796233822281682945","questionId":"796233821337964545","content":" 备份","answer":1,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796239195231244289","title":"用户A从CA处获取了用户B的数字证书，用户A通过（6）可以确认该数字证书的有效性。","analyze":"用户B的数字证书中包含了CA的签名，因此用CA的公钥可验证数字证书的有效性。","multi":0,"questionType":1,"answer":"C","chooseItem":["796239196367900673"],"itemList":[{"id":"796239196300791809","questionId":"796239195231244289","content":" 用户B的公钥","answer":0,"chooseValue":"A"},{"id":"796239196334346241","questionId":"796239195231244289","content":" 用户B的私钥","answer":0,"chooseValue":"B"},{"id":"796239196367900673","questionId":"796239195231244289","content":" CA的公钥","answer":1,"chooseValue":"C"},{"id":"796239196401455105","questionId":"796239195231244289","content":" 用户A的私钥","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796239180047863809","title":"在X.509标准中，不包含在数字证书中的是（8）。","analyze":"本题考查数字证书的基础知识。<br>数字证书中包含用户的公钥，而用户的私钥只能被用户拥有。所以选项D是不可能包含在数字证书中的。","multi":0,"questionType":1,"answer":"D","chooseItem":["796239181226463233"],"itemList":[{"id":"796239181134188545","questionId":"796239180047863809","content":" 序列号","answer":0,"chooseValue":"A"},{"id":"796239181163548673","questionId":"796239180047863809","content":" 签名算法","answer":0,"chooseValue":"B"},{"id":"796239181192908801","questionId":"796239180047863809","content":" 认证机构的签名","answer":0,"chooseValue":"C"},{"id":"796239181226463233","questionId":"796239180047863809","content":" 私钥","answer":1,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796239163488751617","title":"下列算法中，用于密钥交换的是（9）。","analyze":"本题考查安全算法方面的知识。<br>题中的4个选项中，DES是一种经典的数据加密算法，AES是高级加密算法，Diffie-Hellman是一种密钥交换算法，SHA属于报文摘要算法。","multi":0,"questionType":1,"answer":"C","chooseItem":["796239164512161793"],"itemList":[{"id":"796239164449247233","questionId":"796239163488751617","content":" DES","answer":0,"chooseValue":"A"},{"id":"796239164482801665","questionId":"796239163488751617","content":" SHA-1","answer":0,"chooseValue":"B"},{"id":"796239164512161793","questionId":"796239163488751617","content":" Diffie-Hellman","answer":1,"chooseValue":"C"},{"id":"796239164545716225","questionId":"796239163488751617","content":" AES","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796239186209296385","title":"<p><strong>请作答第<span style=\"color: red\">1</span>个空。</strong></p>某数字签名系统如下图所示。网上传送的报文是（7），如果A否认发送，作为证据的是（8）。<br><br><img alt=\"\" width=\"615\" height=\"146\" src=\"https://image.chaiding.com/ruankao/1c90dd8a657c6cf1b0cb3014e736f673.jpg?x-oss-process=style/ruankaodaren\">","analyze":"本题考査数字签名的实现细节。<br>图中所示为一种利用公钥加密算法实现的数字签名方案，发送方A要发送给接收方B的报文P经过A的私钥签名和B的公钥加密后形成报文E<sub>B</sub>(D<sub>A</sub>(P))发送给B, B利用自己的私钥DB和A的公钥EA对消息E<sub>B</sub>(D<sub>A</sub>(P))进行解密和认证后得到报文P，并且保存经过A签名的消息D<sub>A</sub>(P)作为防止A抵赖的证据。","multi":0,"questionType":1,"answer":"C","chooseItem":["796239187190763521"],"itemList":[{"id":"796239187132043265","questionId":"796239186209296385","content":" P","answer":0,"chooseValue":"A"},{"id":"796239187161403393","questionId":"796239186209296385","content":" D<sub>A</sub>(P)","answer":0,"chooseValue":"B"},{"id":"796239187190763521","questionId":"796239186209296385","content":" E<sub>B</sub>(D<sub>A</sub>(P))","answer":1,"chooseValue":"C"},{"id":"796239187232706561","questionId":"796239186209296385","content":" D<sub>A</sub>","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796239209735147521","title":"甲和乙要进行通信，甲对发送的消息附加了数字签名，乙收到该消息可用（8）验证该消息数字签名的真伪。","analyze":"本题考查数字签名的概念。<br>数字签名（Digital Signature)技术是不对称加密算法的典型应用：数据源发送方使用自己的私钥对数据校验和（或）其他与数据内容有关的变量进行加密处理，完成对数据的合法“签名”，数据接收方则利用对方的公钥来解读收到的“数字签名”，并将解读结果用于对数据完整性的检验，以确认签名的合法性。数字签名的主要功能是保证信息 传输的完整性、发送者的身份认证、防止交易中的抵赖现象发生。","multi":0,"questionType":1,"answer":"A","chooseItem":["796239210670477313"],"itemList":[{"id":"796239210670477313","questionId":"796239209735147521","content":" 甲的公钥","answer":1,"chooseValue":"A"},{"id":"796239210708226049","questionId":"796239209735147521","content":" 甲的私钥","answer":0,"chooseValue":"B"},{"id":"796239210741780481","questionId":"796239209735147521","content":" 乙的公钥","answer":0,"chooseValue":"C"},{"id":"796239210779529217","questionId":"796239209735147521","content":" 乙的私钥","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796239171684421633","title":"以下关于利用三重DES进行加密的说法，(6)是正确的。","analyze":"本题考查三重DES的知识。<br>三重DES是DES的改进算法，它使用两把密钥对报文作三次DES加密，效果相当于将DES密钥的长度加倍了，克服了DES密钥长度较短的缺点。本来，应该使用三个不同的密钥进行三次加密，这样就可以把密钥的长度加长到3x56=168位。但许多密码设计者认为168位的密钥已经超过实际需要了，所以便在第一层和第三层中使用相同的密钥，产生一个有效长度为112位的密钥。之所以没有直接采用两重DES，是因为第二层DES不是十分安全，它对一种称为“中间可遇”的密码分析攻击极为脆弱，所以最终还是采用了利用两个密钥进行三重DES加密操作。这种方法的缺点是要花费原来三倍的时间，但从另一方面来看，三重DES的112位密钥长度是很“强壮”的加密方式了。","multi":0,"questionType":1,"answer":"C","chooseItem":["796239172795912193"],"itemList":[{"id":"796239172712026113","questionId":"796239171684421633","content":" 三重DES的密钥长度是56位","answer":0,"chooseValue":"A"},{"id":"796239172753969153","questionId":"796239171684421633","content":" 三重DES使用三个不同的密钥进行三次加密","answer":0,"chooseValue":"B"},{"id":"796239172795912193","questionId":"796239171684421633","content":" 三重DES的安全性高于DES","answer":1,"chooseValue":"C"},{"id":"796239172821078017","questionId":"796239171684421633","content":" 三重DES的加密速度比DES加密速度快","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796239189740900353","title":"<p><strong>请作答第<span style=\"color: red\">2</span>个空。</strong></p>某数字签名系统如下图所示。网上传送的报文是（7），如果A否认发送，作为证据的是（8）。<br><br><img alt=\"\" width=\"615\" height=\"146\" src=\"https://image.chaiding.com/ruankao/f06d534d6bbfe026a9d39ed747aa30c5.jpg?x-oss-process=style/ruankaodaren\">","analyze":"本题考査数字签名的实现细节。<br>图中所示为一种利用公钥加密算法实现的数字签名方案，发送方A要发送给接收方B的报文P经过A的私钥签名和B的公钥加密后形成报文E<sub>B</sub>(D<sub>A</sub>(P))发送给B, B利用自己的私钥DB和A的公钥EA对消息E<sub>B</sub>(DA(P))进行解密和认证后得到报文P,并且保存经过A签名的消息D<sub>A</sub>(P)作为防止A抵赖的证据。","multi":0,"questionType":1,"answer":"B","chooseItem":["796239190848196609"],"itemList":[{"id":"796239190818836481","questionId":"796239189740900353","content":" P","answer":0,"chooseValue":"A"},{"id":"796239190848196609","questionId":"796239189740900353","content":" D<sub>A</sub>(P)","answer":1,"chooseValue":"B"},{"id":"796239190885945345","questionId":"796239189740900353","content":" E<sub>B</sub>(D<sub>A</sub>(P))","answer":0,"chooseValue":"C"},{"id":"796239190915305473","questionId":"796239189740900353","content":" D","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796239176956661761","title":"利用报文摘要算法生成报文摘要的目的是（7）。","analyze":"本题考查报文摘要的知识。<br>报文摘要是指单向哈希函数算法将任意长度的输入报文经计算得出固定位的输出。报文摘要是用来保证数据完整性的。传输的数据一旦被修改那么计算出的摘要就不同，只要对比两次摘要就可确定数据是否被修改过。","multi":0,"questionType":1,"answer":"D","chooseItem":["796239177954906113"],"itemList":[{"id":"796239177862631425","questionId":"796239176956661761","content":" 验证通信对方的身份，防止假冒","answer":0,"chooseValue":"A"},{"id":"796239177891991553","questionId":"796239176956661761","content":" 对传输数据进行加密，防止数据被窃听","answer":0,"chooseValue":"B"},{"id":"796239177925545985","questionId":"796239176956661761","content":" 防止发送方否认发送过的数据","answer":0,"chooseValue":"C"},{"id":"796239177954906113","questionId":"796239176956661761","content":" 防止发送的报文被篡改","answer":1,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796239168752603137","title":"下列选项中，同属于报文摘要算法的是（67）。","analyze":"本题考查安全算法相关常识。<br>数据加密的基本过程就是对原来为明文的文件或数据按某种算法进行处理，使其成为不可读的一段代码，通常称为“密文”，使其只能在输入相应的密钥之后才显示出本来内容，通过这样的途径来达到保护数据不被非法人员窃取、阅读的目的。<br>常见加密算法有 DES (Data Encryption Standard)、3DES (Triple DES)、RC2 和RC4、IDEA (International Data Encryption Algorithm), RSA。<br>报文摘要算法主要应用在“数字签名”领域，作为对明文的摘要算法。著名的摘要算法有RSA公司的MD5算法和SHA1算法及其大量的变体。","multi":0,"questionType":1,"answer":"B","chooseItem":["796239169696321537"],"itemList":[{"id":"796239169666961409","questionId":"796239168752603137","content":" DES和MD5","answer":0,"chooseValue":"A"},{"id":"796239169696321537","questionId":"796239168752603137","content":" MD5和SHA-1","answer":1,"chooseValue":"B"},{"id":"796239169721487361","questionId":"796239168752603137","content":" RSA和SHA-1","answer":0,"chooseValue":"C"},{"id":"796239169746653185","questionId":"796239168752603137","content":" DES和RSA","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796239183281672193","title":"支持电子邮件加密服务的标准或技术是（8）。","analyze":"本题考查电子邮件加密服务的知识。<br>PKI即公钥基础设施，是一种遵循既定标准的密钥管理平台，它能够为所有网络应用提供加密和数字签名等密码服务及所必需的密钥和证书管理体系。<br>SET即安全电子交易协议，是美国Visa和MasterCard两大信用卡组织等联合于1997年5月31日推出的用于电子商务的行业规范，其实质是一种应用在Internet上、以信用卡为基础的电子付款系统规范，目的是为了保证网络交易的安全。<br>Kerberos是一种网络认证协议，其设计目标是通过密钥系统为客户机/服务器应用程序提供强大的认证服务。<br>PGP是一个基于RSA公匙加密体系的邮件加密软件。可以用它对邮件保密以防止非授权者阅读，它还能对邮件加上数字签名从而使收信人可以确认邮件的发送者，并能确信邮件没有被篡改。","multi":0,"questionType":1,"answer":"A","chooseItem":["796239184191836161"],"itemList":[{"id":"796239184191836161","questionId":"796239183281672193","content":" PGP","answer":1,"chooseValue":"A"},{"id":"796239184221196289","questionId":"796239183281672193","content":" PKI","answer":0,"chooseValue":"B"},{"id":"796239184250556417","questionId":"796239183281672193","content":" SET","answer":0,"chooseValue":"C"},{"id":"796239184279916545","questionId":"796239183281672193","content":" Kerberos","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796234777064656897","title":"<p><strong>请作答第<span style=\"color: red\">1</span>个空。</strong></p>DES是一种（6），其密钥长度为56位，3DES是利用DES的加密方式，对明文进行3次加密，以提高加密强度，其密钥长度是（7）位。","analyze":"本题考查对称加密算法DES的基本知识。<br>1977年1月，美国NSA根据IBM的专利技术Lucifer制定了DES加密算法，该加密算法的加密过程是，将明文分成64位的块，对每个块进行19次变换（替代和换位），其中16次变换由56位的密钥的排列形式控制，最后产生64位的密文块。<br>1977年，Diffie和Heilman设计了DES解密机。只要知道一小段明文和对应密文，该机器就可以在一天之内穷试2<sup>56</sup>种不同的密钥。为了提高DES的加密强度，设计了三重DES(Triple-DES),是一种DES的改进算法。它使用两把密钥对报文做3次DES加密，效果相当于将DES密钥的长度加倍，克服了DES密钥长度短的缺点。这样密钥的长度增长到168位，但168位长度的密钥已经超出了实际需要，因此在第一层和第三层中使用相同的密钥，产生的密钥长度为112位。","multi":0,"questionType":1,"answer":"A","chooseItem":["796234777995792385"],"itemList":[{"id":"796234777995792385","questionId":"796234777064656897","content":" 共享密钥","answer":1,"chooseValue":"A"},{"id":"796234778050318337","questionId":"796234777064656897","content":" 公开密钥","answer":0,"chooseValue":"B"},{"id":"796234778088067073","questionId":"796234777064656897","content":" 报文摘要","answer":0,"chooseValue":"C"},{"id":"796234778109038593","questionId":"796234777064656897","content":" 访问控制","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796234780084555777","title":"<p><strong>请作答第<span style=\"color: red\">2</span>个空。</strong></p>DES是一种（6），其密钥长度为56位，3DES是利用DES的加密方式，对明文进行3次加密，以提高加密强度，其密钥长度是（7）位。","analyze":"本题考查对称加密算法DES的基本知识。<br>1977年1月，美国NSA根据IBM的专利技术Lucifer制定了DES加密算法，该加密算法的加密过程是，将明文分成64位的块，对每个块进行19次变换（替代和换位），其中16次变换由56位的密钥的排列形式控制，最后产生64位的密文块。<br>1977年，Diffie和Heilman设计了DES解密机。只要知道一小段明文和对应密文，该机器就可以在一天之内穷试2<sup>56</sup>种不同的密钥。为了提高DES的加密强度，设计了三重DES(Triple-DES),是一种DES的改进算法。它使用两把密钥对报文做3次DES加密，效果相当于将DES密钥的长度加倍，克服了DES密钥长度短的缺点。这样密钥的长度增长到168位，但168位长度的密钥已经超出了实际需要，因此在第一层和第三层中使用相同的密钥，产生的密钥长度为112位。","multi":0,"questionType":1,"answer":"B","chooseItem":["796234781036662785"],"itemList":[{"id":"796234781011496961","questionId":"796234780084555777","content":" 56","answer":0,"chooseValue":"A"},{"id":"796234781036662785","questionId":"796234780084555777","content":" 112","answer":1,"chooseValue":"B"},{"id":"796234781061828609","questionId":"796234780084555777","content":" 128","answer":0,"chooseValue":"C"},{"id":"796234781091188737","questionId":"796234780084555777","content":" 168","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796235025115795457","title":"SHA-1是一种针对不同输入生成（ ）固定长度摘要的算法。","analyze":"本题考查SHA-1的基本知识。<br>SHA (The Secure Hash Algorithm)安全散列算法是由美国国家标准和技穴协会于1993年提出的，被定义为安全散列标准。SHA-1是1994年修订的版本，纠正了SHA的不能接收小于264的报文输入。SHA-1可接收任意长度的报文输入，并产生固定长度（160 位）的输出，从一个文档得到的散列值，要找到第二个不同的输入能够产生相同的散列值，是非常困难的，因此该算法可用于对报文的认证。","multi":0,"questionType":1,"answer":"B","chooseItem":["796235026021765121"],"itemList":[{"id":"796235026004987905","questionId":"796235025115795457","content":" 128位","answer":0,"chooseValue":"A"},{"id":"796235026021765121","questionId":"796235025115795457","content":" 160位","answer":1,"chooseValue":"B"},{"id":"796235026034348033","questionId":"796235025115795457","content":" 256位","answer":0,"chooseValue":"C"},{"id":"796235026046930945","questionId":"796235025115795457","content":" 512位","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796234295730524161","title":"SHA-256是( )算法。","analyze":"本题考查信息安全中的报文摘要算法的相关知识。<br> SHA-256是安全散列算法(Secure Hash Algorithm, SHA)的一种，是能计算出一个数字消息所对应到的、长度固定的字符串（又称消息摘要，报文摘要）的算法。若输入的消息不同，它们就对应到不同的字符串。SHA家族的算法，是由美国国家安全局（NSA)所设计，并由美国国家标准与技术研究院（NIST)发布的政府标准。","multi":0,"questionType":1,"answer":"D","chooseItem":["796234296682631169"],"itemList":[{"id":"796234296640688129","questionId":"796234295730524161","content":" 加密","answer":0,"chooseValue":"A"},{"id":"796234296657465345","questionId":"796234295730524161","content":" 数字签名","answer":0,"chooseValue":"B"},{"id":"796234296670048257","questionId":"796234295730524161","content":" 认证","answer":0,"chooseValue":"C"},{"id":"796234296682631169","questionId":"796234295730524161","content":" 报文摘要","answer":1,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796235015988989953","title":"三重DES加密使用2个密钥对明文进行3次加密，其密钥长度为（ ）位。","analyze":"本题考查DES加密的基本知识。<br>三重DES加密是对DES加密的一种改进算法，它使用两个密钥对报文做三次DES 加密，加强了原DES的加密强度。经过对可行性和实际需要的折中，采用了两个密钥进行三次加密，产生112位有效长度的密钥。","multi":0,"questionType":1,"answer":"B","chooseItem":["796235017016594433"],"itemList":[{"id":"796235016983040001","questionId":"796235015988989953","content":" 56","answer":0,"chooseValue":"A"},{"id":"796235017016594433","questionId":"796235015988989953","content":" 112","answer":1,"chooseValue":"B"},{"id":"796235017045954561","questionId":"796235015988989953","content":" 128","answer":0,"chooseValue":"C"},{"id":"796235017079508993","questionId":"796235015988989953","content":" 168","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796235260001013761","title":"下列不属于报文认证算法的是（9）。","analyze":"RC4是一种加密算法，并非摘要算法。","multi":0,"questionType":1,"answer":"C","chooseItem":["796235261129281537"],"itemList":[{"id":"796235261053784065","questionId":"796235260001013761","content":" MD5","answer":0,"chooseValue":"A"},{"id":"796235261087338497","questionId":"796235260001013761","content":" SHA-1","answer":0,"chooseValue":"B"},{"id":"796235261129281537","questionId":"796235260001013761","content":" RC4","answer":1,"chooseValue":"C"},{"id":"796235261154447361","questionId":"796235260001013761","content":" HMAC","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796234783091871745","title":"下列算法中，用于数字签名中摘要的是（ ）。","analyze":"本题考查加密算法及相关知识。 <br>RSA、IDEA和RC4均用于加密传输，仅MD5用于摘要。数字签名中先生成摘要，然后采用加密算法对摘要进行加密。","multi":0,"questionType":1,"answer":"D","chooseItem":["796234784165613569"],"itemList":[{"id":"796234784060755969","questionId":"796234783091871745","content":" RSA","answer":0,"chooseValue":"A"},{"id":"796234784106893313","questionId":"796234783091871745","content":" IDEA","answer":0,"chooseValue":"B"},{"id":"796234784140447745","questionId":"796234783091871745","content":" RC4","answer":0,"chooseValue":"C"},{"id":"796234784165613569","questionId":"796234783091871745","content":" MD5","answer":1,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796235022108479489","title":"假定用户A、B 分别在I<sub>1</sub>和I<sub>2</sub>两个CA处取得了各自的证书，（ ）是A、B互信的必要条件。","analyze":"本题考查证书认证的基本知识。<br>用户可在认证机构（CA)取得各自能够认证自身身份的数字证书，与该用户在同一机构取得的数字证书可通过相互的公钥认证彼此的身份；当两个用于所使用的证书来自于不同的认证机构时，用户双方要相互确定对方的身份之前，首先需要确定彼此的证书颁发机构的可信度。即两个CA之间的身份认证，需交换两个CA的公钥用以确定CA 的合法性，然后再进行用户的身份认证。","multi":0,"questionType":1,"answer":"D","chooseItem":["796235023098335233"],"itemList":[{"id":"796235023022837761","questionId":"796235022108479489","content":" A、B互换私钥","answer":0,"chooseValue":"A"},{"id":"796235023048003585","questionId":"796235022108479489","content":" A、B互换公钥","answer":0,"chooseValue":"B"},{"id":"796235023068975105","questionId":"796235022108479489","content":" I<sub>1</sub>、I<sub>2</sub>互换私钥","answer":0,"chooseValue":"C"},{"id":"796235023098335233","questionId":"796235022108479489","content":" I<sub>1</sub>、I<sub>2</sub>互换公钥","answer":1,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796234301644492801","title":"根据国际标准ITUT X.509规定，数字证书的一般格式中会包含认证机构的签名，该数据域的作用是( )。","analyze":"本题考查信息安全中的X.509数字证书的知识。<br> X.509是密码学里公钥证书的格式标准。X.509证书已应用在包括TLS/SSL在内的众多网络协议里，同时它也用在很多非在线应用场景里，比如电子签名服务。X.509证书里含有公钥、身份信息（比如网络主机名、组织的名称或个体名称等）和签名信息（可以是证书签发机构CA的签名，也可以是自签名）。对于一份经由可信的证书签发机构签名或者可以通过他方式验证的证书，证书的拥有者就可以用证书及相应的私钥来创建安全的通信，对文档进行数字签名。除了证书本身功能，X.509还附带了证书吊销列表和用于从最终对证书进行签名的证书签发机构直到最终可信点为止的证书合法性验证算法。X.509是ITU-T标准化部门基于他们之前的ASN.1定义的一套证书标准。<br> 证书中包含的认证机构签名用于防止证书的伪造。","multi":0,"questionType":1,"answer":"C","chooseItem":["796234302596599809"],"itemList":[{"id":"796234302558851073","questionId":"796234301644492801","content":" 用于标识颁发证书的权威机构CA","answer":0,"chooseValue":"A"},{"id":"796234302575628289","questionId":"796234301644492801","content":" 用于指示建立和签署证书的CA的X.509名字","answer":0,"chooseValue":"B"},{"id":"796234302596599809","questionId":"796234301644492801","content":" 用于防止证书伪造","answer":1,"chooseValue":"C"},{"id":"796234302617571329","questionId":"796234301644492801","content":" 用于传递CA的公钥","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796234545966895105","title":"<p><strong>请作答第<span style=\"color: red\">2</span>个空。</strong></p>用户A从CA获取了自己的数字证书，该数字证书中包含为证书进行数字签名的（8）和<span>（9）</span>。","analyze":"本题考查信息安全基础知识。<br> CA(Certificate Authority)即颁发数字证书的机构，是负责发放和管理数字证书的权威机构，并作为电子商务交易中受信任的第三方，承担公钥体系中公钥的合法性检验的责任。<br> 数字证书在用户公钥后附加了用户信息及CA的签名。公钥是密钥对的一部分，另一部分是私钥。公钥公之于众，谁都可以使用。私钥只有自己知道。由公钥加密的信息只能由与之相对应的私钥解密。为确保只有某个人才能阅读自己的信件，发送者要用收件人的公钥加密信件；收件人便可用自己的私钥解密信件。同样，为证实发件人的身份，发送者要用自己的私钥对信件进行签名；收件人可使用发送者的公钥对签名进行验证，以确认发送者的身份。","multi":0,"questionType":1,"answer":"D","chooseItem":["796234547137105921"],"itemList":[{"id":"796234547023859713","questionId":"796234545966895105","content":" CA的私钥","answer":0,"chooseValue":"A"},{"id":"796234547061608449","questionId":"796234545966895105","content":" CA的公钥","answer":0,"chooseValue":"B"},{"id":"796234547099357185","questionId":"796234545966895105","content":" A的私钥","answer":0,"chooseValue":"C"},{"id":"796234547137105921","questionId":"796234545966895105","content":" A的公钥","answer":1,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796234542892470273","title":"<p><strong>请作答第<span style=\"color: red\">1</span>个空。</strong></p>用户A从CA获取了自己的数字证书，该数字证书中包含为证书进行数字签名的（8）和（9）。","analyze":"本题考查信息安全基础知识。<br> CA(Certificate Authority)即颁发数字证书的机构，是负责发放和管理数字证书的权威机构，并作为电子商务交易中受信任的第三方，承担公钥体系中公钥的合法性检验的责任。<br> 数字证书在用户公钥后附加了用户信息及CA的签名。公钥是密钥对的一部分，另一部分是私钥。公钥公之于众，谁都可以使用。私钥只有自己知道。由公钥加密的信息只能由与之相对应的私钥解密。为确保只有某个人才能阅读自己的信件，发送者要用收件人的公钥加密信件；收件人便可用自己的私钥解密信件。同样，为证实发件人的身份，发送者要用自己的私钥对信件进行签名；收件人可使用发送者的公钥对签名进行验证，以确认发送者的身份。","multi":0,"questionType":1,"answer":"B","chooseItem":["796234543878131713"],"itemList":[{"id":"796234543848771585","questionId":"796234542892470273","content":" CA的私钥","answer":0,"chooseValue":"A"},{"id":"796234543878131713","questionId":"796234542892470273","content":" CA的公钥","answer":1,"chooseValue":"B"},{"id":"796234543907491841","questionId":"796234542892470273","content":" A的私钥","answer":0,"chooseValue":"C"},{"id":"796234543928463361","questionId":"796234542892470273","content":" A的公钥","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796235251016814593","title":"<p><strong>请作答第<span style=\"color: red\">1</span>个空。</strong></p>用户乙收到甲数字签名后的消息M，为验证消息的真实性，首先需要从CA获取用户甲的数字证书，该数字证书中包含（6），并利用（7）验证该证书的真伪，然后利用（8）验证M的真实性。","analyze":"本题考查数字签名和CA方面的基础知识。 <br>CA是认证中心的简称，为了能够在互联网上认证通信双方的身份，可以在相应的认证中心申请自己的数字证书。CA为用户颁发的数字证书中包含用户的公钥信息、权威机构的认证信息和有效期等。用户收到经数字签名的消息后，须首先验证证书的真伪，即使用证书的公钥来验证，然后利用对方的公钥来验证消息的真实性。","multi":0,"questionType":1,"answer":"A","chooseItem":["796235252082167809"],"itemList":[{"id":"796235252082167809","questionId":"796235251016814593","content":" 甲的公钥","answer":1,"chooseValue":"A"},{"id":"796235252098945025","questionId":"796235251016814593","content":" 甲的私钥","answer":0,"chooseValue":"B"},{"id":"796235252111527937","questionId":"796235251016814593","content":" 乙的公钥","answer":0,"chooseValue":"C"},{"id":"796235252128305153","questionId":"796235251016814593","content":" 乙的私钥","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796235254204485633","title":"<p><strong>请作答第<span style=\"color: red\">2</span>个空。</strong></p>用户乙收到甲数字签名后的消息M，为验证消息的真实性，首先需要从CA获取用户甲的数字证书，该数字证书中包含（6），并利用（7）验证该证书的真伪，然后利用（8）验证M的真实性。","analyze":"本题考查数字签名和CA方面的基础知识。 <br>CA是认证中心的简称，为了能够在互联网上认证通信双方的身份，可以在相应的认证中心申请自己的数字证书。CA为用户颁发的数字证书中包含用户的公钥信息、权威机构的认证信息和有效期等。用户收到经数字签名的消息后，须首先验证证书的真伪，即使用证书的公钥来验证，然后利用对方的公钥来验证消息的真实性。","multi":0,"questionType":1,"answer":"A","chooseItem":["796235255097872385"],"itemList":[{"id":"796235255097872385","questionId":"796235254204485633","content":" CA的公钥","answer":1,"chooseValue":"A"},{"id":"796235255114649601","questionId":"796235254204485633","content":" 乙的私钥","answer":0,"chooseValue":"B"},{"id":"796235255127232513","questionId":"796235254204485633","content":" 甲的公钥","answer":0,"chooseValue":"C"},{"id":"796235255139815425","questionId":"796235254204485633","content":" 乙的公钥","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796235257060806657","title":"<p><strong>请作答第<span style=\"color: red\">3</span>个空。</strong></p>用户乙收到甲数字签名后的消息M，为验证消息的真实性，首先需要从CA获取用户甲的数字证书，该数字证书中包含（6），并利用（7）验证该证书的真伪，然后利用（8）验证M的真实性。","analyze":"本题考查数字签名和CA方面的基础知识。 <br>CA是认证中心的简称，为了能够在互联网上认证通信双方的身份，可以在相应的认证中心申请自己的数字证书。CA为用户颁发的数字证书中包含用户的公钥信息、权威机构的认证信息和有效期等。用户收到经数字签名的消息后，须首先验证证书的真伪，即使用证书的公钥来验证，然后利用对方的公钥来验证消息的真实性。","multi":0,"questionType":1,"answer":"C","chooseItem":["796235258025496577"],"itemList":[{"id":"796235257983553537","questionId":"796235257060806657","content":" CA的公钥","answer":0,"chooseValue":"A"},{"id":"796235258008719361","questionId":"796235257060806657","content":" 乙的私钥","answer":0,"chooseValue":"B"},{"id":"796235258025496577","questionId":"796235257060806657","content":" 甲的公钥","answer":1,"chooseValue":"C"},{"id":"796235258046468097","questionId":"796235257060806657","content":" 乙的公钥","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796235019109552129","title":"要对消息明文进行加密传送，当前通常使用的加密算法是（ ）。","analyze":"本题考查加密算法的基本知识。<br>RSA是一种非对称加密算法，由于加密和解密的密钥不同，便于密钥管理和分发过程中，同时在用户或者机构之间进行身份认证方面有较好的应用；<br>SHA-1是一种安全散列算法，常用于对接收明文输入，产生固定长度的输出，来确保明文在传输过程中不会被篡改；<br>MD5是一种使用最为广泛的报文摘要算法；<br>RC5是一种用于对明文进行加密的算法，在加密速度和强度上，均较为合适适用于大量明文进行加密并传输。","multi":0,"questionType":1,"answer":"D","chooseItem":["796235020099407873"],"itemList":[{"id":"796235020028104705","questionId":"796235019109552129","content":" RSA","answer":0,"chooseValue":"A"},{"id":"796235020049076225","questionId":"796235019109552129","content":" SHA-1","answer":0,"chooseValue":"B"},{"id":"796235020074242049","questionId":"796235019109552129","content":" MD5","answer":0,"chooseValue":"C"},{"id":"796235020099407873","questionId":"796235019109552129","content":" RC5","answer":1,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796234536752009217","title":"<p><strong>请作答第<span style=\"color: red\">1</span>个空。</strong></p>非对称加密算法中，加密和解密使用不同的密钥，下面的加密算法中（6）属于非对称加密算法。若甲、乙采用非对称密钥体系进行保密通信，甲用乙的公钥加密数据文件，乙使用（7）来对数据文件进行解密。","analyze":"本题考查加密算法的基础知识。<br> 非对称加密算法是指在加密和解密过程中，使用两个不相同的密钥，这两个密钥之间没有相互的依存关系。通常加密密钥为公钥，解密密钥为私钥。目前，使用较为广泛的非对称加密算法是RSA。","multi":0,"questionType":1,"answer":"B","chooseItem":["796234537666367489"],"itemList":[{"id":"796234537653784577","questionId":"796234536752009217","content":" AES","answer":0,"chooseValue":"A"},{"id":"796234537666367489","questionId":"796234536752009217","content":" RSA","answer":1,"chooseValue":"B"},{"id":"796234537678950401","questionId":"796234536752009217","content":" IDEA","answer":0,"chooseValue":"C"},{"id":"796234537691533313","questionId":"796234536752009217","content":" DES","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796234539847405569","title":"<p><strong>请作答第<span style=\"color: red\">2</span>个空。</strong></p>非对称加密算法中，加密和解密使用不同的密钥，下面的加密算法中（6）属于非对称加密算法。若甲、乙采用非对称密钥体系进行保密通信，甲用乙的公钥加密数据文件，乙使用（7）来对数据文件进行解密。","analyze":"本题考查加密算法的基础知识。<br> 非对称加密算法是指在加密和解密过程中，使用两个不相同的密钥，这两个密钥之间没有相互的依存关系。通常加密密钥为公钥，解密密钥为私钥。目前，使用较为广泛的非对称加密算法是RSA。","multi":0,"questionType":1,"answer":"D","chooseItem":["796234540925341697"],"itemList":[{"id":"796234540837261313","questionId":"796234539847405569","content":" 甲的公钥","answer":0,"chooseValue":"A"},{"id":"796234540870815745","questionId":"796234539847405569","content":" 甲的私钥","answer":0,"chooseValue":"B"},{"id":"796234540895981569","questionId":"796234539847405569","content":" 乙的公钥","answer":0,"chooseValue":"C"},{"id":"796234540925341697","questionId":"796234539847405569","content":" 乙的私钥","answer":1,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796239221223346177","title":"下面病毒中，属于蠕虫病毒的是（6）。","analyze":"本题考查计算机病毒的基础知识。<br>CIH病毒是一种能够破坏计算机系统硬件的恶性病毒。<br>特洛伊木马病毒是一种秘密潜伏的能够通过远程网络进行控制的恶意程序。控制者可以控制被秘密植入木马的计算机的一切动作和资源，是恶意攻击者进朽：窃取信息等的工具。<br>2000年出现的“罗密欧与朱丽叶”病毒是一个非常典型的蠕虫病毒，它改写了病毒的历史，该病毒与邮件病毒基本特性相同，它不再隐藏于电子邮件的附件中，而是直接存在于电子邮件的正文中，一旦用户打开Outlook收发信件进行阅读，该病毒马上就发作，并将复制的新病毒通过邮件发送给别人，计算机用户无法躲避。<br>Melissa (梅丽莎）病毒是一种宏病毒，发作时将关闭Word的宏病毒防护、打开转换确认、模板保存提示；使“宏”、“安全性”命令不可用，并设置安全性级别为最低。 ","multi":0,"questionType":1,"answer":"C","chooseItem":["796239222510997505"],"itemList":[{"id":"796239222448082945","questionId":"796239221223346177","content":" CIH病毒","answer":0,"chooseValue":"A"},{"id":"796239222485831681","questionId":"796239221223346177","content":" 特洛伊木马病毒","answer":0,"chooseValue":"B"},{"id":"796239222510997505","questionId":"796239221223346177","content":" 罗密欧与朱丽叶病毒","answer":1,"chooseValue":"C"},{"id":"796239222536163329","questionId":"796239221223346177","content":" Melissa病毒","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796239227787431937","title":"<p><strong>请作答第<span style=\"color: red\">2</span>个空。</strong></p>如果杀毒软件报告一系列的Word文档被病毒感染，则可以推断病毒类型是（8）；如果用磁盘检测工具（CHKDSK、SCANDISK等）检测磁盘发现大量文件链接地址错误，表明磁盘可能被（9）病毒感染。","analyze":"本题考査计算机病毒方面的基础知识。<br>目录型计算机病毒能够修改硬盘上存储的所有文件的地址，如果用户使用某些工具(如SCANDISK或CHKDSK)检测受感染的磁盘，会发现大量的文件链接地址的错误，这些错误都是由此类计算机病毒造成的。","multi":0,"questionType":1,"answer":"C","chooseItem":["796239228940865537"],"itemList":[{"id":"796239228890533889","questionId":"796239227787431937","content":" 文件型","answer":0,"chooseValue":"A"},{"id":"796239228915699713","questionId":"796239227787431937","content":" 引导型","answer":0,"chooseValue":"B"},{"id":"796239228940865537","questionId":"796239227787431937","content":" 目录型","answer":1,"chooseValue":"C"},{"id":"796239228970225665","questionId":"796239227787431937","content":" 宏病毒","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796239224754950145","title":"<p><strong>请作答第<span style=\"color: red\">1</span>个空。</strong></p>如果杀毒软件报告一系列的Word文档被病毒感染，则可以推断病毒类型是（8）；如果用磁盘检测工具（CHKDSK、SCANDISK等）检测磁盘发现大量文件链接地址错误，表明磁盘可能被（9）病毒感染。","analyze":"本题考査计算机病毒方面的基础知识。<br>计算机病毒的分类方法有许多种，按照最通用的区分方式，即根据其感染的途径以及采用的技术区分，计算机病毒可分为文件型计算机病毒、引导型计算机病毒、宏病毒和目录型计算机病毒。<br>文件型计算机病毒感染可执行文件（包括EXE和COM文件）。<br>引导型计算机病毒影响软盘或硬盘的引导扇区。<br>宏病毒感染的对象是使用某些程序创建的文本文档、数据库、电子表格等文件。","multi":0,"questionType":1,"answer":"D","chooseItem":["796239225832886273"],"itemList":[{"id":"796239225723834369","questionId":"796239224754950145","content":" 文件型","answer":0,"chooseValue":"A"},{"id":"796239225753194497","questionId":"796239224754950145","content":" 引导型","answer":0,"chooseValue":"B"},{"id":"796239225795137537","questionId":"796239224754950145","content":" 目录型","answer":0,"chooseValue":"C"},{"id":"796239225832886273","questionId":"796239224754950145","content":" 宏病毒","answer":1,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796239268111470593","title":"网络设计方案中应重点体现安全性原则，但是不计成本的安全性设计也是不可取的，安全方案应该满足应用需求。下述选项中，(66)安全性需求相对较弱。","analyze":"网络安全设计应遵循的原则包括：<br>(1)网络信息系统安全与保密的“木桶原则”和整体性原则。<br>(2)网络安全系统的有效性与实用性原则。<br>(3)网络安全系统的“等级性”原则。<br>(4)安全有价原则等。<br>网络系统的设计是受经费限制的，在考虑安全解决方案时必须考虑性能价格的平衡，而且不同的网络系统所要求的安全侧重点各不相同。在企业网、政府行政办公网、国防军工部门内部网、电子商务网站以及VPN等网络方案设计中应重点体现安全性原则，确保网络系统和数据的安全运行。在社区网、城域网和校园网中，安全性的需求相对较弱。","multi":0,"questionType":1,"answer":"B","chooseItem":["796239269176823809"],"itemList":[{"id":"796239269160046593","questionId":"796239268111470593","content":" 政府网","answer":0,"chooseValue":"A"},{"id":"796239269176823809","questionId":"796239268111470593","content":" 校园网","answer":1,"chooseValue":"B"},{"id":"796239269197795329","questionId":"796239268111470593","content":" 企业网","answer":0,"chooseValue":"C"},{"id":"796239269218766849","questionId":"796239268111470593","content":" 金融网","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796239260045824001","title":"在入侵检测系统中，事件分析器接收事件信息并对其进行分析，判断是否为入侵行为或异常现象，其常用的三种分析方法中不包括（8）。","analyze":"本题考查入侵检测系统的基础知识。<br>入侵检测系统由4个模块组成：事件产生器、事件分析器、事件数据库和响应单元。其中，事件分析器负责接收事件信息并对其进行分析，判断是否为入侵行为或异常现象，其分析方法有以下三种：①模式匹配：将收集到的信息与已知的网络入侵数据库进行比较，从而发现违背安全策略的行为；②统计分析：首先给系统对象（例如用户、文件、目录和设备等）建立正常使用时的特征文件（Profile),这些特征值将被用来与网络中发生的行为进行比较。当观察值超出正常值范围时，就认为有可能发生入侵行为；③数据完整性分析：主要关注文件或系统对象的属性是否被修改，这种方法往往用于事后的审计分析。","multi":0,"questionType":1,"answer":"B","chooseItem":["796239261186674689"],"itemList":[{"id":"796239261161508865","questionId":"796239260045824001","content":" 模式匹配","answer":0,"chooseValue":"A"},{"id":"796239261186674689","questionId":"796239260045824001","content":" 密文分析","answer":1,"chooseValue":"B"},{"id":"796239261216034817","questionId":"796239260045824001","content":" 数据完整性分析","answer":0,"chooseValue":"C"},{"id":"796239261245394945","questionId":"796239260045824001","content":" 统计分析","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796239235282653185","title":"下图为DARPA提出的公共入侵检测框架示意图，该系统由4个模块组成。其中模块①~④分别是（9）。<br><img  height=\"224\" src=\"https://image.chaiding.com/ruankao/b1dc9bee293ea113088f5666cebd9ae3.jpg?x-oss-process=style/ruankaodaren\" width=\"370\">","analyze":"本题考査入侵检测的知识。<br>美国国防部高级研究计划局（DARPA)提出的公共入侵检测框架（Common Intrusion Detection Framework, CIDF)由4个模块组成（如下图所示)。<br><br><img alt=\"\" width=\"337\" height=\"323\" src=\"https://image.chaiding.com/ruankao/69c2b40e7c726bd715e39863c808bd41.jpg?x-oss-process=style/ruankaodaren\"><br>①事件产生器（Event generators, E-boxes)„负责数据的采集，并将收集到的原始数据转换为事件，向系统的其他模块提供与事件有关的信息。<br>②事件分析器（EventAnalyzers，A-boxes)。接收事件信息并对其进行分析，判断是否为入侵行为或异常现象。<br>③事件数据库（Event DataBases，D-boxes)。存放有关事件的各种中间结果和最终数据的地方，可以是面向对象的数据库，也可以是一个文本文件。<br>④响应单元（Response units, R-boxes)。根据报警信息做出各种反应，强烈的反应就是断开连接、改变文件属性等，简单的反应就是发出系统提示，引起操作人员注意。","multi":0,"questionType":1,"answer":"D","chooseItem":["796239236314451969"],"itemList":[{"id":"796239236205400065","questionId":"796239235282653185","content":" 事件产生器、事件数据库、事件分析器、响应单元","answer":0,"chooseValue":"A"},{"id":"796239236243148801","questionId":"796239235282653185","content":" 事件分析器、事件产生器、响应单元、事件数据库","answer":0,"chooseValue":"B"},{"id":"796239236280897537","questionId":"796239235282653185","content":" 事件数据库、响应单元、事件产生器、事件分析器","answer":0,"chooseValue":"C"},{"id":"796239236314451969","questionId":"796239235282653185","content":" 响应单元、事件分析器、事件数据库、事件产生器","answer":1,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796239274239348737","title":"防火墙把网络划分为几个不同的区域，一般把对外提供网络服务的设备（如WWW服务器、FTP服务器）放置于（9）区域。","analyze":"&nbsp;&nbsp;&nbsp; DMZ是英文“demilitarizedzone”的缩写，中文名称为“隔离区”，也称“非军事化区”。它是为了解决安装防火墙后外部网络不能访问内部网络服务器的问题，而设立的一个非安全系统与安全系统之间的缓冲区，这个缓冲区位于企业内部网络和外部网络之间的小网络区域内，在这个小网络区域内可以放置一些必须公开的服务器设施，如企业Web服务器、FTP服务器和论坛等。另一方面，通过这样一个DMZ区域，更加有效地保护了内部网络，因为这种网络部署比起一般的防火墙方案，对攻击者来说又多了一道关卡。网络结构如下图所示。<br><img alt=\"\" width=\"383\" height=\"240\" src=\"https://image.chaiding.com/ruankao/2daab9b46ca33bb6f2268d450286d0b9.jpg?x-oss-process=style/ruankaodaren\">","multi":0,"questionType":1,"answer":"D","chooseItem":["796239275329867777"],"itemList":[{"id":"796239275212427265","questionId":"796239274239348737","content":" 信任网络","answer":0,"chooseValue":"A"},{"id":"796239275250176001","questionId":"796239274239348737","content":" 非信任网络","answer":0,"chooseValue":"B"},{"id":"796239275287924737","questionId":"796239274239348737","content":" 半信任网络","answer":0,"chooseValue":"C"},{"id":"796239275329867777","questionId":"796239274239348737","content":" DMZ (非军事化区）","answer":1,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796239249643950081","title":"入侵检测系统的构成不包括（7）。","analyze":"美国国防部高级研究计划局（DARPA)提出的公共入侵检测框架（Common Intrusion Detection Framework,CIDF)由4个模块组成，见下图：<br><img alt=\"\" width=\"373\" height=\"340\" src=\"https://image.chaiding.com/ruankao/efaf5ec29ce2cf92f517826bf79b2287.jpg?x-oss-process=style/ruankaodaren\"><br>(1)事件产生器（Eventgenerators，E-boxes)：负责数据的采集，并将收集到的原始数据转换为事件，向系统的其他模块提供与事件有关的信息。入侵检测所利用的信息一般来自4个方面：系统和网络的日志文件、目录和文件中不期望的改变、程序执行中不期望的行为、物理形式的入侵信息等。入侵检测要在网络中的若干关键点（不同网段和不同主机）收集信息，并通过多个采集点信息的比较来判断是否存在可疑迹象或发生入侵行为。<br>(2)事件分析器（Event Analyzers，A-boxes)：接收事件信息并对其进行分析，判断是否为入侵行为或异常现象，分析方法有下面三种：<br>①模式匹配：将收集到的信息与已知的网络入侵数据库进行比较，从而发现违背安全策略的行为。<br>②统计分析：首先给系统对象（例如用户、文件、目录和设备等）建立正常使用时的特征文件（Profile)，这些特征值将被用来与网络中发生的行为进行比较。当观察值超出正常值范围时，就认为有可能发生入侵行为。<br>③数据完整性分析：主要关注文件或系统对象的属性是否被修改，这种方法往往用于事后的审计分析。<br>(3)事件数据库（EventDatabases，D-boxes)：存放有关事件的各种中间结果和最终数据的地方，可以是面向对象的数据库，也可以是一个文本文件。<br>(4)响应单元（Response units，R-boxes)：根据报警信息做出各种反应，强烈的反应就是断开连接、改变文件属性等，简单的反应就是发出系统提示，引起操作人员注意。<br>因此，入侵检测系统的构成中不包括预警单元。","multi":0,"questionType":1,"answer":"A","chooseItem":["796239250562502657"],"itemList":[{"id":"796239250562502657","questionId":"796239249643950081","content":" 预警单元","answer":1,"chooseValue":"A"},{"id":"796239250583474177","questionId":"796239249643950081","content":" 事件产生器","answer":0,"chooseValue":"B"},{"id":"796239250604445697","questionId":"796239249643950081","content":" 事件分析器","answer":0,"chooseValue":"C"},{"id":"796239250625417217","questionId":"796239249643950081","content":" 响应单元","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796239271206866945","title":"网络隔离技术的目标是确保把有害的攻击隔离在可信网络之外，在保证可信网络内部信息不外泄的前提下，完成网间数据的安全交换。下列隔离方式中，安全性最好的是(7)。","analyze":"网络隔离（Network Isolation)技术的目标是确保把有害的攻击隔离，在可信网络之外和保证可信网络内部信息不外泄的前提下，完成网间数据的安全交换。有多种形式的网络隔离，如物理隔离、协议隔离和VPN隔离等。无论采用什么形式的网络隔离，其实质都是数据或信息的隔离。网络隔离的重点是物理隔离。人工方式隔离的一个特征，就是内网与外网永不连接，内网和外网在同一时间最多只有一个同隔离设备建立非TCP/IP协议的数据连接。","multi":0,"questionType":1,"answer":"D","chooseItem":["796239272238665729"],"itemList":[{"id":"796239272125419521","questionId":"796239271206866945","content":" 多重安全网关","answer":0,"chooseValue":"A"},{"id":"796239272171556865","questionId":"796239271206866945","content":" 防火墙","answer":0,"chooseValue":"B"},{"id":"796239272209305601","questionId":"796239271206866945","content":" VLAN隔离","answer":0,"chooseValue":"C"},{"id":"796239272238665729","questionId":"796239271206866945","content":" 人工方式","answer":1,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796239241578303489","title":"为了弥补WEP的安全缺陷，WPA安全认证方案中新增的机制是（）。","analyze":"有线等效保密WEP的设计目的是提供与有线局域网等价的机密性。WEP使用RC4协议进行加密，并使用CRC-32校验保证数据的完整性。<br>最初的WEP标准使用Mbit的初始向量，加上40bit的字符串，构成64bit的WEP密钥。<br>后来美国政府也允许使用104bit的字符串，加上24bit的初始向量，构成128bit的WEP密钥。然而24bit的IV并没有长到足以保证不会出现重复，只要网络足够忙碌，在很短的时间内就会耗尽可用的IV而使其出现重复，这样WEP密钥也就重复了。<br>Wi-Fi联盟厂商以802.11i草案的子集为蓝图制定了称为WPA(Wi-FiProtectedAccess)安全认证方案。在WPA的设计中包含了认证、加密和数据完整性校验三个组成部分。首先是WPA使用了802.1X协议对用户的MAC地址进行认证；其次是WEP增大了密钥和初始向量的长度，以128bit的密钥和48位的初始向量(IV)用于RC4加密。WPA还采用了可以动态改变密钥的临时密钥完整性协议TKIP，以更频繁地变换密钥来减少安全风险。最后，WPA强化了数据完整性保护，使用报文完整性编码来检测伪造的数据包，并且在报文认证码中包含有帧计数器，还可以防止重放攻击。","multi":0,"questionType":1,"answer":"B","chooseItem":["796239242492661761"],"itemList":[{"id":"796239242475884545","questionId":"796239241578303489","content":" 共享密钥认证","answer":0,"chooseValue":"A"},{"id":"796239242492661761","questionId":"796239241578303489","content":" 临时密钥完整性协议","answer":1,"chooseValue":"B"},{"id":"796239242513633281","questionId":"796239241578303489","content":" 较短的初始化向量","answer":0,"chooseValue":"C"},{"id":"796239242530410497","questionId":"796239241578303489","content":" 采用更强的加密算法","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796239232334057473","title":"2014年1月，由于DNS根服务器被攻击，国内许多互联网用户无法访问.com域名网站，这种恶意攻击可能造成的危害是（70）。","analyze":"本题考査计算机安全的知识。<br>DNS根服务器被攻击，会使许多互联网用户无法访问该根域服务器解析域名的网站。这种攻击可能造成的后果是将正常网站的域名解析到错误的地址上，但这种攻击一般不是以入侵服务器或客户端为目的。","multi":0,"questionType":1,"answer":"C","chooseItem":["796239233307136001"],"itemList":[{"id":"796239233240027137","questionId":"796239232334057473","content":" 创造条件，攻击相应的服务器","answer":0,"chooseValue":"A"},{"id":"796239233273581569","questionId":"796239232334057473","content":" 快速入侵互联网用户的计算机","answer":0,"chooseValue":"B"},{"id":"796239233307136001","questionId":"796239232334057473","content":" 将正常网站的域名解析到错误的地址","answer":1,"chooseValue":"C"},{"id":"796239233328107521","questionId":"796239232334057473","content":" 以上都是","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796239238495490049","title":"下面关于钓鱼网站的说法中错误的是（6）。","analyze":"本题考查网络安全方面的知识。<br>钓鱼网站是指一类仿冒真实网站的URL地址，通过E-mail传播网址，目的是窃取用户账号、密码等机密信息的网站。","multi":0,"questionType":1,"answer":"B","chooseItem":["796239239581814785"],"itemList":[{"id":"796239239560843265","questionId":"796239238495490049","content":" 钓鱼网站仿冒真实网站的URL地址","answer":0,"chooseValue":"A"},{"id":"796239239581814785","questionId":"796239238495490049","content":" 钓鱼网站通过向真实网站植入木马程序以达到网络攻击的目的","answer":1,"chooseValue":"B"},{"id":"796239239602786305","questionId":"796239238495490049","content":" 钓鱼网站用于窃取访问者的机密信息","answer":0,"chooseValue":"C"},{"id":"796239239619563521","questionId":"796239238495490049","content":" 钓鱼网站可以通过E-mail传播网址","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796239277334745089","title":"防火墙的工作层次是决定防火墙效率及安全的主要因素，下面的叙述中正确的是（7）。","analyze":"本题考查防火墙的基础知识。<br>防火墙的性能及特点主要由以下两方面所决定：<br>①工作层次，这是决定防火墙效率及安全的主要因素。一般来说，工作层次越低，则工作效率越高，但安全性就低了；反之，工作层次越高，工作效率越低，则安全性<br>越高。<br>②防火墙采用的机制，如果采用代理机制，则防火墙具有内部信息隐藏的特点，相对而言，安全性高，效率低；如果采用过滤机制，则效率高，安全性却降低了。","multi":0,"questionType":1,"answer":"D","chooseItem":["796239278312017921"],"itemList":[{"id":"796239278253297665","questionId":"796239277334745089","content":" 防火墙工作层次越低，则工作效率越高，同时安全性越高","answer":0,"chooseValue":"A"},{"id":"796239278274269185","questionId":"796239277334745089","content":" 防火墙工作层次越低，则工作效率越低，同时安全性越低","answer":0,"chooseValue":"B"},{"id":"796239278291046401","questionId":"796239277334745089","content":" 防火墙工作层次越高，则工作效率越高，同时安全性越低","answer":0,"chooseValue":"C"},{"id":"796239278312017921","questionId":"796239277334745089","content":" 防火墙工作层次越高，则工作效率越低，同时安全性越高","answer":1,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796239252605128705","title":"嗔探器是一种网络故障分析与排查的工具，当其处于杂收模式时，网络接口（65）。","analyze":"在一般情况下，网络上所有的计算机都可以接收到通过的数据帧，但对不属于自己的报文则不予响应，但是如果某工作站的网络接口处于杂收模式，那么它就可以捕获网络上所有的报文和帧，如果一个工作站被配置成这样的方式，它就是一个嗅探器。","multi":0,"questionType":1,"answer":"A","chooseItem":["796239253527875585"],"itemList":[{"id":"796239253527875585","questionId":"796239252605128705","content":" 能够接收流经网络接口的所有数据帧","answer":1,"chooseValue":"A"},{"id":"796239253544652801","questionId":"796239252605128705","content":" 只能接收本网段的广播数据帧","answer":0,"chooseValue":"B"},{"id":"796239253565624321","questionId":"796239252605128705","content":" 只能接收该接口所属组播组的组播信息","answer":0,"chooseValue":"C"},{"id":"796239253586595841","questionId":"796239252605128705","content":" 只能接收发往该接口的数据帧","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796234292156977153","title":"以下关于防火墙技术的描述中，正确的是( )。","analyze":"本题考查防火墙的基础知识。<br> 防火墙（Firewall)在IT领域中是一个架设在互联网与企业内网之间的信息安全系统，根据企业预定的策略来监控往来的数据包。防火墙是目前最重要的一种网络防护设缶，从专业角度来说，防火墙是位于两个（或多个）网络间，实行网络间访问或控制的一组组件集合。<br> 防火墙能够实现的功能包括网络隔离、网络地址转换以及部分路由功能等。一般不提供查杀病毒、过滤垃圾邮件的功能。","multi":0,"questionType":1,"answer":"B","chooseItem":["796234293197164545"],"itemList":[{"id":"796234293184581633","questionId":"796234292156977153","content":" 防火墙不能支持网络地址转换","answer":0,"chooseValue":"A"},{"id":"796234293197164545","questionId":"796234292156977153","content":" 防火墙通常部署在企业内部网和Internet之间","answer":1,"chooseValue":"B"},{"id":"796234293209747457","questionId":"796234292156977153","content":" 防火墙可以查、杀各种病毒","answer":0,"chooseValue":"C"},{"id":"796234293226524673","questionId":"796234292156977153","content":" 防火墙可以过滤垃圾邮件","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796234327280078849","title":"<p><strong>请作答第<span style=\"color: red\">1</span>个空。</strong></p>在信息安全领域，基本的安全性原则包括保密性（Confidentiality)、完整性(Integrity) 和可用性（Availability)。保密性指保护信息在使用、传输和存储时（17）。信息加密是保证系统保密性的常用手段。使用哈希校验是保证数据完整性的常用方法。可用性指保证合法用户对资源的正常访问，不会被不正当地拒绝。(18)就是破坏系统的可用性。","analyze":"在信息安全领域，人们会根据信息的涉密程度与范围，将涉密信息定义为绝密、机密和秘密三类，对于不同等级（关键、重要和一般）的涉密用户，在授权之后，才能获悉相同档次的密级信息。而未注册或已注册未授权的用户是不能获取、使用、传输和存储相关秘密信息的。因此，保密性指保护信息在使用、传输和存储时不被泄露给未授权的用户。<br> XSS跨站脚本攻击（Cross-Site Scripting)是指将攻击代码注入用户浏览的网页，这种代码包括HTML和JavaScript脚本。<br> DoS拒绝服务攻击（Denial of Service)是指故意攻击网络协议实现的缺陷或直接通过野蛮手段耗尽被攻击对象的资源，目的是让目标计算机或网络无法提供正常的服务或资源访问。最常见的DoS攻击有计算机网络宽带攻击和连通性攻击。<br> CSRF跨站请求伪造（Cross-Site Request Forgery)是指攻击者通过一些技术手段欺骗用户的浏览器去访问一个自己曾经认证过的网站并执行一些操作（如转账或购买商品等）。由于浏览器曾经认证过，所以被访问的网站会认为是真正的用户在操作而去执行。<br> 缓冲区溢出攻击是指利用缓冲区溢出漏洞所进行的攻击行为。<br> 根据这四种攻击原理，XSS利用的是用户对指定网站的信任，CSRF利用的则是网站对用户浏览器的信任，缓冲区溢出利用的是程序漏洞，只有DoS攻击是利用协议缺陷或恶意抢占资源而造成计算机或网络无法正常使用，从而破坏系统的可用性。","multi":0,"questionType":1,"answer":"B","chooseItem":["796234328412540929"],"itemList":[{"id":"796234328387375105","questionId":"796234327280078849","content":" 不被泄露给已注册的用户","answer":0,"chooseValue":"A"},{"id":"796234328412540929","questionId":"796234327280078849","content":" 不被泄露给未授权的用户","answer":1,"chooseValue":"B"},{"id":"796234328437706753","questionId":"796234327280078849","content":" 不被泄露给未注册的用户","answer":0,"chooseValue":"C"},{"id":"796234328458678273","questionId":"796234327280078849","content":" 不被泄露给已授权的用户","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796234330513887233","title":"<p><strong>请作答第<span style=\"color: red\">2</span>个空。</strong></p>在信息安全领域，基本的安全性原则包括保密性（Confidentiality)、完整性(Integrity) 和可用性（Availability)。保密性指保护信息在使用、传输和存储时（17）。信息加密是保证系统保密性的常用手段。使用哈希校验是保证数据完整性的常用方法。可用性指保证合法用户对资源的正常访问，不会被不正当地拒绝。(18)就是破坏系统的可用性。","analyze":"在信息安全领域，人们会根据信息的涉密程度与范围，将涉密信息定义为绝密、机密和秘密三类，对于不同等级（关键、重要和一般）的涉密用户，在授权之后，才能获悉相同档次的密级信息。而未注册或已注册未授权的用户是不能获取、使用、传输和存储相关秘密信息的。因此，保密性指保护信息在使用、传输和存储时不被泄露给未授权的用户。<br> XSS跨站脚本攻击（Cross-Site Scripting)是指将攻击代码注入用户浏览的网页，这种代码包括HTML和JavaScript脚本。<br> DoS拒绝服务攻击（Denial of Service)是指故意攻击网络协议实现的缺陷或直接通过野蛮手段耗尽被攻击对象的资源，目的是让目标计算机或网络无法提供正常的服务或资源访问。最常见的DoS攻击有计算机网络宽带攻击和连通性攻击。<br> CSRF跨站请求伪造（Cross-Site Request Forgery)是指攻击者通过一些技术手段欺骗用户的浏览器去访问一个自己曾经认证过的网站并执行一些操作（如转账或购买商品等）。由于浏览器曾经认证过，所以被访问的网站会认为是真正的用户在操作而去执行。<br> 缓冲区溢出攻击是指利用缓冲区溢出漏洞所进行的攻击行为。<br> 根据这四种攻击原理，XSS利用的是用户对指定网站的信任，CSRF利用的则是网站对用户浏览器的信任，缓冲区溢出利用的是程序漏洞，只有DoS攻击是利用协议缺陷或恶意抢占资源而造成计算机或网络无法正常使用，从而破坏系统的可用性。","multi":0,"questionType":1,"answer":"B","chooseItem":["796234331499548673"],"itemList":[{"id":"796234331474382849","questionId":"796234330513887233","content":" XSS跨站脚本攻击","answer":0,"chooseValue":"A"},{"id":"796234331499548673","questionId":"796234330513887233","content":" DoS拒绝服务攻击","answer":1,"chooseValue":"B"},{"id":"796234331528908801","questionId":"796234330513887233","content":" CSRF跨站请求伪造攻击","answer":0,"chooseValue":"C"},{"id":"796234331562463233","questionId":"796234330513887233","content":" 缓冲区溢出攻击","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796234011092471809","title":"某信息系统不断受到SQL注入攻击，应部署（）进行安全防护，实时阻断攻击行为。","analyze":"针对SQL注入攻击，最好的防护措施是部署WEB防火墙（B）或入侵检测系统（C），实时监控并及时拦截攻击行为。防火墙（A）可以起到一定的作用，但通常只能检查IP、端口、流量等底层网络层面的信息，无法深入检查HTTP协议中的参数，不能完全防范SQL注入攻击。堡垒机（D）则与此场景不相关，不适用于进行安全防护。\n<br>\n综上所述，应该选用B. WEB防火墙 进行安全防护，以最大程度地避免SQL注入攻击并保障系统的安全性。","multi":0,"questionType":1,"answer":"B","chooseItem":["796234012069744641"],"itemList":[{"id":"796234012040384513","questionId":"796234011092471809","content":" 防火墙","answer":0,"chooseValue":"A"},{"id":"796234012069744641","questionId":"796234011092471809","content":" WEB防火墙","answer":1,"chooseValue":"B"},{"id":"796234012103299073","questionId":"796234011092471809","content":" 入侵检测系统","answer":0,"chooseValue":"C"},{"id":"796234012128464897","questionId":"796234011092471809","content":" 堡垒机","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796234976302485505","title":"网络安全体系设计可从物理线路安全、网络安全、系统安全、应用安全等方面来进行，其中，数据库容灾属于（ ）。","analyze":"本试题考查安全体系分层方案。<br>数据库容灾属于系统安全和应用安全。","multi":0,"questionType":1,"answer":"D","chooseItem":["796234977342672897"],"itemList":[{"id":"796234977246203905","questionId":"796234976302485505","content":" 物理线路安全和网络安全","answer":0,"chooseValue":"A"},{"id":"796234977283952641","questionId":"796234976302485505","content":" 应用安全和网络安全","answer":0,"chooseValue":"B"},{"id":"796234977313312769","questionId":"796234976302485505","content":" 系统安全和网络安全","answer":0,"chooseValue":"C"},{"id":"796234977342672897","questionId":"796234976302485505","content":" 系统安全和应用安全","answer":1,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796234710303920129","title":"（ ）防火墙是内部网和外部网的隔离点，它可对应用层的通信数据流进行监控和过滤。","analyze":"本题考查防火墙的基础知识。防火墙一般分为包过滤型、应用级网关和复合型防火墙（集合包过滤与应用级网关技术)，而Web防火墙是一种针对于网站安全的入侵防御系统，一般部署在Web服务器上或者Web服务器的前端。","multi":0,"questionType":1,"answer":"B","chooseItem":["796234711465742337"],"itemList":[{"id":"796234711436382209","questionId":"796234710303920129","content":" 包过滤","answer":0,"chooseValue":"A"},{"id":"796234711465742337","questionId":"796234710303920129","content":" 应用级网关","answer":1,"chooseValue":"B"},{"id":"796234711490908161","questionId":"796234710303920129","content":" 数据库","answer":0,"chooseValue":"C"},{"id":"796234711516073985","questionId":"796234710303920129","content":" WEB","answer":0,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null},{"id":"796239285186482177","title":"安全审计系统是保障计算机系统安全的重要手段之一，其作用不包括（6）。","analyze":"安全审计包括识别、记录、存储、分析与安全相关行为的信息，审计记录用于检查与安全相关的活动和负责人。安全审计系统就是根据一定的安全策略记录和分析历史操作事件及数据，发现能够改进系统运行性能和系统安全的地方。安全审计的作用包括：对潜在的攻击者起到震慑或替告的作用、检测和制止对安全系统的入侵、发现计算机的滥用情况、为系统管理员提供系统运行的日志，从而能发现系统入侵行为和潜在的漏洞及对己经发生的系统攻击行为提供有效的追纠证据。安全审计系统通常有一个统一的集中管理平台，支持集中管理，并支持对日志代理、安全审计中心、日志、数据库的集中管理，并具有事件响应机制和联动机制。","multi":0,"questionType":1,"answer":"D","chooseItem":["796239286256029697"],"itemList":[{"id":"796239286188920833","questionId":"796239285186482177","content":" 检测对系统的入侵","answer":0,"chooseValue":"A"},{"id":"796239286214086657","questionId":"796239285186482177","content":" 发现计算机的滥用情况","answer":0,"chooseValue":"B"},{"id":"796239286235058177","questionId":"796239285186482177","content":" 提供系统运行的日志，从而能发现系统入侵行为和潜在的漏洞","answer":0,"chooseValue":"C"},{"id":"796239286256029697","questionId":"796239285186482177","content":" 保证可信网络内部信息不外泄","answer":1,"chooseValue":"D"}],"userAnswer":null,"userChooseItem":null,"answerCorrect":null,"userCollect":null}]}}