Assessment Question Bank for Commercial Cryptocurrency Application Security Assessment Practitioners (2)
The 5,000 reference question bank provided by the National Secretariat is just basic questions. After the 5,000 are updated, other high-quality question banks will be added to continue learning and making progress together.
251
multiple-choice questions According to the "Cryptozoology Law", the cross-department collaboration guarantee mechanism for the security of core passwords and ordinary passwords includes ( ).
A. Safety monitoring and early warning
B. Safety risk assessment
C. Information notification
D. Major matter consultation and emergency response
252
multiple-choice questions According to the "Cryptozoology Law", if the cryptography management department seeks the convenience of exempting core cryptography and common cryptography-related items and personnel from inspection due to work needs, they may request assistance from ( ).
A. Customs
B. Transportation
C. Public security
D. Industrial and Commercial Administration Bureau
253
multiple-choice questions According to the "Cryptozoology Law", the intellectual property rights mechanisms for protecting the research and application of cryptography science and technology are ( ).
A.Patent
B.Copyright
C.Industrial property rights
D.Trademark
254
multiple-choice questions The country adopts various forms to strengthen password security education. According to the "Cryptocurrency Law", the following education systems that include password security education content are ( ).
A. Compulsory education
B. Civil service education and training
C. Higher education
D. Vocational education
255
Multiple Choice Questions According to the "Cryptozoology Law", regarding the statement of the Commercial Cryptozoology Industry Association, the correct one is ( ).
A. At present, many provinces (autonomous regions and municipalities) have established commercial cryptography industry associations.
B. Industry associations must be registered and established by the civil affairs department, otherwise they are illegal organizations.
C. Commercial cryptography industry associations help to achieve the standardization and healthy development of the cryptography industry.
D .Enterprises can voluntarily apply to join industry associations
256
Multiple-choice question According to the "Cryptozoology Law" and "Measures for the Administration of Security Assessment of Commercial Cryptocurrency Applications (Trial)", which of the following statements about the security assessment of commercial cryptography applications is correct ( ).
A. The core supporting role of cryptography in ensuring network security needs to be realized through application security assessment.
B. Networks and information systems in important areas involving national security and social public interests need to conduct commercial cryptography application security assessment. C.
Commercial cryptography application security assessment is Assessment of compliance, correctness and effectiveness of password applications
D. The "Network Security Law" clearly proposes the security assessment of commercial password applications for the first time.
257
multiple-choice questions According to the "Cryptozoology Law", the following situations require security assessment of commercial cryptography applications: ( ).
A. After the network and information system in important areas are completed
B. Regularly (not less than once a year) after the network and information system in important areas are put into operation
C. Important password-related events occur in the network and information systems in important areas
D. Networks and information systems in important areas Significant changes to password applications have occurred
258
multiple-choice questions According to the "Measures for the Administration of Security Assessment of Commercial Cryptocurrency Applications (Trial)", after completing the security assessment of commercial cryptography applications, responsible units for information systems with network security level protection level three or above should perform filing procedures with which departments ( ).
A. Competent department
B. Password management department in the region
C.Regional development and reform department
D. The local public security department
259
multiple-choice questions According to the "Administrative Measures for Commercial Cryptocurrency Application Security Assessment Agencies (Trial)", regarding commercial cryptography application security assessment agencies, which of the following statements is correct ( ).
A. The evaluation institution should be certified by the national cryptography management department.
B. The directory of evaluation institutions should be released by the national cryptography management department.
C. The evaluation institution should carry out specific evaluation work in accordance with the standards related to commercial cryptography.
D. The evaluation institution should comply with the "Regulations on Certification and Accreditation" and other regulations. Qualifications
260
multiple-choice questions According to the "Cryptozoology Law", for organizations that use commercial cryptography technology to engage in e-government electronic authentication services, which of the following statements is correct ().
A. The national cryptography management department should identify institutions that use commercial cryptography technology to provide e-government electronic authentication services.
B. Using commercial cryptography technology to engage in e-government electronic authentication services is an electronic authentication service.
C. Using commercial cryptography technology to engage in e-government electronic authentication services is not an electronic authentication service.
D. Anyone who engages in e-government electronic certification services without recognition will bear the legal responsibility of confiscating illegal products and illegal income, and imposing fines, etc.
261
multiple-choice questions According to the "Cryptozoology Law", the correct statements about the construction of a commercial cryptography testing and certification system are ( ).
A. Commercial cryptography practitioners accept commercial cryptography testing and certification on a voluntary basis, unless otherwise specified.
B. Commercial cryptography testing and certification agencies should obtain relevant qualifications in accordance with the law.
C. Participants in the commercial cryptography testing and certification system include commercial cryptography testing and certification agencies and commercial cryptography industry units.
D. Commercial cryptography testing and certification agencies should disclose the password source code to the cryptography management department.
262
multiple-choice questions According to the "Cryptozoology Law", the regulatory agencies for commercial cryptography testing and certification are ( ).
A. State Cryptozoology Administration
B. National Secret Service
C. State Administration for Market Regulation
D. Industrial and Commercial Administration Bureau
263
multiple-choice questions According to the "Cryptozoology Law", the regulatory agency for commercial cryptography testing and certification is mainly responsible for supervising which market entities ( ).
A. Commercial password certification agency
B. Testing agency that has obtained relevant qualifications for commercial password testing
C. Testing institutions that have not obtained relevant qualifications for commercial cryptography testing
D. Commercial cryptography import and export units
264
multiple-choice questions According to the "Cryptozoology Law", the following are the legal basis for commercial cryptography testing and certification ( ).
A. "Cryptozoology Law"
B. "Certification and Accreditation Regulations"
C. "Product Quality Law"
D. "Standardization Law"
265
multiple choice questions
Which of the following does not comply with the commercial password testing and certification provisions of the Cryptocurrency Law ( ).
A. Testing and certification only involve the security certification function of cryptographic technology, products or services
B. Commercial cryptography production and sales units should be forced to accept commercial cryptography testing and certification
C. Commercial cryptography testing and certification agencies must obtain relevant qualifications in accordance with the law before they can carry out testing and certification work. D.
Commercial cryptography products involving national security, national economy and people's livelihood, and social public interests must pass testing and certification before they can be sold or provided.
266
Multiple Choice Questions According to the "Commercial Cryptocurrency Product Certification Rules", which of the following statements about commercial cryptography certification certificates is correct ( ).
A. The commercial encryption product certification certificate is valid for five years.
B. If the certification body determines through regular supervision that it does not meet the conditions for maintaining the certificate, the certification certificate can be revoked. C. If
the product covered by the certification certificate changes, the validity period of the certification certificate remains unchanged.
D. Products covered by the certification certificate Extended, the validity period of the certification certificate is automatically terminated
267
Multiple Choice Questions In February 2023, the National Institute of Standards and Technology (NIST) established the Ascon algorithm as a lightweight encryption (LWC) standard. The correct statement about the algorithm and standard is ( ).
A. This standard is an international standard.
B. This standard aims to protect information created and transmitted by the Internet of Things (IoT).
C. Standardizing the responsibilities and authorities of standardization agencies through laws and regulations can play an important role in promoting innovation and progress in technological development and application. effect
D. There are no procedures or conditions for domestic enterprises to research, import or use this algorithm.
268
Multiple Choice Questions The standardization administrative department of the State Council and the national encryption management department have the power to formulate national standards and industry standards for commercial encryption. According to the "Cryptozoology Law" and the "Standardization Law", the formulation of standards should be based on scientific and technological research results and social practical experience, in-depth investigation and demonstration, and extensive solicitation of opinions. The requirements to achieve the standards are ().
A.Advancedness
B. Scientific
C. Normative
D. Timely
269
Multiple Choice Questions When determining whether specific encryption technologies, products or services comply with import and export regulatory laws, the laws and regulations that should be paid attention to include ( ).
A. "Cryptozoology Law"
B. "Foreign Trade Law"
C.Export Control Act
D. "Personal Information Protection Law"
270
multiple-choice questions The commercial encryption import license list and export control list are jointly issued by which of the following departments ( ).
A. Ministry of Commerce
B. National Data Agency
C. State Cryptozoology Administration
D. General Administration of Customs
271
multiple-choice questions In accordance with the Cryptozoology Law, the Cyber Security Law, and the Regulations on Security Protection of Critical Information Infrastructure, operators of critical information infrastructure need to carry out the following ( ) work.
A. Security assessment of commercial cryptography applications
B. Disaster recovery assessment
C. Critical information infrastructure security testing and assessment
D. Network security level assessment
272
Multiple Choice Questions A certain commercial password testing unit A carried out commercial password testing activities without obtaining relevant qualifications and made a profit of 500,000. According to the "Commercial Cryptometry Management Regulations", the cryptography management department ordered him to make corrections, gave him a warning, confiscated the illegal income of 500,000, and may also impose fines in the following amounts ( ).
A.60
B.100
C.140
D.200
273
multiple-choice questions According to the Cryptozoology Law, the cryptography management department found that critical information infrastructure operator A failed to conduct a security assessment of commercial cryptography applications in accordance with legal provisions, so it ordered it to make corrections and gave it a warning. However, Person A believes that its security measures are absolutely safe and does not require a security assessment. In this regard, the penalties that the password management department can impose include ( ).
A. Directly impose a fine of 500,000 yuan
B. Directly impose a fine of 2 million yuan
C. Impose a fine of RMB 100,000 on the directly responsible person in charge
D. Impose a fine of RMB 200,000 on the directly responsible person in charge
274
multiple-choice questions Unit A wanted to engage in e-government electronic certification services, but had never obtained the relevant qualifications. Faced with the temptation of interests, Unit A chose to conceal the relevant qualifications, and ultimately made a profit of 1 million yuan. According to the "Cryptozoology Law", for Unit A's illegal behavior, which of the following penalties is correct ().
A. Order A to stop e-government electronic certification service activities and give a warning
B. Confiscate the illegal income of 1 million
C. impose a fine of 2 million
D.A fine of 4 million yuan
275
Multiple Choice Questions: Organization A obtained the qualification of a commercial cryptography testing agency in accordance with the law, but maliciously leaked the source code of company A’s commercial cryptography products to company B during the testing process to help it gain market competitive advantage. According to the Cryptozoology Law, Regarding this behavior, which of the following statements is correct ( ).
A. The market supervision and management department can impose administrative penalties on Institution A on its own.
B. The cryptography management department cannot impose administrative penalties on Institution A.
C. Organization A can be ordered to correct or stop illegal activities, given a warning, and illegal gains confiscated.
D. If the circumstances are serious, the relevant qualifications will be revoked
276
Multiple Choice Questions In order to seize the market as quickly as possible, Company A knew that the commercial encryption products it produced had been included in the catalog of key network equipment and network security products, and put it on the market for sale without testing and certification. A profit of 1.65 million yuan was made within 3 months. According to the "Cryptozoology Law", the following correct expressions for this behavior are ().
A. Should be ordered to correct or stop the illegal behavior
B. Confiscate the illegal products
C. Confiscate the illegal income
D. May also impose a fine of not less than one time but not more than three times of the illegal income
277
multiple-choice questions According to the "Cryptozoology Law", the legal responsibilities for unidentified acts of engaging in e-government electronic authentication services are ( ).
A. Order to make corrections
B. Order to stop illegal behavior
C. Warn
D. Confiscate illegal products and illegal income and fine
278
Multiple Choice Questions: A critical information infrastructure operator failed to conduct a commercial encryption application security assessment as required, resulting in a large-scale user data leakage due to security vulnerabilities in commercial encryption products. According to the Cryptozoology Law, this behavior , the following correct expressions are ( ).
A. Warn it
B. Revocation of relevant qualifications
C. Imposition of fines on operators of critical information infrastructure
D.Impose a fine to the person in charge who is directly responsible
279
multiple-choice questions violate the provisions of the Cryptozoology Law on import licensing and export control. The competent authorities that can impose penalties include: ( ).
A. Password management department
B. Market supervision and management department
C. Commerce department of the State Council
D. Customs
If the 280
multiple-choice questions violate the relevant provisions of the "Cryptozoology Law" and leakage of core passwords or ordinary passwords occurs, the confidentiality administrative department and the cryptography management department will recommend that the relevant state agencies and units impose sanctions or handle () and () in accordance with the law.
A. Unit leader
B. Person in charge directly responsible
C. Other persons directly responsible
D. Other participants in the leak incident
281
Multiple Choice Question Company A wants to engage in cryptographic services using a certain data backup all-in-one machine with encryption function. This data backup all-in-one machine has been included in the catalog of key network equipment and network security products. Which of the following statements are correct ( ).
A. Since my country has canceled the sales license for commercial encryption products, Company A can freely provide encryption services
B. The data backup all-in-one machine used by Company A must be tested and certified by a qualified organization before it can be used. C. The
password services provided by Company A must also be certified by a commercial password certification agency.
D. The password service provided by Company A needs to be tested and certified by a qualified agency, but the data backup all-in-one machine involved can be used freely.
282
multiple-choice questions According to the "Cryptozoology Law", regarding China's commercial cryptography standardization system, which of the following statements is correct ( ).
A. National standards are organized and formulated by the State Cryptozoology Administration
B. Group standards are codenamed GM
C. Industry standards need to be reported to the National Standardization Management Committee for filing.
D. Enterprise standards are formulated by commercial encryption companies or jointly formulated by enterprises.
283
multiple-choice questions According to the "Cryptocurrency Law", commercial passwords used in mass consumer products should meet the following conditions: ( ).
A. The public can purchase through regular retail channels without restriction
B. For personal use only
C. The password function cannot be easily changed
D. Only used for encryption, not for authentication
284
multiple-choice questions The national cryptography management department will establish ( ) a cryptography legal system.
A. With the "Cryptozoology Law" as the core
B. Based on the "Commercial Cryptometry Management Regulations" and other administrative regulations
C. With cryptography regulations and normative documents as branches
D. Supplemented with cryptography standards
285
Multiple Choice Questions Jia, a cryptography management department in a certain place, had a long-standing conflict with his neighbor Ji. During the inspection of the commercial encryption product manufacturing company run by Ji, he maliciously created difficulties, which seriously affected the normal operation of the company. In response to Jia’s behavior, the local password management department should ( ).
A. Mediate between Jia and Ji
B. It is a civil dispute and does not require the involvement of the password management department
C. Administrative sanctions shall be imposed on Jia.
D. If Jia is a member of the Communist Party of China, party disciplinary sanctions shall also be imposed on him.
286
Multiple Choice Questions The "Cryptozoology Law" clearly proposes to promote the connection between interim and ex-post supervision and the social credit system. Which of the following measures is correct ( ).
A. Using the national unified social credit code as an identifier, establish authoritative, unified, and queryable credit records of commercial cryptography market entities in accordance with laws and regulations. B.
Implement a credit commitment system for commercial cryptography practitioners and relevant market entities, and incorporate the performance of credit commitments into credit Records
C. Promote credit classification and classification supervision, and adopt differentiated measures in terms of supervision methods, random inspection ratios and frequencies based on the credit status of commercial cryptography entities. D. Standardize the
identification and establishment of a credit "blacklist" of commercial cryptography market entities, and strengthen untrustworthy cooperation. discipline
287
multiple-choice questions The implementation entities of during-and-post supervision of commercial encryption include ( ).
A. Market supervision department
B. Internet information department
C. Commerce department
D. Customs
288
Multiple Choice Questions The following are ways to avoid repeated testing and certification of commercial encryption products: ( ).
A. Formulate and publish a catalog of key network equipment and network security-specific products to avoid duplication of products subject to the testing and certification system. B.
Promote mutual recognition of testing and certification results and reduce duplication of testing and certification projects for a certain type of product.
C. Merge various testing and certification institutions
D. Unify all types of testing and certification into network security review
289
multiple-choice questions China's "Cryptocurrency Law" stipulates that specific commercial encryption products should be subject to mandatory testing and certification, which is mainly for ().
A. The need to safeguard national security
B. The need to safeguard social and public interests
C. Consistent with the compulsory testing and certification system for key network equipment and network security-specific products stipulated in the "Cybersecurity Law"
D.Protect personal interests
290
multiple-choice questions Article 24 of the "Cryptozoology Law" clarifies the technical requirements for the disclosure standards of commercial cryptography practitioners. The following statement is correct ( ).
A. If national standards, industry standards and group standards are implemented, the company should disclose the corresponding standard name and standard number. B.
If the implemented standard is a corporate standard formulated by the company, the company should not only disclose the corresponding standard name and standard number, but also Disclosure of technical indicators of enterprise products and services
C. The categories and content of public indicators are determined independently by enterprises based on their own characteristics.
D. The products produced and services provided by the enterprise should comply with the technical requirements set forth by the enterprise’s self-declaration disclosure standards.
291
multiple-choice questions The current categories of China’s commercial encryption industry standards include ( ).
A. Basic standards
B. Application standards
C. Testing standards
D. Management standards
292
multiple-choice questions The legislative ideas of the "Cryptozoology Law" in commercial password management mainly include ( ).
A. Implement the reform requirements of the administrative approval system and fully embody the principles of non-discrimination and fair competition.
B. With the transformation of government functions as the core, the management method will shift from emphasizing prior approval to more supervision during and after the event.
C. For matters related to national security and society For a few matters that are of public interest and are difficult to effectively manage through market mechanisms or interim and ex-post supervision, necessary administrative licensing and control measures are provided
D. Further reduce the number of administrative licenses and minimize direct intervention in market activities
293
Multiple Choice Questions The password management department requests relevant departments to provide conveniences such as exemption from inspection for items and personnel related to core passwords and ordinary passwords. The conditions that must be met include ( ).
A. Based on the needs of cryptography work
B. Submission to relevant departments in accordance with relevant national regulations
C. The objects of the request for exemption from inspection are limited to core passwords and general password-related items and personnel
D.Recommended by relevant departments
294
multiple-choice questions In the practice of cryptography work, the links that may involve cryptographic intellectual property protection issues include ( ).
A. Cryptotechnology research
B. Password detection and certification
C. Password application security assessment
D. Password security review
295
multiple-choice questions After the promulgation and implementation of the "Cryptography Law" and the revised "Regulations on the Management of Commercial Cryptography", the commercial cryptography management system will be more scientific and reasonable, and the administrative levels involved in the formed commercial cryptography administrative management system will include ( ).
A.Country
B.Province
C.City
D.County
296
Multiple Choice Questions What is the correct understanding of commercial encryption services ( ).
A. It is a type of service that provides integration, operation, supervision and other commercial cryptography support and guarantee activities for others.
B. Providing commercial cryptography services should have corresponding commercial cryptography professional technology, skills and facilities, human resources and other resources.
C. Typical commercial cryptography services. Cryptocurrency services include password protection system integration and password protection system operation.
D. Cloud service providers can provide commercial password services
297
Multiple Choice Questions Which of the following are commercial encryption products ( ).
A.Commercial cryptographic software
B.Commercial cryptographic chip
C.Commercial cryptographic machine
D.Commercial cryptographic system
298
multiple-choice questions Commercial password testing agencies shall follow the requirements of commercial password management policies and relevant password standards when conducting testing work, and follow the principles of ( ).
A. Confidentiality
B.Independent
C.Objective
D.Justice
299
multiple-choice questions At present, the use of commercial encryption has shifted from administrative promotion to legal and standardized application. The following laws and regulations can be used as the legal basis for standardizing the application of commercial encryption according to law ( ).
A. "Cryptozoology Law"
B. "Network Security Law"
C. "Commercial Cryptocurrency Management Regulations"
D. "Critical Information Infrastructure Security Protection Regulations"
300
multiple-choice questions: The following are within the scope of the national cryptography management department ( ).
A. Carry out the supervision and management of commercial encryption
B. Administrative law enforcement
C. Establish a joint punishment system for untrustworthy enterprises and a joint incentive system for trustworthy enterprises
D. Investigate and handle cases of commercial encryption violations
301
multiple-choice questions Compared with the "Commercial Password Management Regulations", the "Cryptocurrency Law" has the following characteristics: ( ).
A. The legislative procedure is stricter
B. The level of effectiveness is higher
C. The scope of application is wider
D. More comprehensive
302
multiple-choice questions According to the "Measures for the Management of Passwords for Electronic Authentication Services", China implements a licensing system for electronic authentication services. The requirements of the State Cryptozoological Administration for the electronic authentication service system include ( ).
A. Advanced requirements
B. Security review
C. Interoperability test
D. Innovative requirements
303
Multiple Choice Questions According to the "Electronic Certification Service Password Management Measures", applications for the "Electronic Certification Service Password Use License" should be submitted to the local provincial, autonomous region, or municipality cryptography management agency or the national cryptography management agency after the construction of the electronic certification service system is completed. Materials submitted by the bureau include ( ).
A. "Application Form for a Password License for Electronic Authentication Services"
B. A copy of the corporate business license
C. Technical materials related to the security review of the electronic authentication service system
D. Technical materials related to the interoperability test of the electronic authentication service system
The contents specified in the 304 multiple-choice question "Password License for Electronic Authentication Services" include ( ).
A. License number
B. Name of electronic certification service provider
C. License validity period
D. Issuing authority and date of issuance
305
multiple-choice question Regarding "Password License for Electronic Authentication Services", which of the following statements is correct ( ).
A. The validity period is 5 years.
B. The electronic certification service system passing the security review and interconnection test is a condition for issuance of the "Electronic Certification Service Password License"
C. When changing the electronic certification service provider, there is no need to change the "Electronic Certification Service Password License"
D. Using keys provided by a non-compliant key management system to provide services may result in the "Electronic Authentication Service Password License" being revoked
306
multiple-choice questions The legal basis for the formulation of the "Commercial Cryptometry Import Permit List" and "Commercial Cryptocurrency Export Control List" include ( ).
A. "Cryptozoology Law"
B. "Export Control Law"
C. "Customs Law"
D. "Foreign Trade Law"
307
multiple-choice question According to the "Commercial Cryptometry Import Permit List" and the "Commercial Cryptocurrency Export Control List", the following statement about the import and export of commercial cryptography is correct ( ).
A.Commercial passwords are dual-use items
B. Commercial passwords require an import and export license.
C. The import of commercial encryption is subject to the permission list management
D. The export of commercial encryption is subject to the control list management
308
multiple-choice question According to the "Commercial Cryptometry Import and Export Licensing Procedures", the following correct expressions regarding the commercial cryptography import and export licensing procedures include ( ).
A. The operator applies to the Ministry of Commerce through the provincial commerce department.
B. If the application is approved after review, the Ministry of Commerce
shall issue a dual-use item and technology import and export license. The operator shall issue a dual-use item and technology import and export license to the customs. Go through customs formalities for items and technology import and export licenses
D. Those who have not obtained a license are not allowed to carry out import and export activities.
309
Multiple Choice Questions According to the "Commercial Cryptocurrency Import License List", commercial cryptography subject to import license should meet the following conditions ( ).
A. May involve national security
B. May involve social and public interests
C. Has encryption protection function
D. Completely used for security authentication purposes
310
multiple-choice questions According to the "Commercial Encryption Product Certification Catalog (First Batch)", the standards that encryption algorithms should meet are ( ).
A. "SM4 Block Cipher Algorithm"
B. "SM3 Cipher Hash Algorithm"
C. "Specifications for the Use of SM2 Cipher Algorithm"
D. "SM9 Identity Cipher Algorithm"
311
multiple-choice questions According to the "Commercial Cryptozoology Product Certification Catalog (First Batch)", the standards that password random number detection should meet are ( ).
A. "Cryptographic Random Number Generation Module Design Guide"
B. "Software Random Number Generator Design Guide"
C. "Randomness Testing Specifications"
D. "Random Number Testing Requirements for Encrypted Products"
312
multiple-choice questions In accordance with the "Announcement on Adjusting the Management Methods of Commercial Cryptozoology Products" and the "Commercial Cryptozoology Product Certification Catalog (Second Batch)", the State Administration for Market Regulation, in conjunction with the State Cryptozoology Administration, established a nationally unified commercial cryptography certification system to encourage Commercial encryption products are certified. The following are commercial encryption products ( ).
A. Trusted cryptographic module
B. Cloud server cryptographic machine
C. Random number generator
D. Secure browser cryptographic module
313
multiple-choice questions According to the "Notice of the State Cryptozoological Administration on Cancellation of Certification Matters" and the "Canceling Catalog of Certification Matters", the following matters no longer require enterprises to provide or issue written certifications ( ).
A. Apply for intellectual property certification for the review and appraisal of commercial encryption scientific research results
B. Other proof of quality inspection capabilities when applying for approval from the quality inspection agency for
commercial encryption products C. Apply for legal person qualification certificate for the export license of commercial encryption products
D. Apply for a license to use passwords for electronic authentication Certificate of name change
314
Multiple choice questions According to the provisions of the "Implementation Opinions on Carrying out Commercial Cryptometry Testing and Certification Work", the basic principles that should be adhered to in commercial cryptography testing and certification work include ( ).
A. Unified management
B. Joint implementation
C. Standardized and orderly
D. Ensure safety
315
multiple choice questions According to the provisions of the "List of Administrative Licensing Matters Set by Laws, Administrative Regulations, and State Council Decisions (2023 Edition)", the following are administrative licensing matters ( ).
A. Review and appraisal of commercial encryption scientific research results
B. Approval of commercial encryption product quality inspection agency
C. Permission to use passwords for electronic authentication services
D. Qualification recognition of e-government electronic authentication service agencies
316
multiple-choice questions In the "Decision of the State Cryptography Administration on Abolition and Modification of Some Management Regulations" announced by the State Cryptography Administration in December 2017, the abolished management regulations include ( ).
A. "Regulations on the Management of the Sales of Commercial Cryptocurrency Products"
B. "Regulations on the Management of the Use of Commercial Cryptocurrency Products"
C. "Regulations on the Management of Scientific Research on Commercial Cryptozoology"
D. "Measures for the Administration of Cryptocurrency Products Used by Overseas Organizations and Individuals in China"
317
multiple-choice questions The overall idea of revising the "Commercial Password Management Regulations" includes ().
A. Adhere to the combination of innovative development and ensuring safety
B. Adhere to the combination of relaxed access and standardized supervision
C. Handle the relationship between regulations and relevant laws and regulations
D. Adhere to the combination of in-process and ex-post supervision
318
Multiple Choice Questions According to the "Regulations on the Management of Commercial Cryptozoology", which of the following statements about commercial cryptography testing agencies is correct ( ).
A. Institutions that engage in commercial cryptographic product testing activities and issue proof data and results to the public must be recognized by the national cryptography management department and obtain commercial cryptography testing agency qualifications in accordance with the law. B. Engage in security assessment of commercial cryptography applications in networks and information systems
. Institutions that conduct activities and issue proof data and results to the public must be recognized by the national cryptography management department and obtain the qualifications of a commercial cryptography testing agency in accordance with the law.
C. To apply for the qualification of a commercial cryptography testing agency, you can submit an oral application to the national cryptography management department.
D. Commercial cryptography testing institutions shall carry out commercial cryptography testing independently, fairly, scientifically and honestly within the approved scope in accordance with laws, administrative regulations and commercial cryptography testing technical specifications and rules.
319
Multiple-choice question: Which of the following statements about the "Commercial Password Management Regulations" is correct ( ).
A. The state protects intellectual property rights in the field of commercial encryption in accordance with the law
B. Administrative agencies and their staff can use administrative means to force the transfer of commercial encryption technology
C. The state encourages and supports the transformation and industrial application of commercial cryptographic science and technology achievements.
D. The state supports independent innovation in commercial cryptographic science and technology, and commends and rewards organizations and individuals who have made outstanding contributions in accordance with relevant national regulations.
320
multiple-choice questions According to the "Commercial Encryption Management Regulations", the state encourages cooperation in commercial encryption technology based on ( ) during the process of foreign investment.
A. Voluntary principle
B. Business rules
C.Principle of fairness
D.Principle of non-discrimination
321
multiple-choice question According to the "Commercial Password Management Regulations", the following is the correct standardization requirement for commercial passwords ( ).
A. The national encryption management department shall, in accordance with its responsibilities, establish an information feedback and evaluation mechanism for the implementation of commercial encryption standards, and supervise and inspect the implementation of commercial encryption standards. B. The state
promotes participation in international standardization activities for commercial encryption, participates in the formulation of international standards for commercial encryption, and promotes commercial encryption China Conversion and application between standards and foreign standards
C. The state encourages enterprises, social groups, educational and scientific research institutions, etc. to participate in international standardization activities for commercial encryption. D.
Standards in other fields involving commercial encryption should be consistent with national standards and industry standards for commercial encryption. coordination
322
Multiple Choice Questions According to the "Commercial Password Management Regulations", the following statement about the commercial password certification agency is correct ( ).
A. Institutions engaged in commercial cryptography certification activities shall obtain the qualifications of commercial cryptography certification agencies in accordance with the law.
B. To apply for the qualification of a commercial encryption certification agency, a written application should be submitted to the local market supervision and management department.
C. The local market supervision and management department should seek the opinions of the national encryption management department when reviewing the application for the qualification of a commercial encryption certification agency.
D. Commercial cryptography certification agencies should conduct effective follow-up investigations on their certified commercial cryptography products, services, and management systems to ensure that certified commercial cryptography products, services, and management systems continue to meet certification requirements.
323
Multiple Choice Questions According to the "Commercial Password Management Regulations", the following statements about electronic authentication are correct ( ).
A. Electronic certification service agencies shall provide electronic certification services using passwords in accordance with laws, administrative regulations and technical specifications and rules for the use of passwords for electronic certification services. B. Technical specifications and rules for the use of passwords for
electronic certification services shall be formulated and published by the national cryptography management department
. C. Institutions that use commercial cryptography technology to engage in e-government electronic authentication services must be identified by the national cryptography management department and obtain e-government electronic authentication service agency qualifications in accordance with the law. D. Foreign investors who invest in e-government electronic authentication services that affect or may affect national security must comply with the law
. Conduct a cybersecurity review.
324
multiple-choice questions According to the "Regulations on the Management of Commercial Cryptography", for commercial cryptography (), the import and export regulations for commercial cryptography shall apply.
A. Transit, transshipment, freight and re-export
B. In and out between overseas and special customs supervision areas such as comprehensive bonded zones
C. In and out between overseas and export supervision warehouses
D. In and out between overseas and bonded logistics centers
325
multiple-choice questions According to the "Regulations on the Management of Commercial Cryptography", the export of commercial cryptography that has a significant impact on ( ) shall be reported to the State Council for approval by the commerce department of the State Council in conjunction with the national cryptography management department and other relevant departments.
A. National security
B. Public security
C. Foreign policy
D.Data security
326
multiple-choice questions According to the "Commercial Cryptocurrency Management Regulations", the cryptography management department and relevant departments have established and implemented commercial cryptography business entities ( ) and other mechanisms in accordance with the law to promote the connection between commercial cryptography supervision and management and the social credit system.
A. Credit record
B. Credit classification and supervision
C. Punishment for breach of
trust D. Credit repair
327
True or False Questions According to the Cryptozoology Law, cryptography work adheres to the overall national security concept, follows the principles of unified leadership, hierarchical responsibility, innovative development, serving the overall situation, and management in accordance with the law to ensure security.
correct
mistake
328
True or False Question According to the Cryptozoology Law, state agencies and units involved in cryptography work are responsible for the cryptography work of their own agencies, units or systems within the scope of their duties.
==Correct==
Wrong
329
True or False Questions In accordance with the three-level management structure requirements of the Cryptozoology Law, the national cryptography management departments of provinces, autonomous regions, and municipalities directly under the Central Government are responsible for the corresponding commercial cryptography management work.
Correct
== Wrong ==
In accordance with the three-level management structure requirements of the Cryptozoology Law, the national cryptography management agency, local cryptography management agencies, and unit cryptography management agencies are responsible for the management of commercial secrets.
330
True or False Question "Cryptozoology Law" divides passwords into core passwords, general passwords and commercial passwords.
correct
mistake
Password classification: core passwords, ordinary passwords, commercial passwords
331
True or False Questions According to the "Cryptozoology Law", the state implements classified management of cryptography.
==Correct==
Wrong
332
True or False Questions According to the "Cryptozoology Law", China's cryptography management system is divided into two levels.
correct
mistake
Divided into three levels:
national
, local
and unit
333
True or False Questions According to the "Cryptozoology Law", both core passwords and ordinary passwords are state secrets.
correct
mistake
334
True or False Questions According to the "Cryptozoology Law", core passwords, ordinary passwords and commercial passwords respectively correspond to the protection of information at the three levels of top secret, confidential and secret in state secrets.
Correct
== Wrong ==
Article 8 of the "Cryptozoology Law" Commercial cryptography is used to protect information that is not state secrets.
335
True or False Questions According to the "Cryptozoology Law", core cryptography is used to protect national top secret, secret and secret information, which is directly related to national security and interests.
correct
mistake
336
True or False Questions According to the "Cryptozoology Law", commercial passwords are used to protect corporate business secrets and citizens' personal privacy, excluding work information in the field of government affairs.
correct
mistake
Commercial passwords are used to protect information that is not state secrets. They are a type of password that are closely related to people's lives. They are widely used in many fields of national economic development and social production and life such as finance, communications, public security, and taxation (commercial secrets involve public security, taxation, etc. )
337
True or False Questions According to the "Cryptozoology Law", commercial cryptography is used to protect information that is not state secrets.
correct
mistake
338
True or False Question The "Cryptozoology Law" stipulates that people's governments at or above the municipal level shall incorporate cryptography work into their national economic and social development plans.
correct
mistake
People's governments at or above the county level should incorporate cryptography work into their national economic and social development plans (not at the municipal level or above)
339
True or False Question According to the Cryptozoology Law, no organization or individual may use cryptography to engage in illegal and criminal activities that endanger national security, social public interests, or the legitimate rights and interests of others.
correct
mistake
340
True or False Questions According to the "Cryptozoology Law", state secret information transmitted in wired and wireless communications must be encrypted, protected and securely authenticated using core passwords and ordinary passwords in accordance with laws, administrative regulations and relevant national regulations.
correct
mistake
341
True or False Questions According to the "Cryptozoology Law", the cryptography management department guides, supervises and inspects the core cryptography, ordinary cryptography and commercial cryptography work of cryptography agencies in accordance with the law.
correct
mistake
Article 16 of the "Cryptozoology Law" The cryptography management department shall guide, supervise and inspect the core cryptography and general cryptography work of cryptography agencies in accordance with the law, and the cryptography agencies shall cooperate. (No commercial password)
342
True or False Questions According to the Cryptozoology Law, due to work needs and in accordance with relevant national regulations, the cryptography management department may request the public security, transportation, customs and other departments to provide conveniences such as exemption from inspection for core and ordinary cryptography-related items.
correct
mistake
343
True or False Question According to the Cryptozoology Law, cryptography management departments and cryptography work agencies should organize and conduct security reviews regularly or irregularly on their cryptography staff's compliance with laws and disciplines.
correct
mistake
344
True or False Questions According to the Cryptozoology Law, the state encourages the research and development, academic exchanges, achievement transformation, and promotion and application of commercial cryptography technology, improves a unified, open, competitive, and orderly commercial cryptography market system, and encourages and promotes the development of the commercial cryptography industry.
correct
mistake
345
True or False Question According to the Cryptozoology Law, the scientific research, production, sales, services, import and export of commercial cryptography must not harm national security, social public interests, or the legitimate rights and interests of others.
correct
mistake
346
True or False Questions According to the Cryptozoology Law, commercial cryptography import and export units are not commercial cryptography practitioners.
correct
mistake
Paragraph 2 of Article 21 of the "Cryptozoology Law": People's governments at all levels and their relevant departments shall follow the principle of non-discrimination and treat commercial cryptography research, production, sales, services, import and export, etc., including foreign-invested enterprises, equally in accordance with the law. Unit (hereinafter collectively referred to as the commercial cryptography business unit).
(Commercial secrets practitioners include commercial secrets scientific research units, commercial secrets import and export units, and commercial secrets service units)
347
True or False Questions According to the Cryptozoology Law, commercial cryptography production units belong to commercial cryptography practitioners.
correct
mistake
348
True or False Questions According to the Cryptozoology Law, the relevant technical requirements of national standards for commercial encryption should generally be higher than industry standards, group standards and enterprise standards.
correct
mistake
Article 22 of the "Cryptozoology Law" stipulates: The state supports social groups and enterprises to use independent innovation technology to formulate commercial encryption group standards and enterprise standards that are higher than the relevant technical requirements of national standards and industry standards.
349
True or False Questions According to the Cryptozoology Law, the state promotes participation in international standardization activities for commercial cryptography, participates in the formulation of international standards for commercial cryptography, and promotes the transformation and application of Chinese standards and foreign standards for commercial cryptography.
correct
mistake
350
True or False Questions According to the Cryptozoology Law, commercial cryptography entities carrying out commercial cryptography activities must comply with the technical requirements of relevant laws, administrative regulations, mandatory national standards for commercial cryptography, and the public standards of the entity.
correct
mistake
351
True or False Questions According to the "Cryptozoology Law", the testing and certification of commercial cryptography products shall be subject to the relevant provisions of the "Data Security Law of the People's Republic of China" to avoid repeated testing and certification.
correct
mistake
Article 26 of the "Cryptocurrency Law" stipulates: The relevant provisions of the "Cybersecurity Law of the People's Republic of China" shall apply to the testing and certification of commercial encryption products to avoid repeated testing and certification.
352
True/False Question According to the Cryptozoology Law, if commercial cryptography services use key network equipment and network security-specific products, the commercial cryptography services must be certified by a commercial cryptography certification agency.
correct
mistake
353
True or False Question According to the Cryptozoology Law, all commercial encryption products must be tested and certified by a qualified organization before they can be sold or provided.
correct
mistake
Article 20 of the Cryptozoology Law: Commercial cryptography products involving national security, national economy and people’s livelihood, and social and public interests can only be sold or provided after passing the testing and certification by a qualified commercial cryptography testing and certification agency.
354
True or False Questions According to the Cryptozoology Law, the security assessment of commercial cryptography applications should be connected with the security testing and assessment of critical information infrastructure and the network security level assessment system to avoid repeated assessment and assessment.
correct
mistake
355
True or False Questions According to the Cryptozoology Law, critical information infrastructure operators must ask commercial cryptography testing agencies to conduct cryptographic reviews.
correct
mistake
Article 27 of the "Cryptozoology Law" stipulates: Operators of critical information infrastructure protected by commercial cryptography shall use commercial cryptography for protection, and conduct security assessments of commercial cryptography applications by themselves or by entrusting commercial cryptography testing agencies.
356
True or False Question According to the "Cryptozoology Law", operators of critical information infrastructure who purchase network products and services involving commercial cryptography that may affect national security must, in accordance with the provisions of the "Administrative Licensing Law of the People's Republic of China", apply through the National Cyberspace Administration of China. The national security review organized by the department in conjunction with the national cryptography management department and other relevant departments.
correct
mistake
Article 35 of the "Cybersecurity Law" stipulates: Operators of critical information infrastructure who purchase network products and services that may affect national security must pass a national security review organized by the national cyberspace department in conjunction with relevant departments of the State Council .
357
True or False Question According to the "Cryptozoology Law", operators of critical information infrastructure that are required to be protected by commercial passwords as required by laws, administrative regulations and relevant national regulations should use ordinary passwords for protection.
correct
mistake
Article 27 of the "Cryptocurrency Law": Operators of critical information infrastructure that are required to be protected by commercial passwords as required by laws, administrative regulations and relevant national regulations shall use commercial passwords for protection .
358
True or False Questions According to the Cryptozoology Law, commercial cryptography used in mass consumer products is also subject to import licensing and export control systems.
correct
mistake
Article 28 of the "Encryption Law" stipulates: Commercial encryption used in mass consumer products is not subject to import licensing and export control systems.
359
True or False Questions According to the "Cryptozoology Law", the cryptographic modules in vehicle Bluetooth belong to the commercial cryptography used in mass consumer products.
correct
mistake
360
True or False Questions According to the provisions of the Cryptozoology Law, the National Cryptozoology Management Department shall identify institutions that use commercial cryptography technology to provide electronic authentication services for e-government affairs, and shall be responsible for the management of electronic signatures and data messages used in government affairs activities in conjunction with relevant departments.
correct
mistake
361
True or False Questions According to the Cryptozoology Law, the commercial cryptography industry associations in each province are social organizations.
correct
mistake
362
True or False Questions According to the Cryptozoology Law, industry associations and other organizations in the field of commercial cryptography provide information, technology, training and other services to commercial cryptography practitioners in accordance with the provisions of laws, administrative regulations and their charters.
correct
mistake
363
True or False Question According to the Cryptozoology Law, cryptography management departments and relevant departments and their staff should strictly keep confidential the business secrets and personal privacy that they know in the performance of their duties.
correct
mistake
364
True or False Question According to the Cryptozoology Law, cryptography management departments and relevant departments and their staff shall not require commercial cryptography practitioners and commercial cryptography testing and certification agencies to disclose source code and other cryptographic-related proprietary information to them.
correct
mistake
365
True or False Questions According to the provisions of the "Cryptozoology Law", those who steal other people's encrypted and protected information and illegally invade other people's password protection systems will be held legally responsible by the relevant departments in accordance with the provisions of the "Cybersecurity Law of the People's Republic of China" and other relevant laws and administrative regulations.
correct
mistake
366
True or False Question: If someone illegally invades the password protection system of a national defense military industrial enterprise, the relevant departments will pursue their legal responsibility in accordance with the "Cybersecurity Law of the People's Republic of China" and other relevant laws and administrative regulations.
correct
mistake
367
True or False Question According to the "Cryptozoology Law", in the event of a core password or ordinary password leakage case, the confidentiality administrative department and the password management department shall directly punish or handle the responsible person in charge and other directly responsible personnel in accordance with the law.
correct
mistake
Article 34 of the "Cryptozoology Law" stipulates: In case of violation of the provisions of this law and the leakage of core passwords or ordinary passwords, the confidentiality administrative department and the cryptography management department shall recommend that the relevant state agencies and units take action against the directly responsible persons in charge and other directly responsible persons . The responsible persons shall be punished or handled in accordance with the law.
368
True or False Question According to the provisions of the Cryptozoology Law, if a unit provides commercial cryptographic products that fail to pass the testing and certification, the market supervision and management department together with the cryptography management department will impose penalties.
correct
mistake
369
True or False Question According to the Cryptozoology Law, if an operator of a critical information infrastructure fails to conduct a commercial encryption application security assessment as required, resulting in consequences that endanger network security, the operator will face a penalty of not less than RMB 50,000 but not more than RMB 500,000. fine.
correct
mistake
Article 37 of the "Cryptozoology Law" stipulates: The operator of critical information infrastructure violates the provisions of Article 27, Paragraph 1 of this Law, fails to use commercial passwords as required, or fails to conduct security assessment of commercial password applications as required. , the cryptography management department shall order corrections and issue warnings; those
who refuse to make corrections or cause consequences such as endangering network security shall be fined not less than 100,000 yuan but not more than 1 million yuan, and the directly responsible person in charge shall be fined not less than 10,000 yuan but not more than 100,000 yuan. fine.
370
True or False Questions According to the Cryptozoology Law, if operators of critical information infrastructure use products or services that have not been subject to security review, the commerce department of the State Council will order them to stop using them and impose a fine of not less than one time but not more than ten times the purchase amount.
correct
mistake
Article 61 of the "Regulations on the Management of Commercial Passwords" If operators of critical information infrastructure violate the provisions of Article 40 of these Regulations and use network products or services involving commercial passwords that have not been reviewed or failed to pass the security review, they shall be punished by the relevant authorities . The competent department shall order it to stop using it and impose a fine of not less than 1 time but not more than 10 times of the purchase amount;
371
True or False Question Anyone who violates the provisions of the Cryptozoology Law in implementing commercial cryptography import licensing and export controls may be punished by the customs or the commerce department of the State Council or the national cryptography management department in accordance with the law.
correct
mistake
Article 38 of the "Encryption Law" stipulates that anyone who illegally implements import licensing and export control regulations and imports or exports commercial encryption shall be punished by the commerce department of the State Council or the customs in accordance with the law.
372
True/False Questions According to the Cryptozoology Law, if a staff member of a cryptography management department illegally provides others with commercial secrets and personal privacy that he learned in the performance of his duties during cryptography work, that person will be punished in accordance with the law.
correct
mistake
373
True or False Question If a person violates the provisions of the Cryptozoology Law and constitutes a crime, he shall be held criminally liable in accordance with the law; if he causes damage to others, he shall bear civil liability in accordance with the law.
correct
mistake
374
True or False Questions According to the "Cryptozoology Law", anyone who uses cryptography to engage in activities that endanger national security, social public interests, or the legitimate rights and interests of others, if the circumstances are serious and constitutes a crime, shall be investigated for criminal responsibility in accordance with the law.
correct
mistake
375
True or False Question The official promulgation date of China’s Cryptozoology Law is October 26, 2019, and it will come into effect on the date of promulgation.
correct
mistake
Effective on January 1, 2020
376
True or False Questions In accordance with the requirements of the Cryptozoology Law, adhering to the Party’s absolute leadership over cryptography work is a fundamental principle that must be unswervingly adhered to at any time and under any circumstances.
correct
mistake
377
True or False Questions According to the Cryptozoology Law, the state exercises exclusive control over the scientific research, production, sales and use of commercial cryptographic products.
correct
mistake
378
True or False Questions According to the "Cryptozoology Law", China's commercial password testing and certification methods are based on the principle of compulsory testing and certification, with voluntary testing and certification as an exception.
correct
mistake
Commercial password testing and certification adopts a combination of mandatory certification and nationally promoted voluntary certification.
379
True or False Question The market access management system for commercial encryption products in the "Cryptozoology Law" fully embodies the spirit of the reform of the administrative approval system and is consistent with the provisions of Article 23 of the "Cybersecurity Law".
correct
mistake
380
True or False Questions According to the "Cryptozoology Law", commercial passwords used in mass consumer products are products or technologies that can be purchased through regular retail channels without restrictions and can easily change the password function.
correct
mistake
Article 28 of the "Encryption Law" stipulates: Commercial encryption used in mass consumer products is not subject to import licensing and export control systems. Commercial passwords used in mass consumer products refer to products or technologies that the public can purchase through regular retail channels without restrictions for personal use and that cannot easily change password functions.
381
True or False Question According to the "Cryptozoology Law", there is a possibility of duplicate licensing between the e-government electronic certification service agency identification system and the electronic certification service license in the "Electronic Signature Law".
correct
mistake
382
True or False Questions According to the "Cryptozoology Law", the "double random" in the "double randomization and one disclosure" in the daily supervision of commercial cryptography means randomly selecting cryptography management departments and selecting law enforcement inspectors.
correct
mistake
The daily supervision of commercial encryption fully implements the random selection of inspection objects, the random selection of law enforcement inspectors, and the timely disclosure of random inspections and investigation results to the public. In principle, all daily administrative inspections are conducted through the "double random, one disclosure" method.
383
True or False Question In 1999, the State Council officially promulgated the "Regulations on the Management of Commercial Cryptozoology", which came into effect on the date of promulgation. The names of commercial passwords began to be well-known and widely used by society.
correct
mistake
384
True or False Questions According to the "Measures for the Administration of Security Assessment of Commercial Cryptocurrency Applications (Trial)", operators of critical information infrastructure do not need to organize security assessments of commercial cryptography applications before the system starts operating.
correct
mistake
Paragraph 1 of Article 37 of the "Cryptozoology Law" stipulates: Operators of critical information infrastructure violate the provisions of Paragraph 1 of Article 27 of this Law and fail to use commercial cryptography as required, or fail to carry out commercial cryptography application security as required . If there is no sexual evaluation, the password management department will order it to make corrections and give a warning.
385
True or False Question According to the "Measures for the Administration of Security Assessment of Commercial Cryptozoology Applications (Trial)", the security assessment of commercial cryptography applications is undertaken by cryptography evaluation institutions recognized by the national cryptography management department. The national cryptography management department regularly publishes a directory of evaluation institutions.
correct
mistake
386
True or False Question According to the "Measures for the Administration of Security Assessment of Commercial Cryptozoology Applications (Trial)", for critical information infrastructure, assessment agencies can conduct simultaneous assessment of the security of commercial cryptography applications with critical information infrastructure network security assessment and network security level protection assessment. .
correct
mistake
387
True or False Question According to the "Measures for the Administration of Security Assessment of Commercial Cryptozoology Applications (Trial)", after information systems at level 3 and above of network security level protection complete planning, construction, operation and emergency assessment, the assessment results should be reported within 30 working days. Report to the competent authority and the cryptography management department of the region (department) where you are located for the record, and report the evaluation results to the local public security department for the record at the same time.
correct
mistake
388
True or False Question According to the "Administrative Measures for Security Assessment of Commercial Cryptozoology Applications (Trial)", after the assessment agency completes the security assessment of commercial cryptography applications, it shall report the assessment results to the national cryptography management department for filing within 30 working days, and shall submit the assessment The results will also be reported to the public security department of the State Council for filing.
correct
mistake
After the evaluation agency completes the secret evaluation work, it should report the evaluation results to the national cryptography management department for record within 30 working days. The responsible unit should complete the planning, construction, operation, and emergency assessment and report the evaluation results to the competent authority within 30 working days. And all regional (department) password application departments for filing. The network security level protects information systems at level 3 and above, and the assessment results should be reported to the regional public security department for filing at the same time.
389
True or False Question According to the "Measures for the Administration of Security Assessment of Commercial Cryptozoology Applications (Trial)", construction units of networks and information systems in important areas involving national security and social public interests should assume management responsibilities for the assessment work and accept the supervision and supervision of the cryptography management department. Inspection and guidance.
correct
mistake
390
True or False Questions According to the "Measures for the Administration of Security Assessment of Commercial Cryptozoology Applications (Trial)", the national cryptography management department conducts inspections on the security assessment of commercial cryptography applications in various regions (departments) from time to time based on work needs, and conducts inspections on networks in relevant important areas. Conduct spot checks on information systems.
correct
mistake
391
True or False Question According to the "Administrative Measures for Commercial Cryptocurrency Application Security Assessment Agencies (Trial)", units applying to become commercial cryptography application security assessment organizations should have a complete personnel structure and pass the "Commercial Cryptocurrency Application Security Assessment Personnel Assessment" The number of evaluators shall be no less than 5.
correct
mistake
Not less than 10 people
392
True or False Question According to the "Administrative Measures for Commercial Cryptocurrency Application Security Evaluation Institutions (Trial)", the registered capital of an organization applying to become a commercial cryptography application security evaluation institution should be more than 5 million yuan.
correct
mistake
393
True or False Question According to the "Administrative Measures for Commercial Cryptocurrency Application Security Evaluation Institutions (Trial)", units that apply to become commercial cryptography application security evaluation institutions should have an evaluation work area of no less than 200 square meters.
correct
mistake
394
True or False Question According to the "Measures for the Administration of Commercial Cryptocurrency Application Security Evaluation Agencies (Trial)", units that have applied to become commercial cryptography application security evaluation institutions and their directly controlled parent companies or subsidiaries can engage in commercial cryptography product testing and certification work.
correct
mistake
395
True or False Question According to the "Administrative Measures for Commercial Cryptozoology Application Security Evaluation Agencies (Trial)", units that have been established for more than one year and have been engaged in information system security-related work for more than half a year can apply to become a commercial cryptography application security evaluation agency.
correct
mistake
396
True or False Question According to the "Administrative Measures for Commercial Cryptocurrency Application Security Assessment Agencies (Trial)", applicants who pass the preliminary review of commercial cryptography application security assessment agencies should participate in training, assessment and capability review within 60 working days.
correct
mistake
397
True or False Question According to the "Measures for the Management of Commercial Cryptocurrency Application Security Assessment Agencies (Trial)", units applying for commercial cryptography application security assessment agencies should ensure that their own assessment personnel participate in the entire process of assessment personnel training and assessment.
correct
mistake
398
True or False Question According to the "Administrative Measures for Commercial Cryptocurrency Application Security Assessment Agencies (Trial)", when the name, address, and main person in charge of a commercial cryptography application security assessment agency change, the assessment agency should report to the State Cryptozoology Administration within 15 working days. .
correct
mistake
399
True or False Question According to the "Measures for the Management of Commercial Cryptozoological Application Security Testing and Evaluation Agencies (Trial)", the National Cryptozoology Administration and the provincial and ministerial cryptography bureaus to which the testing and evaluation institutions are affiliated are responsible for the supervision and inspection of testing and evaluation institutions, and mandatory inspections of testing and evaluation institutions should be carried out regularly.
correct
mistake
400
True or False Questions According to the "Administrative Measures for Commercial Cryptocurrency Application Security Assessment Agencies (Trial)", if the evaluators of the commercial cryptography application security assessment agency fail to pass the training assessment, they will begin to engage in commercial cryptography application security assessment work. The National Cryptozoology Administration They will be ordered to make corrections within a time limit.
correct
mistake
401
True or False Question According to the "Administrative Measures for Commercial Cryptocurrency Application Security Assessment Agencies (Trial)", if a commercial cryptography application security assessment agency changes due to unit equity, personnel, etc., and does not meet the basic conditions for a commercial cryptography application security assessment agency, The State Cryptozoology Administration will order it to make rectifications within a time limit.
correct
mistake
402
True or False Question According to the "Administrative Measures for Commercial Cryptocurrency Application Security Evaluation Agencies (Trial)", a commercial cryptography application security evaluation agency deliberately leaked the work secrets and important information system data of the unit being evaluated, and the State Cryptozoology Administration should cancel its commercial passwords. Application security assessment agency pilot qualification.
correct
mistake
403
True or False Question According to the "Administrative Measures for Commercial Cryptocurrency Application Security Assessment Agencies (Trial)", the evaluators of a commercial cryptography application security assessment agency used the data information collected during the commercial cryptography application security assessment work without permission, and the situation If it is particularly serious, they should be removed from the list of commercial password application security assessors and their assessment agency should be notified.
correct
mistake
404
True or False Question According to the "Electronic Certification Service Password Management Measures", the key services required for the electronic certification service system are provided by the key management system planned by the National Cryptography Administration and the cryptography management agencies of provinces, autonomous regions, and municipalities directly under the Central Government.
correct
mistake
405
True or False Question: According to the "Electronic Authentication Service Password Management Measures", when applying for the "Electronic Authentication Service Crypto Use License", the materials submitted to the local provincial, autonomous region, or municipality cryptography management agency or the National Cryptography Administration do not include electronic certification. Technical materials related to service system interconnection testing.
correct
mistake
406
True or False Question "Electronic Authentication Service Use Password License" is valid for 5 years
correct
mistake
407
True or False Question If the electronic certification service provider terminates the electronic certification service, the "Password License for Use of Electronic Certification Services" originally held will become invalid within 15 working days.
correct
mistake
408
True or False Question: According to the requirements of the "Commercial Cryptometry Import Permit List", among the items and technologies listed in the import list, VPN equipment with an encrypted communication rate of 1Gbps is not a cryptographic product that should apply for an import license for dual-use items and technologies from the Ministry of Commerce. .
correct
mistake
409
True or False Question In accordance with the relevant provisions of the Cryptozoology Law, the Ministry of Commerce, the State Cryptozoology Administration, and the General Administration of Customs have formulated the "Commercial Cryptozoology Export Control List."
correct
mistake
The 410
True or False Question "Cryptozoology Law" was officially promulgated on October 26, 2019.
correct
mistake
411
True or False Question: Foreign investors can carry out commercial encryption technology cooperation in China based on voluntary principles and commercial rules.
correct
mistake
The scope of the 412
True or False Question commercial cryptographic technology review and appraisal includes cryptographic algorithms, cryptographic protocols, key management mechanisms and other commercial cryptographic technology contents.
correct
mistake
413
True or False Question If an enterprise promises to apply the technical requirements of a self-declared and public enterprise standard, it should comply with that standard.
correct
mistake
414
True or False Question: Commercial password application security assessment is a commercial password authentication activity.
Correct
mistake
415
True or False Question Application for commercial cryptography testing agency qualifications should be submitted to the national cryptography management department.
correct
mistake
416
True or False Question Application for commercial cryptography certification agency qualifications should be submitted to the market supervision and administration department of the State Council.
correct
mistake
Units that use test data issued by commercial cryptography testing agencies for 417 judgment questions shall be responsible for the authenticity and accuracy of the test data.
correct
mistake
418
True or False Question: When reviewing the application for qualification of a commercial cryptography certification agency, the State Council's market supervision and administration department can make decisions directly in accordance with the "Regulations on Certification and Accreditation" without seeking the opinions of the national cryptography management department.
correct
mistake
419
True or False Question Commercial cryptography testing agencies and commercial cryptography certification agencies should have technical capabilities appropriate to the activities they engage in.
correct
mistake
420
True or False Question: No unit may use commercial cryptography technology to provide electronic authentication services without obtaining documentation proving that the national cryptography management department has approved the use of cryptography.
correct
mistake
421
True or False Question: Institutions that use commercial encryption technology to engage in e-government electronic certification services must be identified by the market supervision and administration department of the State Council and obtain the qualifications of e-government electronic certification service agencies in accordance with the law.
correct
mistake
422
True or False Question To obtain the qualification of an e-government electronic certification service agency, you should have the ability to provide annual e-government electronic certification services for government activities.
correct
mistake
423
True or False Question Responsible for the planning and management of national electronic certification trust sources are the National Encryption Management Department and the Industry and Information Technology Department of the State Council.
correct
mistake
Whether the 424 judgment questions involve national security and social public interests is an important basis for determining commercial encryption import licenses and export controls.
correct
mistake
425
True or False Question The state supports the standardized application of commercial passwords in artificial intelligence models, algorithms and data protection.
correct
mistake
426
Multiple choice question According to the "Cryptozoology Law" and "Network Security Law", if a hacker illegally invades other people's password protection systems to show off his technical capabilities, the department that has the power to impose administrative penalties on him is ( ).
A. Password management department
B. Public security organs
C. Internet information department
D. Industry information department
427
Multiple Choice Questions According to the "Cryptozoology Law" and the "Network Security Law", if a hacker illegally invades other people's password protection systems to show off his technical capabilities and is subject to public security management penalties, the administrative penalties that the public security organs can impose on him include ( ).
A. Disqualify them from engaging in key network operation positions for life
B. Disable them from engaging in key network operation positions within twenty years
C. Disable them from engaging in key network operation positions within ten years
D. They will not be allowed to engage in key network operation positions within five years.
428
Multiple choice question According to the "Standardization Law", regarding the commercial encryption standard system, which of the following statements is wrong ( ).
A. National standards for commercial encryption may have mandatory standards and recommended standards.
B. Commercial encryption industry standards may have mandatory standards and recommended standards
C. Commercial cryptography group standards are formulated by social groups and can only be recommended standards.
D. Commercial cryptography enterprise standards are formulated by commercial cryptography enterprises or jointly formulated by enterprises.
429
Single-choice question "National Government Information Project Construction and Management Measures" applicable national government information systems include ( ).
A. National key business information system
B. National information resource database
C. National information security infrastructure
D.All of the above
430
multiple-choice questions According to the "Measures for the Construction and Management of National Government Informationization Projects", () is responsible for taking the lead in the preparation of the national government informationization construction plan, and filing and management of national government informationization projects approved by various departments.
A. National Development and Reform Commission
B. Ministry of Finance
C. General Office of the State Council
D. Central Cyberspace Administration
431
Single-choice question According to the "Measures for the Construction and Management of National Government Information Projects", the projects that can directly prepare a project feasibility study report are ( ).
A. Projects clearly required by the Party Central Committee and the State Council
B. Projects that have been included in the national government information construction plan
C. Projects involving special reasons such as major national strategies and national security
D. Projects where the depth of preliminary work reaches specified requirements
432
Single-choice question According to the "Measures for the Construction and Management of National Government Informationization Projects", for projects that have been included in the national government informationization construction plan, the following links can be simplified ( ).
A. Prepare and submit project proposals
B. Prepare a feasibility study report
C. Prepare a preliminary design plan
D. Prepare a framework plan
433
Single-choice question According to the "Measures for the Construction and Management of National Government Information Technology Projects", relevant departments shall independently review and approve new, reconstructed, or expanded national government information projects, and shall perform the approval procedures in accordance with regulations and file with the National Development and Reform Commission. Among them, reconstruction and expansion projects also need to submit preliminary projects ( ).
A. Third-party post-evaluation report
B. Password application security assessment report
C. Third-party audit report
D. Security risk assessment report
434
Single-choice question According to the "Measures for the Construction and Management of National Government Informationization Projects", the following are the planning and approval management requirements for the construction units of national government informationization projects. The incorrect one is ( ).
A. Prepare a catalog of information resources
B. Establish a long-term mechanism for information sharing
C. Feedback mechanism for shared information usage
D. Open the data only to specific companies and social organizations
435
Single choice question According to the "Measures for the Construction and Management of National Government Information Projects", the following statement about the sharing of information resources during the construction of national government information projects is incorrect ( ).
A. The feasibility study report and preliminary design plan should include the information resource sharing analysis chapter (chapter) B. The
evaluation report of the consulting and evaluation unit should include the evaluation opinions on the information resource sharing analysis chapter (chapter)
C. The approval document of the approval department or The request document submitted to the State Council should include opinions on the information resource sharing analysis chapter (chapter)
D. The project construction unit can only open the data that should be shared generally to specific enterprises and social organizations.
436
Single-choice question According to the "Measures for the Construction and Management of National Government Information Projects", construction units of national government information projects shall implement the requirements of national laws, regulations and standards for cryptography management, and plan, construct and operate simultaneously ( ).
A. Network security system
B. Password protection system
C. Technical support system
D. All of the above
437
Single-choice question According to the "Measures for the Construction and Management of National Government Informationization Projects", the following are not important contents for the acceptance of national government informationization projects ( ).
A. Safety and reliability of project software and hardware products
B. Project password application and security review
C. Energy utilization efficiency of hardware equipment and newly built data center
D. Regular safety assessment of the project
438
Single choice question According to the "National Government Information Technology Project Construction and Management Measures", the project performance evaluation report submitted by the national government information technology project construction unit to the project approval department before the end of each year during the construction period includes ( ).
A.Construction progress
B.Implementation of investment planC.Trial
operation results of the trial operation system and problems encountered
D.All of the above
439
Multiple choice questions According to the "National Government Information Technology Project Construction Management Measures", for government information technology projects that really need to arrange investment in advance due to demand analysis, preparation of feasibility study reports and preliminary designs, land purchase, demolition, etc., the project construction unit You can submit an application to the project approval department after the project feasibility study report is approved ( ).
A.Mae
B.After
C. At the same time
D. Within 7 working days
440
Multiple Choice Questions According to the "Measures for the Construction and Management of National Government Information Projects", within ( ) of the completion of a national government information project, the project construction unit shall apply for the approval department to organize acceptance in accordance with relevant national regulations.
A. One year
B. Three months
C. Half a year
D.Nine months
441
Single-choice question According to the "Measures for the Construction and Management of National Government Informationization Projects", the project construction unit shall, within () after the project passes acceptance and is put into operation, carry out self-evaluation in accordance with the relevant requirements for performance evaluation of national government informationization construction and management, and shall The self-evaluation report shall be submitted to the project approval department and financial department.
A.12 to 24 months
B. 6 to 12 months
C. One year
D. Half a year
442
Single-choice question According to the "National Government Information Project Construction and Management Measures", the statement regarding the construction, reconstruction, and expansion of government information systems by project construction units is incorrect ( ).
A. For government information systems that do not share data resources as required or collect data repeatedly, project construction units are not allowed to build, reconstruct, or expand government information systems.
B. For systems that are not included in the general catalog of national government information systems, project construction units are not allowed to build, reconstruct, or expand government information systems.
C. For systems that do not meet password application and network security requirements, the project construction unit shall not build, reconstruct, or expand government information systems. D.
For government information systems that have major security risks, the project construction unit shall not build, reconstruct, or expand government information systems.
443
Single-choice question According to the "Measures for the Construction and Management of National Government Information Projects", the network security supervision department shall strengthen the security supervision of the national government information system in accordance with the law, and guide and supervise the implementation of the project construction units ().
A. Network security review system requirements
B. Network security supervision requirements
C. Four synchronization requirements
D. Network security monitoring, early warning and information notification requirements
444
Multiple Choice Question The "Cybersecurity Law" stipulates that network operators shall perform network security protection obligations in accordance with the requirements of the network security level protection system and adopt encryption measures for ( ).
A. All data
B. General data
C.Important data
D.Web log
445
Multiple choice question In accordance with the requirements of the Cybersecurity Law, operators of critical information infrastructure should ( ) conduct inspections and assessments of the security and possible risks of their networks.
A.Self-propelled
B. Own or entrust a network security service agency
C. Entrust a network security service agency
D. On your own and entrust a network security service agency
446
Multiple choice questions In accordance with the requirements of the Cybersecurity Law, operators of critical information infrastructure should detect and evaluate the security and possible risks of their networks ( ).
A. At least once every three months
B. At least once every six months
C. Conduct it at least once a year
D.At least once every two years
447
Multiple choice question: An enterprise affiliated to a city provides operation and maintenance services for the national government system and does not adopt encryption measures for the large amount of government data generated during the service process. According to the "Data Security Law", the disposal and punishment measures that can be implemented do not include ( ).
A. The local public security organ orders him to make corrections within a time limit.
B. The local public security organ gives him a warning.
C. If the unit refuses to make corrections, the local public security agency may fine it 5 million yuan.
D. The local public security agency imposed a fine of 300,000 yuan on him
448
Multiple choice question: A state agency transmitted a large amount of important data in clear text, causing the data to be stolen by hackers and sold overseas through the dark web. According to the content of the "Data Security Law", the following statement is correct ().
A. The relevant competent authorities have the right to warn them.
B. The relevant competent authorities have the right to order them to make corrections
. C. The relevant competent authorities have the right to impose fines on them.
D. The relevant competent authorities shall punish the persons directly responsible in accordance with the law.
449
multiple-choice question According to the "Personal Information Protection Law", personal information processors are required to use password protection ( ).
A.Networks at level 3 or above of the classification guarantee
B.Critical information infrastructure
C.Personal information
D.Important data
450
Multiple Choice Question: A scientific and technological information company stores a large amount of personal information. According to the requirements of the "Personal Information Protection Law", the company should take protective measures. Which of the following statements is correct ( ).
A. Develop an internal management system
B. Provide regular security education and training to employees
C. Take corresponding encryption, de-identification and other measures
D.All of the above
451
multiple-choice question According to the "Personal Information Protection Law", an online ride-hailing company in a certain city stored a large amount of sensitive personal information in plain text. Later, the personal information was obtained by overseas hackers and sold. If the circumstances are serious, the punishment will be as follows: the correct one is( ).
A. Because he had a good attitude in admitting his mistakes and made corrections in a timely manner, the public security agency only issued a warning.
B. The local cyberspace department imposed a fine of 2 million yuan on the person directly responsible.
C. The provincial public security bureau will fine him 10 million yuan.
D. The local cyberspace department fined him 30 million yuan
452
Multiple Choice Question According to the content of the "Data Security Law" and "Commercial Cryptocurrency Application and Security Assessment", the correct approach to using cryptography technology to protect data and systems is ( ).
A. A certain technology company uses commercial encryption technology to encrypt transmission of important data.
B. A technology company uses the MD5 algorithm to encrypt important data during the data storage stage.
C. A critical information infrastructure operator uses core passwords to protect important data.
D. A bank uses core passwords to encrypt important data.
453
Multiple choice question According to the "Critical Information Infrastructure Security Protection Regulations", () supervises the use and management of passwords in critical information infrastructure.
A.State Internet Information OfficeB.General
Administration of Customs
C. State Cryptozoology Administration
D.National Data Administration
454
multiple-choice question "Information Security Level Protection Management Measures" stipulates that the security protection level of information systems is divided into ( ) levels.
A. three
B. four
C.five
D. six
455
multiple-choice question "Information Security Level Protection Management Measures" stipulates that after the information system is damaged, it will cause particularly serious damage to ( ), which belongs to the fifth level.
A.Legitimate rights and interests of citizens, legal persons and other organizations
B.Social order
C.Public interests
D.National security
456
multiple-choice question "Information Security Level Protection Management Measures" stipulates that () mandatory supervision and inspection of the information security level protection work of the fourth-level information system.
A. National Cyberspace Administration
B. National information security regulatory authorities
C. National cryptography management department
D. Ministry of Industry and Information Technology
457
multiple-choice question "Information Security Level Protection Management Measures" stipulates that the state designates specialized departments to conduct special supervision and inspection of the information security level protection work of level ( ) information systems.
A. three
B. four
C.five
D. six
458
multiple-choice question "Information Security Level Protection Management Measures" stipulates that for information systems that are to be determined as level ( ) or above, the operating and user units or competent departments should request the National Information Security Protection Level Expert Review Committee for review.
A.two
B.three
C.four
D.five
459
Single-choice question "Information Security Level Protection Management Measures" stipulates that the third-level information system should ( ) conduct at least one level assessment.
A. Every six months
B.Every year
C. Every year and a half
D. Every two years
460
single-choice question "Information Security Level Protection Management Measures" stipulates that the fourth-level information system should () conduct at least one level assessment.
A.Every three months
B. Every six months
C. Every year
D. Every year and a half
461
single-choice question "Information Security Level Protection Management Measures" stipulates that the fifth-level information system should ( ) conduct level assessment.
A. Every three months
B. Every six months
C. Every year
D.Based on special security requirements
462
Multiple Choice Question "Information Security Level Protection Management Measures" stipulates that the third-level information system should ( ) conduct at least one self-inspection.
A. Every six months
B.Every year
C. Every year and a half
D. Every two years
463
multiple-choice question "Information Security Level Protection Management Measures" stipulates that the fourth-level information system should ( ) conduct at least one self-inspection.
A.Every three months
B. Every six months
C. Every year
D. Every year and a half
464
multiple-choice question "Information Security Level Protection Management Measures" stipulates that new information systems above the second level must go through the registration formalities ( ) after they are put into operation.
A. Within 10 days
B. Within 20 days
C.Within 30 days
D.Within 60 days
465
single-choice question "Information Security Level Protection Management Measures" stipulates that after the information system is filed, if it meets the level protection requirements, the public security agency shall issue an information system security level protection filing certificate within ( ) from the date of receipt of the filing materials.
A.Within 10 working days
B. Within 20 working days
C. Within 30 working days
D. Within 60 working days
466
multiple-choice question "Measures for the Management of Information Security Level Protection" stipulates that the national cryptography management department is responsible for the supervision, inspection, and guidance of () in the level protection work.
A.Mid-level security work
B. Password work
C. Confidentiality
D. Inter-department coordination
467
Single Choice Question According to the "Measures for the Administration of Leveled Protection of Information Security", if passwords are used to protect information and information systems that do not involve state secrets in leveled protection work, the configuration and use of passwords should be ( ).
A. Filing with the national cryptography management agency
B. Approved by the National Encryption Management Agency
C. Approved by the Public Security Department of the State Council
D. Filing with the Public Security Department of the State Council
468
multiple-choice question "Information Security Level Protection Management Measures" stipulates that when an enterprise uses cryptographic technology to construct and rectify system-level protection of information systems, the following behaviors are wrong ( ).
A. Use cryptographic products approved by the national cryptography management department for security protection
B. Use cryptography products approved for sale by the national cryptography management department for security protection
C. Use cryptographic products imported from abroad
D. Approved use of imported information technology products containing encryption functions
469
multiple-choice question "Information Security Level Protection Management Measures" stipulates that in order to save costs, the evaluation of password applications in non-confidential information systems of small businesses can be evaluated by ( ).
A. Our country’s professional network security technical experts
B. Secret evaluation pilot agency issued by the State Cryptozoology Administration
C. A state-recognized MLPS assessment agency that does not have confidential assessment qualifications
D. A government department with a specialized technical team
470
multiple-choice question "Information Security Level Protection Management Measures" stipulates that ( ) can regularly or irregularly inspect and evaluate the configuration, use and management of passwords in information system level protection work.
A. Provincial password management department
B. Municipal password management department
C. County password management department
D. All of the above are correct
471
Multiple choice question According to the "Information Security Level Protection Management Measures", an enterprise has important confidential information systems, and the relevant departments should ( ) conduct at least one inspection and evaluation of its password configuration, use and management.
A.Every two years
B. Every year
C. Every six months
D. Every three months
472
Multiple-choice question According to the "Catalogue of Technologies Prohibited and Restricted from Export by China", () does not belong to the quantum cryptography technology restricted by China's export.
A. Quantum cryptography implementation method
B. Quantum cryptography engineering implementation technology
C. Quantum cryptography transmission technology
D. Countermeasure technology of quantum cryptography
473
Single-choice question According to the "Catalogue of Technologies Prohibited and Restricted from Export by China", () does not fall within the cryptographic chip design and implementation technologies restricted by China's export.
A. High-speed cryptographic algorithm
B. Zu Chongzhi’s sequence cipher algorithm
C. Parallel encryption technology
D. Security design technology of cryptographic chips
474
Single-choice question According to the provisions of the "Electronic Signature Law", if you engage in electronic certification services, you must apply to ( ).
A. Information industry department of the State Council
B. Public Security Department of the State Council
C. National Encryption Management Department
D. State Administration for Market Regulation
475
Single-choice question According to the provisions of the Electronic Signature Law, the relevant competent authorities shall review the application in accordance with the law after receiving the application for electronic authentication services, and after soliciting the opinions of ( ) and other relevant departments, make a decision on whether to grant permission or not within a certain period of time.
A. Commerce department of the State Council
B. National Data Administration
C. National Science and Technology Commission
D. National Cyberspace Administration
476
multiple-choice question According to the content of the "Network Security Review Measures", a critical information infrastructure operator that has been recognized as a state agency wants to purchase a commercial encryption product designed overseas. Which of the following statements is correct ( ).
A. The state agency should first predict on its own whether the commercial encryption product may create national security risks.
B. If the state agency believes that the use of the commercial encryption product may create national security risks, it should apply for a network security review.
C. If the State Cryptozoology Administration If it is believed that the use of commercial encryption products may create national security risks, the Cybersecurity Review Office may initiate a cybersecurity review of the national agency ex officio.
D. Since the state agency purchased commercial encryption products designed overseas, it can only initiate a network security review through an application from the state agency. The Network Security Review Office does not have the authority to initiate a network security review on its own.
477
multiple-choice questions According to the "Cyber Security Review Measures", when applying for a national security review of commercial encryption, the application materials that critical infrastructure operators should provide include ( ).
A. Declaration
B. Procurement documents or agreements
C. Analysis reports that affect or may affect national security
D. Other materials required for network security review work
478
Multiple Choice Questions The National Cryptozoology Administration found during daily inspections that the system of a military research unit in a certain city has been included in the critical information infrastructure. In 2022, it purchased a batch of commercial cryptographic products produced by overseas Company A, but No cybersecurity review has been filed. The State Cryptozoological Administration found that Company A has a history of engaging in cyber espionage, then which of the following statements is correct ( ).
A. The State Cryptographic Administration should immediately initiate a network security review.
B. The State Cryptographic Administration should notify the military research unit to apply for a network security review on its own.
C. The Cyber Security Review Office should initiate a cyber security review. The State Cryptozoology Administration has no authority to initiate a cyber security review on its own.
D. The Cyber Security Review Office should submit a request to the Central Cybersecurity and Informatization Commission for approval before initiating a cyber security review.
479
multiple-choice questions According to the "Cybersecurity Review Measures", the Cybersecurity Review Office plans to conduct a cybersecurity review of a critical infrastructure operator's purchase of commercial cryptographic products. The factors that it should focus on assessment are ( ).
A. The risk that the critical information infrastructure caused by the use of this commercial encryption product will be illegally controlled, interfered with or destroyed B. The
harm to the business continuity of the critical information infrastructure caused by the interruption of the supply of this commercial encryption product
C. The risks of this commercial encryption product Security, openness, transparency, and diversity of sources
D. The commercial encryption product provider’s compliance with China’s laws, administrative regulations, and departmental rules
480
multiple-choice questions According to the "Cybersecurity Review Measures", member units and relevant departments of the network security review working mechanism are unable to form a consistent opinion on whether there is a national security risk regarding the purchase of commercial cryptographic products for a certain critical information infrastructure. The following are relevant The statement is correct ( ).
A. The Cybersecurity Review Office should make the decision to allow the procurement
B. The Cybersecurity Review Office should initiate a special review procedure.
C. The Cybersecurity Review Office should formulate review conclusions and recommendations again.
D. The re-formulated review conclusions and recommendations should be submitted to the Central Cybersecurity and Information Technology Commission for approval.
481
Multiple-choice question For password security vulnerabilities discovered in security research, when determining whether to share them with overseas security communities, the laws, regulations and regulations that should be complied with include ( ).
A. "Cryptozoology Law"
B. "Export Control Law"
C. "Network Product Security Vulnerability Management Regulations"
D. "Data Security Law"
482
Multiple Choice Questions According to the "Electronic Signature Law", the legal effect of a document that the parties agree to use electronic signatures or data messages shall not be denied simply because it is in the form of electronic signatures or data messages. However, the following documents are excluded ( ).
A. Involving personal relationships such as marriage, adoption, inheritance, etc.
B. Involving the suspension of water supply, heating, gas supply and other public services
C. Civil contracts involving property transactions
D. Documentary documents involving the confirmation of house ownership
483
multiple-choice question According to the content of the "Electronic Signature Law", regarding the sending and receiving time of data messages, which of the following statements is correct ( ).
A. The time when the data message enters an information system beyond the control of the sender shall be deemed as the sending time of the data message.
B. If the recipient designates a specific system to receive the data message, the time when the data message enters the specific system shall be deemed as the time when the data message enters the specific system. The reception time of the data message
C. If no specific system is specified, the first time the data message enters any system of the recipient shall be deemed as the reception time of the data message
D. The parties have other agreements on the sending time and reception time of the data message Yes, according to its agreement
484
Multiple Choice Questions According to the "Electronic Signature Law", data messages need to be considered as originals that meet the requirements of laws and regulations. The requirements that should be met include ().
A. Be able to effectively express the content contained in it
B. Be able to reliably guarantee that the content remains intact and unaltered from the time of final formation
C. Add endorsement to the data message and the form changes that occur during the data exchange, storage and display process will not Affects the integrity of data messages
D. Can be accessed at any time
485
Multiple Choice Questions According to the "Electronic Signature Law", an electronic signature can be regarded as a reliable electronic signature, and the conditions that should be met include ( ).
A. When the electronic signature production data is used for electronic signature, it is exclusive to the electronic signer.
B. The electronic signature production data is only controlled by the electronic signer when signing.
C. Any changes to the electronic signature after signing can be discovered.
D. After signing, Any changes to the content and form of data messages can be detected
486
Multiple Choice Question According to the "Electronic Signature Law", which of the following statements about electronic signatures is correct ( ).
A. The legal effect of a reliable electronic signature is second only to a handwritten signature or seal.
B. When the electronic signer knows that the electronic signature production data may have been compromised, he should terminate the use of the electronic signature production data. C.
As long as it complies with the agreement between the parties, the parties may also choose to use electronic signatures.
D. Overseas electronic certification service providers issue overseas electronic signatures. The electronic signature authentication certificate and the electronic signature authentication certificate certified in accordance with this law have the same legal effect.
487
Multiple Choice Questions According to the provisions of the Electronic Signature Law, entities that provide electronic authentication services must meet the following conditions: ( ).
A. Have professional technicians and managers suitable for providing electronic authentication services
B. Have funds and business premises suitable for providing electronic authentication services
C. Have technology and equipment that comply with national security standards
D. Have a national cryptography management agency Documentation of consent to use of password
488
Multiple Choice Questions According to the "Electronic Signature Law", the electronic signature certification certificate issued by the electronic certification service provider should be accurate and should state the following contents: ( ).
A. Name of electronic certification service provider
B. Name of certificate holder
C. Electronic signature verification data of certificate holder
D. Electronic signature of electronic certification service provider
489
Multiple Choice Questions According to the provisions of the Electronic Signature Law, the regulatory requirements that should be followed when conducting electronic authentication services include ( ).
A. Formulate and publish electronic certification business rules in accordance with the law
B. When issuing a certificate, the identity of the applicant should be verified and relevant materials should be reviewed to ensure that the issued certificate is accurate and that the content of the certificate is complete and accurate within the validity period
C. Before suspending or terminating services Proper arrangements should be made for business undertaking and other related matters
D. Certification-related information should be properly preserved
490
multiple-choice questions According to the "Cybersecurity Law", the country implements a network security level protection system. Network operators shall perform security protection obligations as required. In addition to implementing encryption measures, security protection obligations also include ( ).
A. Determine the person in charge of network security
B. Take technical measures to prevent network attacks
C. Data classification
D. Backup of important data
491
Multiple Choice Questions Platform A is a large-scale online e-commerce platform. In order to better form a "user profile", it requires that user transaction data not be encrypted. Later, due to third-party network attacks, user data was leaked on a large scale. Regarding this situation, which of the following statements is correct ( ).
A. There is no clear provision in our country’s legislation, so it is not illegal.
B. Violate the provisions of the "Cybersecurity Law" on network security protection
C. Since user data leakage is caused by a third-party network attack, Platform A does not bear legal responsibility.
D. Platform A and its directly responsible person in charge should be fined
492
Multiple Choice Questions In 2017, the Wannacry virus swept the world. This ransomware encrypted important files in the victim's information system and forced the victim to pay a ransom. The current legislation in my country that can be used to regulate this extortion behavior includes ( ).
A. "Cryptozoology Law"
B. "Network Security Law"
C. "Criminal Law"
D. "Public Security Management Punishment Law"
493
multiple-choice question Commercial encryption products and service providers should assume necessary product and service security obligations. The following behaviors will cause commercial encryption product and service providers to bear corresponding legal liabilities: ( ).
A. Set up malicious programs
B. Fail to take immediate remedial measures for security defects, vulnerabilities and other risks in its products and services C. Fail to promptly
inform users and report to relevant authorities in accordance with regulations
D. Terminate security for its products and services without authorization maintain
494
Multiple Choice Questions A certain vulnerability platform published the discovered vulnerabilities of a certain commercial encryption product on its website without authorization. As a result, the commercial encryption product suffered a large number of attacks that exploited the disclosed vulnerabilities in a short period of time. In response to this behavior, the following The correct expression is ( ).
A. The platform’s behavior of disclosing vulnerabilities is not subjectively malicious, so it does not need to bear legal responsibility.
B. Vulnerability information shall not be released before commercial encryption product providers provide vulnerability patching measures.
C. The competent authorities may order the platform to suspend relevant business.
D. May impose fines on the directly responsible person in charge and other directly responsible personnel of the platform.
495
Multiple Choice Questions A is a designer of commercial encryption products. Inspired by the Wannacry incident, A believes that encryption extortion is a way to make money quickly, but he does not have the courage to directly carry out extortion, so he Selling self-developed encryption ransomware tools online. Regarding this fact, which of the following statements is correct ( ).
A. A did not directly carry out extortion activities, so it does not constitute a cybercrime.
B. If A's violation is minor and he is only punished by public security management, he shall not be allowed to engage in network security management and key network operation positions within five years. C. If A is
serious and his violation is serious and he is subject to criminal punishment, he shall be prohibited from engaging in network security management and network operations for life. Operational key positions
D. If A’s violation is minor and does not constitute a crime, the public security organ may confiscate the illegal gains and impose a detention and fine.
496
multiple-choice questions China’s laws, regulations and normative documents involving network security level protection include ( ).
A. "Network Security Law"
B. "Data Security Law"
C. "Information Security Level Protection Management Measures"
D. "Information Security Level Protection Commercial Password Management Measures"
497
multiple-choice question The circumstances under which personal information processors shall conduct personal information protection impact assessments as stipulated in the Personal Information Protection Law include ( ).
A. Provide personal information abroad
B. Use personal information for automated decision-making
C. Entrust a third party to perform data processing through federated computing and other methods
D. Use differential privacy methods to process sensitive personal information
498
multiple-choice question According to the "Personal Information Protection Law", which of the following statements about personal information processors should perform notification obligations when a data leak occurs is correct ( ).
A. In the event of personal information leakage, the departments and individuals performing personal information protection responsibilities should be notified.
B. The notification should include the cause of the incident and possible consequences.
C. If the personal information processor takes effective encryption measures, it can effectively avoid If information leakage, tampering, or loss causes harm, the individual may not be notified.
D. The notification should include the contact information of the personal information processor and the remedial measures taken.
499
multiple-choice questions In accordance with the "Personal Information Protection Law", the national cyberspace department coordinates and coordinates the personal information protection work promoted by relevant departments ( ).
A. Formulate various specific rules and standards for personal information protection, such as encryption specifications, etc.
B. Formulate special personal information protection rules and standards for new technologies and applications such as face recognition and artificial intelligence. C.
Support research and development, including password-based Secure electronic identity authentication technology, promote the construction of public services for online identity authentication
D. Promote the construction of a socialized service system for personal information protection, and support relevant institutions to carry out personal information protection assessment and certification services
Below are 500
multiple-choice questions that may violate the Personal Information Protection Act ().
A. E-book APPs store user ID number information in clear text
B. Travel APPs collect screenshot information from users’ mobile phone albums
C. E-commerce APPs collect user application list information
D. Weather APPs collect precise location (latitude and longitude) information of user devices