1、精选最新版安全专业测试版复习题库588题含答案2020年安全专业考试复习题库588题【含答案】一、选择题12、对于缺省安装的IIS,有些文件和目录的存在可能会引入安全隐患,所以在安全配置时,应将它们清除。请选出下面哪些文件目录属于上述这种情况:A、%systemdrive%inetpubiissamplesB、%windir%helpiishelpC、%systemdrive%WINNTwebprintersD、%systemdrive%ProgramFilesCommonFilesSystemmsadcSamples参考答案:ABCD227僵尸网络有哪些组成A、僵尸程序B、僵尸计算机C、命令
2、控制中心D、ISP参考答案:ABC325.SQLSERVER的默认通讯端口有哪些?A、TCP1025B、TCP1433C、UDP1434D、TCP14333E、TCP445参考答案:B420WindowsNT中哪个文件夹存放SAM文件?A%Systemroot%B%Systemroot%system32samC%Systemroot%system32configD%Systemroot%config参考答案:C516.SQLSERVER中下面那个存储过程可以执行系统命令?A、xp_regreadB、xp_commandC、xp_cmdshellD、sp_password参考答案:C611LIN
3、UX中,什么命令可以控制口令的存活时间?AchageBpasswdCchmodDumask参考答案:A76Kerberos提供的最重要的安全服务是?A鉴别B机密性C完整性D可用性参考答案:A85在密码学中,对RSA算法的描述正确的是?ARSA是秘密密钥算法和对称密钥算法BRSA是非对称密钥算法和公钥算法CRSA是秘密密钥算法和非对称密钥算法DRSA是公钥算法和对称密钥算法参考答案:B93某种防火墙的缺点是没有办法从非常细微之处来分析数据包,但它的优点是非常快,这种防火墙是以下的哪一种?A电路级网关B应用级网关C会话层防火墙D包过滤防火墙参考答案:D102一般的防火墙不能实现以下哪项功能?A隔离
4、公司网络和不可信的网络B防止病毒和特络依木马程序C隔离内网D访问控制参考答案:B112、在对WindowsDNS访问控制时,可以采用的安全措施是:A、限定允许区域复制的服务器IP,防止区域信息被获取B、配置允许递归查询的IP地址列表C、如果DNS服务器有多个IP时,DNS服务只绑定在某个本地IP地址上D、以上都不正确参考答案:AC12Which of the following layers of TCP/IP stacks is the most difficult to secure?A. PhysicalB. NetworkC. TransportD. ApplicationAnswer
5、: D134、在对IIS脚本映射做安全配置的过程中,下面说法正确的是:A、无用的脚本映射会给IIS引入安全隐患B、木马后门可能会通过脚本映射来实现C、在脚本映射中,可以通过限制get、head、put等方法的使用,来对客户端的请求做限制D、以上说法均不正确参考答案:ABC14当发生下述情况时,应立即撤销帐号或更改帐号口令,并做好记录:()。A、帐号使用者由于岗位职责变动、离职等原因,不再需要原有访问权限时。B、临时性或阶段性使用的帐号,在工作结束后。C、帐号使用者违反了有关口令管理规定。D、有迹象表明口令可能已经泄露。参考答案:ABCD1510、下面对于Apache安全配置说法,错误的是:A、
6、chroot可以使apache运行在一个相对独立的环境中,使入侵者的破坏限定在一个范围内B、Mod_Dosevasive模块是一个用来防止DoS的模块C、Mod_Rewrite模块可以用来检查客户端提交的请求,进行限制和检查D、apache本身不带有防止缓冲溢出的功能,需要安装相关的安全模块来实现参考答案:D169、下面关于Apache的用户验证说法,错误的是?A、Apache不支持基于主机名称的验证B、支持采用MIMEbase64编码发送的普通验证模式C、采用SSL协议,可以有效的保护帐号密码信息及数据D、Apache采用普通验证模式时,采用的是操作系统上的帐号和密码参考答案:AD178、在
7、Apache上,有个非常重要的安全模块Mod_Security,下面哪些是这个模块具备的功能:A、基于IP的访问控制B、缓冲区溢出的保护C、对SQL注入有一定的防止作用D、对请求方法和请求内容,进行过滤控制参考答案:BCD185、在Apache中可以采用修改http响应信息的方式,达到伪装和隐藏apache的目的。下面说法正确的是:A、通过ServerTokens可以控制apacheServer回送给客户端的回应头域是否包含关于服务器OS类型和编译进的模块描述信息B、当客户端请求失败时,apache将发送错误提示页面到客户端,这些错误页面是webserver开发商自己定义的,IIS和apach
8、e的是不一样的C、因为页脚模板里面通常包含apache的版本信息,关闭ServerSignature功能,服务器产生的错误页面将不引用页脚模板D、将错误提示页面更换成IIS的错误提示页面,可以迷惑入侵者对于webserver软件的判断参考答案:ABCD193、下面关于apache的一些基本参数配置,说法正确的是:A、ServerRoot是用来指定web根目录的,通常缺省网页index.html就在这个目录下B、DocumentRoot是用来存放apache帮组文档的,应该及时删除掉此目录C、HostnameLookups指令可以启用Apache的DNS查询功能,打开此功能,将会影响web服务器
9、的性能D、以上说法均不正确参考答案:C201、Apache安装配置完成后,有些不用的文件应该及时删除掉。下面可以采用的做法是:A、将源代码文件转移到其他的机器上,以免被入侵者来重新编译apacheB、删除系统自带的缺省网页,一般在htdocs目录下C、删除cgi例子脚本D、删除源代码文件,将使apache不能运行,应禁止一般用户对这些文件的读权限参考答案:ABC2110、关于DNS服务域名递归查询说法正确的是A、一般客户机和服务器之间域名查询为非递归方式查询。B、一般DNS服务器之间递归方式查询。C、为了确保安全,需要限制对DNS服务器进行域名递归查询的服务器或主机。D、域名服务器的递归查询功
10、能缺省为关闭的,不允许机器或主机进行域名递归查询。参考答案:C229、针对下列配置,描述正确的说法为:/etc/named.confoptionsdirectory/var/named;allow-query202.96.44.0/24;allow-transfer192.168.100.0/24;none;A、允许进行域名查询的主机IP列表为202.96.44.0/24B、允许进行区域记录传输的主机IP列表为192.168.100.0/24C、允许进行域名查询的主机IP列表为192.168.100.0/24D、允许进行区域记录传输的主机IP列表为202.96.44.0/24参考答案:AB23
11、5、关于向DNS服务器提交动态DNS更新,针对下列配置,描述正确的说法为:/etc/named.confoptionsdirectory/var/named;allow-update202.96.44.0/24;A、允许向本DNS服务器进行区域传输的主机IP列表为202.96.44.0/24B、允许向本DNS服务器进行域名递归查询的主机IP列表202.96.44.0/24C、允许向本DNS服务器提交动态DNS更新的主机IP列表202.96.44.0/24D、缺省时为拒绝所有主机的动态DNS更新提交。参考答案:C244在区域文件传输(Zonetransfers)中DNS服务使用哪个端口?A、TC
12、P53B、UDP53C、UDP23D、TCP23参考答案:A259、下面那些方法,可以实现对IIS重要文件的保护或隐藏?A、通过修改注册表,将缺省配置文件改名,并转移路径B、将wwwroot目录,更改到非系统分区C、修改日志文件的缺省位置D、将脚本文件和静态网页存放到不同目录,并分配不同权限参考答案:ABCD26What is the major security issue with standard NIS (Network Information System)?A. It is impossible to enforce a centralized login schemeB. NIS
13、 provides no authentication requirement in its native stateC. There is no way to encrypt data being transferredD. NIS is a legacy service and, as such, is only used in order, less secure operating systems andnetworksAnswer: B274.以下Windows2000注册表中,常常包含病毒或者后门启动项的是:A、HKEY_LOCAL_MACHINESOFTWAREMicrosoft
14、WindowsNTCurrentVersionICMB、HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunC、HKEY_CURRENT_SUERSoftwareMicrosoftSharedD、HKEY_CURRENT_USERSoftwareMicrosoftCydoor参考答案:B28You notice that your FTP service reveals unnecessary information about your server. Which of thefollowing is the most eff
15、icient solution to this problem?A. Filter out the login banner using a packet filterB. Disable the service in questionC. Place the service behind the firewallD. Disable the login banner for the serviceAnswer: D29What host-level information would you want to obtain so you can exploit defaults and pat
16、ches?A. ServersB. Routers and switchesC. DatabasesD. Firewall typesAnswer: A30Which tool, service or command will enable you to learn the entire address range used by an organizationor company?A. TracerouteB. NslookupC. Port scannerD. Ping scannerAnswer: D31Which type of attack can use a worm or pac
17、ket sniffer to crash systems, causing low resources and/orconsuming bandwidth?A. Denial-of-service attackB. Illicit server attackC. Man-in-the-middle attackD. Virus attackAnswer: A32Which service, tool or command allows a remote or local user to learn the directories or files that areaccessible on t
18、he network?A. TracerouteB. Share scannerC. Port scannerD. Ping scannerAnswer: B33Kerstin connected to an e-commerce site and brought a new mouse pad with her credit card for $5.00plus shipping and handling. She never received her mouse pad so she called her credit card company tocancel the transacti
19、on. She was not charged for the mouse pad, but she received multiple charges sheknew nothing about. She tried to connect to the site again but could not find it. Which type of hackingattack occurred?A. Denial-of-service attackB. Hijacking attackC. Illicit server attackD. Spoofing attackAnswer: B34Wh
20、ich command, tool or service on a UNIX network converts names to IP addresses and IP addresses tonames, and can also specify which servers are mail servers?A. Port scannerB. TracerouteC. HostD. NslookupAnswer: C35Luke is documenting all of his network attributes. He wants to know the type of network
21、-levelinformation that is represented by the locations of access panels, wiring closets and server rooms. Whichof the following is the correct term for this activity?A. Network mappingB. IP service routingC. Router and switch designingD. War dialingAnswer: A36In a typical corporate environment, whic
22、h of the following resources demands the highest level ofsecurity on the network?A. PurchasingB. EngineeringC. SalesD. AccountingAnswer: D37因系统能力或者管理原因无法按用户创建帐号时,应采取如下管理措施:()。A、明确共享帐号责任人,责任人负责按照上述流程要求提出共享帐号审批表,并在审批表中注明该共享帐号的所有用户名单。B、限制共享帐号的使用人数,建立相关管理制度保证系统的每项操作均可以对应到执行操作的具体人员。C、限定使用范围和使用环境。D、建立完善的操
23、作记录制度,对交接班记录、重要操作记录表等。E、定期更新共享帐号密码。参考答案:ABCDE38In a Linux system, how do you stop the POP3, IMAPD, and FTP services?A. By changing the permissions on the configuration file that controls the service (/sbin/inetd), thenrecompiling /etc/inetd.configB. By commenting out the service using the # symbol i
24、n the text file /etc/inetd.conf, then restarting theinetd daemonC. By recompiling the system kernel, making sure you have disabled that serviceD. By commenting out the service using the $ symbol in the text file /etc/inetd.conf, then restarting theinetd daemon.Answer: B39对于程序运行或者程序自身由于管理需要访问其它系统所使用的
25、专用帐号,应符合如下要求:()。A、只允许系统和设备之间通信使用,不得作为用户登录帐号使用。B、将此类帐号的维护管理权限统一授权给该系统的系统管理员,由后者归口管理。C、该系统的管理员负责建立该类帐号列表,并进行变更维护。参考答案:ABC40What are the security issues that arise in the use of the NFS (Network File System)?A. Synchronization of user and group IDs is poor, so it is easy to spoof trusted hosts and user
26、 names.B. The lack of logging in one place or on one machine, and the multiple logs this then requires, cancreate bottlenecksC. The possibility arises for Cleartext passwords to be sniffed on the network if it does not use SecureRPC.D. NFS uses a weak authentication scheme and transfers information
27、in encrypted formAnswer: A41Which of the following best describes the problem with share permissions and share points in WindowsNT?A. Share points must be the same value as the directory that serves the share pointB. Share points contains permissions; and any file under the share point must possess
28、the samepermissionsC. Share permissions are exclusive to root directories and files; they do not involve share points, whichdefine user permissionsD. Share points are set when connection is established, therefore the static nature of file permissions canconflict with share points if they are not set
29、 with read and write permissions for everyone.Answer: B42Michel wants to write a computer virus that will cripple UNIX systems. What is going to be the mainobstacle preventing him from success?A. UNIX computers are extremely difficult to access illicitly over the internet, and therefore computerviru
30、ses are not an issue with UNIX systemsB. Due to the file permission structure and the number of variations in the UNIX hardwarearchitectures, a virus would have to gain root privileges as well as identify the hardware and UNIXflavor in use.C. Due to availability of effective free anti-virus tools, c
31、omputer viruses are caught early and often.Michels virus would have to evade detection for it to succeed.D. Due to the extensive use of ANSI C in the programming of UNIX, the virus would have to mimicsome of the source code used in the infected iteration of the UNIX operating systemAnswer: B43中国移动网络运行维护规程落实了
copyright@ 2008-2022 冰豆网网站版权所有
经营许可证编号:鄂ICP备2022015515号-1