Please click↑to follow and collect, this blog isfree Get wonderful knowledge sharing for you! There is a surprise! !
1. In addition to testing programs, black box testing is also applicable to software documents in the testing ( ) stage.
A.Encoding
B.Overall design
D.Database design
C. Software requirements analysis
Answer: C
Analysis: Black box testing is also called functional testing, which does not involve the internal logic of the program. In addition to testing procedures, it is also suitable for testing software documentation that requires an analysis phase.
2. ( ) refers to the testing activities performed during the software maintenance phase to detect errors that may be introduced due to code modifications.
A. Regression testing
B. Repair test
C. Integration test
D.Smoke test
Answer: A
Analysis: Regression testing refers to re-testing after modifying the old code to confirm that the modification did not introduce new errors or cause other codes to generate errors. As an integral part of the software life cycle, regression testing occupies a large proportion of the workload in the entire software testing process. Multiple regression tests are performed at each stage of software development.
3. After a software system is delivered, developers find that the performance of the system can be further optimized and improved, and the resulting software maintenance is ()
A.Corrective maintenance
B. Adaptive maintenance
C.Perfect maintenance
D. Preventive maintenance
Answer: C
Analysis: Further optimize performance, so it is a complete maintenance. There is no problem with the system. We can only further optimize the performance, so we cannot select A.
4. Software maintenance work includes many types. The purpose of ( ) is to detect and correct potential errors in software products before they become actual errors.
A.Corrective maintenance
B. Adaptive maintenance
C.Perfect maintenance
D. Preventive maintenance
Answer: D
Analysis: Detecting potential errors and preventing them from becoming actual errors is preventive maintenance.
5. Which of the following descriptions about software testing is incorrect ( ).
A. Activities conducted to evaluate and improve product quality
B. Activities that must be started after the coding phase is completed
C. It is an activity carried out to identify product defects.
D. Generally divided into stages such as unit testing, integration testing, and system testing.
Answer: B
Analysis: ACD is a conventional function or statement for software testing. B is wrong. Software testing can start during the requirements analysis phase, such as writing test cases, etc.
6. ( ) is a measure of the close connection between the various modules in the software system structure.
A.Cohesion
B. Coupling
C. Hierarchy
D.Relevance
Answer: B
Analysis: Cohesion, also known as intra-block connection, refers to a measure of the functional strength of a module, that is, a measure of how closely the elements within a module are combined with each other. Coupling, also called inter-block connection, refers to a measure of the close connection between modules in the software system structure. We need to achieve high cohesion and low coupling!
7. The security technology required for information () ensures that the information recipient can verify that the information has not been modified during the transmission process, and can prevent intruders from replacing legitimate information with false information.
A. Implicit
B. Confidentiality
C.Integrity
D.Reliability
Answer: C
Analysis: Integrity is the characteristic that information cannot be changed without authorization. That is, the information of the application system maintains the characteristics of not being damaged or lost by accidental or deliberate deletion, modification, forgery, reordering, replaying and insertion during storage or transmission.
8. Drawing a data flow diagram is part of the software design process to show the flow of information in the system. The basic components of a data flow diagram include ( ).
A. Data flow, processing, data storage and external entities
B. Source and end points of data flow, data storage, data files and external entities
C. Data source and destination, processing, data and data flow files
D. Data, processing and data storage
Answer: A
Analysis: The basic components of a data flow diagram include: data flow, processing, data storage and external entities. See below:
9. GB/T 11457-2006 "Information Technology Software Engineering Terminology" stipulates three baselines for configuration management, which are ( ).
A. Trend baseline, test baseline and original baseline
B. Functional baseline, distribution baseline and product baseline
C. Product baseline, distribution baseline and test baseline
D. Product baseline, original baseline and test baseline
Answer: B
Analysis: GB/T 11457-2006 "Information Technology Software Engineering Terminology"
2.125 For configuration management, there are three baselines:
1. Functional baseline, the initially passed functional configuration;
2. Allocation baseline, the configuration of the initially passed allocation;
3. Product baseline, initially passed or conditionally passed product configuration.
10. According to GB/T 11457-2006 "Information Technology Software Engineering Terminology", ( ) is a static analysis technology or review process. In this process, the designer or programmer guides members of the development team to read through the written design or Code, other members are responsible for raising questions and making comments about technical style, style, possible errors, whether it violates development standards, etc.
A. Walkthrough
B.Audit
C. Certification
D. Identification
Answer: A
Analysis: According to GB/T 11457-2006 "Information Technology Soft Engineering Terminology" 2.1843 Walk-through: a static analysis technology or review process, during which the designer or programmer guides members of the development team to read through For the written design or code, other members are responsible for raising questions and commenting on the technical style, style, possible errors, whether it violates development standards, etc.
11. Configuration management is an important control process in the software life cycle and plays an important role in the software development process. According to the description of GB/T 11457-2006 "Software Engineering Terminology", in the following description of the configuration management baseline, ( ) is incorrect.
A. The configuration management baseline includes the functional baseline, that is, the configuration of the initially passed function
B. Configuration management baselines include allocation baselines, that is, the configuration of the allocation that was initially passed
C. The configuration management baseline includes the product baseline, that is, the configuration of the product that initially passed or that passed conditionally
D. Configuration management baselines include time baselines, that is, the timing of the initial adoption
Answer: D
Analysis: Configuration management has the following three types of baselines: functional baseline (functional configuration initially passed), allocation baseline (assigned configuration initially passed), and product baseline (product configuration initially passed or conditionally passed). ,
12. According to the relevant provisions of GB/T 12504-2008 "Computer Software Quality Assurance Plan Specifications", the following review and inspection work ( ) is not mandatory.
A.Execution progress review
B. Software requirements review
C. Detailed design review
D. Management review
Answer: A
Analysis: See GB/T 12504-90 "Computer Software Quality Assurance Plan Specification". There is no implementation progress review in A, but both in BCD, see below:
4.5 Review and inspection
4.5.1 Software requirements review. After the software requirements analysis phase, a software requirements review must be conducted to ensure the suitability of the requirements specified in the software requirements specification.
4.5.2 Outline design review. After the software outline design is completed, the outline design review must be conducted to evaluate the software outline design described in the software design specification in terms of the overall structure, external interfaces, main component function distribution, global data structure and each main component. suitability of interfaces, etc.
4.5.3 Detailed design review. After the detailed design phase of the software, a detailed design review must be conducted to determine the suitability of the detailed design described in the software design specification in terms of functions, algorithms, and process descriptions.
4.5.4 Software verification and validation review. After the software verification and validation plan is developed, it must be reviewed to evaluate the software verification to confirm the suitability and completeness of the verification and validation methods specified in the plan.
4.5.5 Functional check: Before the software is released, the software must be functionally checked to confirm that all requirements specified in the software requirements specification have been met.
4.5.6 Physical inspection: Before accepting the software, the software must be physically inspected to verify that the procedures and documents are consistent and ready for delivery.
4.5.7 Comprehensive inspection. During software acceptance, users or experts entrusted by users should be allowed to conduct a comprehensive inspection of design sampling of the software to be accepted to verify the consistency of the code and design documents, and the consistency between the interface specifications ( Hardware and software) design implementation and functional requirements consistency, functional requirements and test description consistency.
4.5.8 Management review: Management review of the implementation of the plan must be conducted regularly (or by stage). These reviews must be conducted by an organization or an authorized third party independent of the unit being reviewed.
13. According to GB/T 16260.2-2006 "Software Engineering Product Quality Part 2: External Measurements", evaluating the effectiveness of the software's help system and documentation is performed on the software ( ).
A. Comprehensibility measure
B. Ease of operation measurement
C. Attractiveness measure
D. Ease of learning measurement
Answer: D
Analysis: GB/T 16260.2-2006 "Software Engineering Product Quality Part 2: External Measurements": 8.3.2 Learnability Measurement External learnability measurement (see Table 8.3.2) should be able to evaluate how long it takes users to learn how to do it Use a particular feature and evaluate the effectiveness of its help system and documentation. Learnability and understandability are closely related, and the measurement of understandability can be used as a potential indicator of software learnability. For example: the ease of learning a function, the ease of learning a task while using it, the effectiveness of user documentation and help mechanisms, the availability of help, and the frequency of help.
14. Among the following descriptions, the ones that do not comply with the provisions of GB/T 16680 "Software Document Management Guide" are ( ).
A. Quality assurance plan is a management document
B. Detailed design review requires review procedure unit test plan
C. The quality of documents can be divided into four levels according to the form of the document and the listed requirements.
D. All documents for software products should be signed as required and counter-signed when necessary.
Answer: A
Analysis: According to GB/T 16680 "Software Document Management Guide", software documents are classified into the following three categories.
7.2.1 Development documentation: describes the development process itself.
① Feasibility study and project mission statement; ② Requirements specification; ③ Functional specifications; ④ Design specifications, including program and data specifications; ⑤ Development plan; ⑥ Software integration and testing plan; ⑦ Quality assurance plan, standards, and progress ;⑧Safety and testing information.
7.2.2 Product documentation: describes the product of the development process.
① Training manuals; ② Reference manuals and user guides; ③ Software support manuals; ④ Product manuals and information advertisements.
7.2.3 Management documents: record project management information.
①Records of progress and progress changes at each stage of the development process; ②Records of software changes; ③Records of judgments relative to development; ④Definition of responsibilities.
So A is the wrong answer, and the quality assurance plan is a development document.
15. Process quality refers to the comprehensive characteristics of the ability of a process to meet explicit and implicit needs. According to the point of view in GB/T 16260-2006, in software engineering projects, evaluating and improving a process is a means to improve ( ), and accordingly it is called a method to improve the quality of use.
A. Product quality
B. Quality of use
C. Internal quality
D.External quality
Answer: A
Analysis: According to GBT 16260.1-2006 "Software Engineering Product Quality"
5.1 Quality approach: Process quality (that is, the quality of any life cycle process defined in GB/T 8566-2001) helps to improve product quality, and product quality helps to improve use quality. Therefore, evaluating and improving a process is a means of improving product quality, and evaluating and improving product quality is one of the methods of improving quality in use. Likewise, evaluating the quality of use can provide feedback for improving the product, and evaluating the product can provide feedback for improving the process.
16. Information system security risk assessment is completed through digital asset assessment criteria. It usually covers various elements such as personnel safety, personnel information, public order, etc. The following elements that will not be covered are ( ).
A. Obligations not determined by legislation and regulations
B. Financial losses or interference with business activities
C.Loss of credibility
D. Commercial and economic interests
Answer: A
Analysis: The assessment is completed through digital asset assessment criteria, which covers the following points: ① personnel safety; ② personnel information; ③ obligations determined by legislation and regulations; ④ legal compulsory; ⑤ commercial and economic interests; ⑥Interference of financial losses on business activities; ⑦Public order; ⑧Business policies and operations; ⑨Damage to reputation.
17. According to the provisions of GB/T 12504-2008 "Computer Software Quality Assurance Plan Specification", during software acceptance, verify the consistency of the code and design documents, the consistency of the interface specifications, the consistency of the design implementation and functional requirements Wait for the check to belong to ( )
A. Comprehensive inspection
B. Functional check
C.Performance check
D. Configuration check
Answer: A
Analysis: GB/T 12504-199 "Computer Software Quality Assurance Plan Specification"
4.5.5 Functional check: Before the software is released, the software must be functionally checked to confirm that all requirements specified in the software requirements specification have been met.
4.5.6 Physical inspection: Before accepting documents, the software must be physically inspected to verify that the procedures and documents are consistent and ready for delivery.
4.5.7 Comprehensive inspection: During software acceptance, the user or the experts entrusted by the user must be allowed to conduct a comprehensive inspection of the design sampling of the accepted software to verify the consistency of the code and design documents, and the consistency between the interface specifications. (hardware and software), consistency of design prior to functional requirements, consistency of functional requirements and test descriptions.
18. According to the relevant provisions of GB/T 22239-2008 "Basic Requirements for Security Level Protection of Information System Information Security Technology", "A dedicated person should be assigned to be responsible for, control, identify and record the entry and exit of the computer room" should be classified as () safety technical requirements.
A.Physics
B.Equipment
C.Storage
D.Network
Answer: A
Analysis: GB/T 22239-2008 "Basic Requirements for Information Security Technology Information System Security Level Protection" 6.1.1.2 Physical Access Control This requirement includes:
A. Special personnel should be assigned to the entrance and exit of the computer room to control, identify and record the personnel entering;
B. Visitors who need to enter the computer room should go through the application and approval process, and their scope of activities should be restricted and monitored.
19. When evaluating information system security, risk items need to be quantified to comprehensively assess the security level. If the occurrence probability of an event with frequent demand changes is 0.5 and the resulting risk impact value is 5, then the risk value of this risk item is ( ).
A.10
B.5.5
C.4.5
D.2.5
Answer: D
Analysis: The product of probability and impact value is risk value 0.5*5=2.5.
20. According to GB/T 16680-2015 "Managers' Requirements for User Documentation in System and Software Engineering", managers should develop and maintain user documentation plans. ( ) is not part of the user documentation plan.
A. Quality control implemented during document development
B. Availability requirements for user documentation
C. Determine the software products that need to be covered by user documentation
D. Control templates and standard designs for media and output formats of each document
Answer: A
Analysis: According to GB/T 16680-2015 "Manager Requirements for System and Software Engineering User Documentation" 7.3 Documentation plan content: Determine the software products that need to be covered by user documentation;
each document;
The intended audience (user attributes) of each document, e.g. characterized by education level, skills and experience;
Documents and information to be acquired, reused or developed and their intended sources;
Availability requirements for user documentation;
Control templates and standard designs for media and output formats for each document;
To estimate user documentation manager needs based on the number of document topics, illustrations, words, pages, error messages, commands, or other parameters, the manager should develop and maintain a rationale or purpose (instructional or informational) for the user documentation set. and the size of the range.
An outline, table of contents, or topic list for a user document;
Methods and tools in the document development and production process, including methods for timely delivery of software change information to document writers during the software development process;
Roles and responsibilities; required skill levels, optional team member selection plan; schedule for document development, review, approval, and release, including reliance on software product development schedule or other documentation projects;
Related plans to translate and localize user documentation;
Identify the specific deliverables, such as the number of printed copies (if applicable), disk and file formats (including software versions), and the location where the submission will be posted.
21. System security can be divided into five levels of security requirements, including: physical, network, host, application, data and backup and recovery. “When an attack is detected, record the attack source IP, attack type, attack purpose, and attack time. ", an alarm should be provided when a serious intrusion occurs" is a requirement at the ( ) level.
A.Physics
B.Network
C.Host
D.Application
Answer: B
Analysis: Network Security - Intrusion Prevention: The following attack behaviors should be monitored at the network boundary: port scanning, brute force attacks, Trojan horse attacks, denial of service attacks, buffer overflow attacks, IP fragmentation attacks, network worm attacks, etc. When an attack behavior is detected When recording the attack source IP, attack type, purpose, and time, an alarm should be provided when a serious intrusion event occurs. Information system security has five levels of security requirements: physical, network, host, application, data and backup and recovery.
22. According to the provisions of the "Information Security Level Protection Management Measures", the security protection level of information systems should be based on the importance of the information system in national security, economic construction, and social life. After the information system is destroyed, the impact on national security, The public interests of social order and the degree of danger to the legitimate rights and interests of citizens, legal persons and other organizations are determined by factors such as the degree of danger. The security mark protection level is ( )
A.Second level
B.Third level
C.Level 4
D.Level 5
Answer: B
解析:《计算机信息系统安全保护等级划分准则》中规定了计算机系统安全保护能力的五个等级。
第一级为用户自主保护级,该级适用于普通内联网用户;第二级为系统审计保护级,该级适用于通过内联网或国际网进行商务活动,需要保密的非重要单位;第三级为安全标记保护级,该级适用于地方各级国家机关、金融机构、邮电通信、能源与水源供给部门、交通运输、大型工商与信息技术企业、重点工程建设等单位;第四级为结构化保护级,该级适用于中央级国家机关、广播电视部门、重要物资储备单位、社会应急服务部门、尖端科技企业集团、国家重点科研机构和国防建设等部门;第五级为访问验证保护级,该级适用于国防关键部门和依法需要对计算机信息系统实施特殊隔离的单位。
助记:主审机构访问(自主、审计、标记、结构、访问)。
23、在信息系统安全保护中,信息安全策略控制用户对文件、数据库表等客体的访问属于( )安全管理。
A.安全审计
B.入侵检测
C.访问控制
D.人员行为
答案:C
解析:访问控制可分为自主访问控制和强制访问控制两大类。自主访问控制,是指由用户有权对自身所创建的访问对象(文件、数据表等)进行访问,并可将对这些对象的访问权授予其他用户和从授予权限的用户收回其访问权限。强制访问控制,是指由系统(通过专门设置的系统安全员)对用户所创建的对象进行统一的强制性控制,按照规定的规则决定哪些用户可以对哪些对象进行什么样操作系统类型的访问,即使是创建者用户,在创建一个对象后,也可能无权访问该对象。
24、为了保护网络系统的硬件、软件及其系统中的数据,需要相应的网络安全工具,以下安全工具中( )被比喻为网络安全的大门,用来鉴别什么样的数据包可以进入企业内部网。A.杀毒软件
B.入侵检测系统
C.安全审计系统
D.防火墙
答案:D
解析:“防火墙”,是指一种将内部网和公众访问网(如Internet)分开的方法,它实际上是种隔离技术。防火墙是在两个网络通讯时执行的一种访问控制尺度,它能允许你“同意"的人和数据进入你的网络,同时将你“不同意”的人和数据拒之门外,最大限度地阻止网络中的黑客来访问你的网络。
入侵检测技术(IDS)注重的是网络安全状况的监管,通过监视网络或系统资源,寻找违反安全策略的行为或攻击迹象,并发出报警。因此绝大多数IDS系统都是被动的。做个比喻:防火墙像是小区的保安,在门口拦截一切可疑人等;而入侵检测像是小区里的监控,监控在小区里发生的异常。
25、信息系统的安全威胁分成七类,其中不包括( )。
A.自然事件风险和人为事件风险
B.软件系统风险和软件过程风险
C.项目管理风险和应用风险
D.功能风险和效率风险
答案:D
解析:业务应用信息系统的安全威胁(风险)可以有多种分类方法。
1.从风险的性质划分,可以简单地分为静态风险和动态风险。静态风险是自然力的不规则作用和人们的错误判断和错误行为导致的风险;动态风险是由于人们欲望的变化、生产方式和生产技术的变化以及企业组织的变化导致的风险。
2.从风险的结果划分,可以分为纯粹风险和投机风险。纯粹风险是当风险发生时,仅仅会造成损害的风险;而投机风险是当风险发生时,可能产生利润也可能造成损失的风险。
3.从风险源的角度划分,可以划分为自然事件风险、人为事件风险、软件风险、软件过程风险、项目管理风险、应用风险、用户使用风险等(七个)。
26、访问控制是为了限制访问主体对访问客体的访问权限,从而使计算机系统在合法范围内使用的安全措施,以下关于访问控制的叙述中,( )是不正确的。
A.访问控制包括2个重要的过程:鉴别和授权
B.访问控制机制分为2种:强制访问控制(MAC)和自主访问控制(DAC)
C.RBAC基于角色的访问控制对比 DAC 的先进之处在于用户可以自主的将访问的权限授给其它用户
D.RBAC不是基于多级安全需求的,因为基于 RBAC的系统中主要关心的是保护信息的完整性即“谁可以对什么信息执行何种动作”
答案:C
解析:基于角色的访问控制(RBAC):角色由应用系统的管理员定义,角色成员的增减只能由应用系统的管理员来执行,授权规定是强加给用户的,用户只能被动接受,不能自主决定,也不能自主地将访问权限传给他人。RBAC与DAC的区别是用户不能自主地将访问权限授给别的用户。
27、以下关于WLAN安全机制的叙述中,( )是正确的。
A.WPA是为建立无线网络安全环境提供的第一个安全机制
B.WEP和IPSec协议一样,其目标都是通过加密无线电波来提供安全保护
C.WEP2的初始化向量(IV)空间64位
D.WPA 提供了比WEP 更为安全的无线局域网接入方案
答案:D
解析:答案A是错误的,WEP比WPA还早。答案B的IPSec不是加密无线电波的。答案C新版本的 WEP2将初始化向量IV的空间从24位增加到128位。答案D是正确的,WPA是用来替代WEP的,它比WEP更安全。
WLAN无线网络常用的认证与加密方式:
一、WEP(Wired Equivalent Privacy),有线等效保密(WEP)协议是对在两台设备间无线传输的数据进行加密的方式,用以防止非法用户窃听或侵入无线网络。不过WEP密钥在传递过程中本身容易被截获和破解,因此已被 WPA 取代。
二WPA(Wi-Fi Protected Access),其目前有四种认证方式:WPA、WPA-PSK、WPA2、WPA2-PSK。
1.WPA是用来替代WEP的。WPA继承了WEP的基本原理而又弥补了WEP的缺点:WPA加强了生成加密密钥的算法,因此即便收集到分组信息并对其进行解析,也几乎无法计算出通用密钥;WPA中还增加了防止数据中途被篡改的功能和认证功能。
2.WPA2(WPA第二版)是WPA的增强型版本,与WPA相比,WPA2新增了支持AES的加密方式。
3.WPA-PSK(预先共享密钥Wi-Fi保护访问):适用于个人或普通家庭网络,使用预先共享密钥,密钥设置的密码越长,安全性越高。WPA-PSK只能使用TKIP加密方式。
4.WPA2-PSK适用于个人或普通家庭网络,使用预先共享密钥,支持TKIP和AES两种加密方式。
28、IDS 发现网络接口收到来自特定IP地址的大量无效的非正常生成的数据包,使服务器过于繁忙以至于不能应答请求,IDS会将本次攻击方式定义为( )。
A.拒绝服务攻击
B.地址欺骗攻击
C.会话劫持
D.信号包探测程序攻击
答案:A
解析:IDS入侵检测
1.拒绝服务攻击是阻止或拒绝合法使用者存取网络服务器的一种破坏性攻击方式。广义上讲,任何能够导致用户的服务器不能正常提供服务的攻击都属于拒绝服务攻击,比如:向对方的计算机和路由器等发送不正当的数据使其陷入不能使用。所以本题答案是 A。
2.IP地址欺骗是指行动产生的IP数据包为伪造的源IP地址,以便冒充其他系统或发件人的身份。这是一种黑客的攻击形式,黑客使用一台计算机上网,而借用另外一台机器的IP地址,从而冒充另外一台机器与服务器打交道。
3.会话劫持(Session Hijack),就是结合了嗅探以及欺骗技术在内的攻击手段。例如,在-次正常的会话过程当中,攻击者作为第三方参与到其中,他可以在正常数据包中插入恶意数据也可以在双方的会话当中进行监听,甚至可以是代替某一方主机接管会话。信号包探测程序攻击应该是不存在的。
29. In the information system access control mechanism, ( ) refers to assigning security labels to all subjects and objects to identify their security levels, and then comparing the security levels of the subjects and objects when access control is executed to determine the access The legality of the technology or method.
A. Discretionary access control
B. Mandatory access control
C. Role-based access control
D. Group-based access control
Answer: B
Analysis: Each access control mechanism is described as follows:
1. Mandatory Access Control: The system enforces access control (MAC) independently of user behavior. Users cannot change their security level or the security attributes of objects. Such access control rules usually label data and users according to security levels, and the access control mechanism determines whether to grant or deny users access to resources by comparing security labels. In a mandatory access control system, all subjects (users, processes) and objects (files, data) are assigned security labels, and the security labels identify a security level.
·Principles (users, processes) are assigned a security level.
· Objects (files, data) are also assigned a security level.
When access control is executed, the security levels of the subject and object are compared to determine whether the access is legal.
2. Discretionary access control: The Discretionary Access Control (DAC) mechanism allows the owner of an object to formulate a protection strategy for the object. Usually DAC uses authorization lists (or access control lists) to limit which subjects can perform what operations on which objects. This will allow the strategy to be adjusted very flexibly.
In discretionary access control, users can develop their own protection strategies for protected objects. Each principal has a username and belongs to a group or has a role. Each object has an access control list (ACL) that limits the subject's access rights to it. Each time an access occurs, the user's flag is checked based on the access control list to control their access rights. 3 role access control RBAC (Role-Based Access Control)
In role-based access control, roles are defined by the administrator of the application system. The addition or deletion of role members can only be performed by the administrator of the application system, that is, only the administrator of the application system has the authority to define and assign roles. Moreover, authorization regulations are imposed on users, and users can only passively accept them and cannot make decisions independently. Users cannot voluntarily transfer access rights to others, which is a non-voluntary access control. RBAC is not based on multi-level security requirements, MAC is based on multi-level security requirements.
30. ( ) cannot guarantee the security of the company’s internal network boundaries.
A. Set up a firewall between the company network and the Internet or other interfaces with the outside world
B. When users on networks outside the company want to access the company network, use the authorization system.
C. Company employees are prohibited from using email servers outside the company
D. Users of the company's internal network are prohibited from privately setting up dial-up Internet access.
Answer: C
Analysis: This is a real question for software designers.
Computer network security mainly refers to the corresponding measures that should be taken for computer networks to resist attacks from the outside world. It is the outermost layer of defense for network information security. It is mainly achieved through the use of secure firewall systems, secure proxy servers, secure encryption gateways, etc. Computer network security mainly includes network boundary security and network internal security control and prevention.
The network boundary mainly refers to the exit boundary between the network of the unit (or department) and the external network or the Internet. Its security mainly refers to the control and prevention measures to be taken for access and transmission of data packets through the boundary. The internal network should use a unified Internet exit to strengthen management: a firewall system must be set up at the interface between the computer network and the Internet or other external networks. The firewall must have an encryption function or a secure encryption gateway: network security loopholes must be scanned regularly and the network must be eliminated in a timely manner. Security risks: When authorized users on the Internet or other external networks want to remotely enter through a security firewall or security encryption gateway, they must be equipped with an electronic seal authentication system. Only authorized users who have passed the authentication can enter.
Computer networks generally do not need to set up dial-up access servers and provide modem access. If they do need to be set up, the following measures must be taken: set up access control servers to verify the identities and phone numbers of dial-up Internet users; require dial-up users to use relatively secure passwords , and ensure that the user name and password are not transmitted to anyone else; set up a security firewall between the dial-up access server and the network to control and monitor the remote access process; keep the dial-up Internet phone number strictly confidential. To sum up, ABD is correct. C is incorrect. Prohibiting the use of external email servers has no necessary impact on ensuring the security of the company's internal network.
31. Among the following descriptions about information system operation and maintenance, ( ) is incorrect.
A. Generally speaking, in the process of information system operation and maintenance, a larger proportion of costs or resources will be invested
B. Efficient operation and maintenance cannot be separated from the management platform and requires management and tools and their reasonable cooperation.
C. The operation and maintenance management platform automates and operationalizes operation and maintenance, reducing the technical requirements for operation and maintenance personnel.
D. The purpose of operation and maintenance is to ensure the normal operation of the system, and attention should be paid to the balance between efficiency and customer satisfaction.
Answer: C
Analysis: The C option operation and maintenance management platform automates and operationalizes operation and maintenance, and does not reduce the technical requirements for operation and maintenance personnel.
32. In the construction of information system security, ( ) establish a comprehensive defense system, generally inform users of their responsibilities, network access, service access, local and remote user authentication plug-in and plug-in, and disk access specified by the organization. Data encryption, virus protection measures, employee training, etc., and ensuring that all places that may be attacked must be protected with the same security level. A. Security policy
B. Firewall
C.Safety system
D. System security
Answer: A
Analysis: In the construction of information system security, security policies establish a comprehensive defense system. They generally tell users their responsibilities, network access, service access, local and remote user authentication, dial-in and dial-out, and network access specified by the organization. Disk and data encryption, virus protection measures, and employee training, etc., and ensure that all places that may be attacked must be protected with the same level of security.
33. The technology of collecting and analyzing key node information of a computer system or network to discover whether there are any violations of security policies and signs of attack in the network or system is called ( ).
A. System detection
B. System analysis
C. System audit
D.Intrusion detection
Answer: D
Analysis: Intrusion detection is to monitor the operating status of the network and system through software and hardware in accordance with certain security policies, and try to discover various attack attempts, attack behaviors or attack results and whether there are any violations of security policies, so as to ensure Confidentiality, integrity and availability of network system resources.
34. In the following description of information system audit. The incorrect one is ( ).
A. Information system audit is a core part of the security audit process
B. The purpose of an information system audit is to evaluate and provide feedback, assurance and recommendations
C. Information system auditors must understand the steps and techniques for planning, executing and completing audit work, and try to comply with the generally recognized information system auditing standards, control objectives and other laws and regulations of the International Information Systems Upgrade and Control Association.
D. The purpose of an information system audit may be to collect and evaluate evidence to determine whether a computer system (information system) is effectively protecting assets, maintaining data integrity, and accomplishing organizational goals.
Answer: A
Analysis: Security audit is one of the basic services of information system audit. Answer A is incorrect.
35. Security Audit is a systematic method to evaluate the security of a company's information system by testing its compliance with a set of determined standards. The main functions of security audit do not include ( ).
A. Serve as a deterrent or warning to potential attackers
B. Provide effective investigation evidence for system damage that has occurred
c. Help system administrators discover intrusions or potential vulnerabilities by providing logs
D. Help system administrators discover performance defects or deficiencies through performance testing Answer: D
Analysis: A security audit system mainly has the following functions:
Act as a deterrent or warning to potential attackers. A is correct.
Provide effective investigation evidence for system damage that has occurred. B is correct.
Provide system security administrators with valuable system usage logs, thereby helping system security administrators discover system intrusions or potential system vulnerabilities in a timely manner. C is correct.
Provide system operation statistical logs for system security administrators, allowing system security administrators to discover deficiencies in system performance or areas that need improvement and enhancement. Excludes D.
36. According to the network hierarchical design model, network design is usually divided into three layers, namely core layer, aggregation layer and access layer. ( ) in the following statement is incorrect.
A. The core layer is responsible for the access control list checking function
B. The aggregation layer implements network access policy control
C. The workgroup server is placed at the access layer
D. Hubs can be used instead of switches at the access layer.
Answer: A
Analysis: Network design hierarchical model: core layer, aggregation layer, access layer. Core layer: Provides optimal regional transmission and forwards packets as quickly as possible. Provide optimized, reliable data transmission capabilities. Aggregation layer: Provides policy-based connections, and defines network boundaries and access policies for traffic entering the core layer through access control lists or other filtering mechanisms. Access layer: Provides user access to the network for multi-service applications and other network applications, is responsible for access to user equipment, and prevents illegal users from entering the network.
37. Among the following descriptions about network protocols, ( ) is correct.
A. The earliest protocol used by the Internet is the OSI seven-layer architecture.
B.NETBEUI is a routing protocol developed by IBM
C. In the TCP/IP protocol layered structure, FTP is an application layer protocol running on top of TCP.
D.TCP protocol provides a connectionless but reliable datagram transmission channel
Answer: C
Analysis: The ARPAnet, developed under the auspices of the U.S. Defense Advanced Research Projects Agency (ARPA), was officially launched in 1969. ARPAnet is the origin of the Internet. The OSI seven-layer architecture is a network interconnection model studied by ISO (International Organization for Standardization) in 1985. So A is wrong.
NETBEUI is a non-routing protocol developed for IBM. B is wrong.
FTP is an application layer protocol running on top of TCP. C is correct.
TCP (Transmission Control Protocol) is a connection-oriented, reliable, byte stream-based transport layer communication protocol. D is also wrong.
38. There are 60 information points on a certain floor. The farthest distance of the information points is 65 meters and the shortest distance is 35 meters. The wiring project requires about ( ) meters of cables. (The planned length of wiring to cables is 1.1 times the actual usage)
A.4290
B.2310
C.3300
D.6600
Answer: C
Analysis: Calculation formula for average cable length, complete formula, planned usage: c=[0.55*(maximum length+minimum length)+6]*number of information points=61*60=3660. Then the actual approximate dosage =3660/1.1=3327, which is approximately equal to 3300, answer C.
39. Although different operating systems may be equipped with different browsers. But these browsers all comply with the () protocol.
A.SNMP
B.HTTP
C.HTML
D.SMTP
Answer: B
Analysis: HTTP (Hypertext Transfer Protocol) is the Hypertext Transfer Protocol, which is a transmission protocol used to transfer hypertext from the www server to the local browser. It is an application layer communication protocol between the client browser or other program and the Web server. It is the most widely used network protocol on the Internet. All WWW files must comply with this standard. It can make the browser more efficient and reduce network transmission. It not only ensures that the computer transmits hypertext documents correctly and quickly, but also determines which part of the document is transmitted and which part of the content is displayed first (such as text before graphics), etc. Note the difference between HTTP and HTM. HTML is Hyper Text Markup Language (English: Hyper Text Markup Language HTML). It is a markup language designed for "the creation of web pages and other information that can be seen in a web browser." HTML is used to structure information, such as titles, paragraphs, lists, etc., and can also be used to describe the appearance and semantics of a document to a certain extent. It's not an agreement.
40. In local area networks, broadcast messages are often used to obtain the MAC address corresponding to the access target IP address. The protocol that implements this function is ( ).
A.RARP protocol
B.SMTP protocol
C.SLIP protocol
D.ARP protocol
Answer: D
Analysis: 1. RARP Reverse Address Resolution Protocol (Reverse Address Resolution Protocol) determines the IP address through the MAC address, allowing the physical machine on the LAN to request its IP address from the gateway server's ARP table or cache.
2. SMTP (Simple Mail Transfer Protocol) is a simple mail transfer protocol. It is a set of rules for transmitting mail from a source address to a destination address. It controls the transfer method of letters. The SMTP protocol belongs to the TCP/IP protocol suite, which helps each computer find the next destination when sending or relaying letters.
3. SLIP (Serial Line Internet Protocol), this protocol is an old industry standard for Windows remote access. It is mainly used in Unix remote access servers and is still used to connect to some ISPs today. Because the SLIP protocol is oriented to low-speed serial lines, it can be used for dedicated lines or dial-up lines.
4. ARP (Address Resolution Protocol) is a TCP/IP protocol that obtains physical addresses based on IP addresses. So the answer to this question is D.
41. Internet hosts are stored on the domain name server ( ).
A.MAC address and host name
B.IP address and domain name
C.IP address and access path
D.IP address, domain name and MAC address
Answer: B
Parsing: The software that translates domain names into IP addresses is called the domain name system, or DNS, so the domain name server DNS saves a table of domain names (domain names) and corresponding IP addresses (IP addresses) to parse the message. domain name.
42. Xiao Li, who works in Building 1, hopes to access the server placed in Building 2 through remote login on the local computer. For this purpose, the ( ) protocol in the TCP/IP protocol suite will be used.
A. Telnet
B.FTP
C.HTTP
D.SMTP
Answer: A
Analysis: The Telnet protocol is a member of the TCP/IP protocol family and is the standard protocol and main method for Internet remote login services.
43. The TCP/IP reference model is divided into four layers: ( ), network layer, transport layer, and application layer.
A.Physical layer
B. Traffic control layer
C. Session layer
D. Network interface layer
Answer: D
Analysis: TCP/IP (also known as TCP/IP protocol suite) is a set of communication protocols used to realize network interconnection. Its name comes from two important protocols in the protocol suite (IP protocol and TCP protocol). The reference model based on TCP/IP divides the protocol into four layers, which are the network interface layer, the Internet interconnection layer (IP layer), the transport layer (TCP layer) and the application layer.
44. In the design process of the computer room project, the designed computer room project needs to have the ability to support multiple network transmissions and multiple physical interfaces, and the ( ) principle is considered.
A. Practicality and advancement
B.Safety and reliability
C. Flexibility and scalability
D.Standardization
Answer: C
Analysis: The design supports multiple network transmissions and multiple physical interfaces, focusing on flexibility, especially scalability. Computer room engineering design principles:
1. Practicality and advancement. Use advanced and mature technology and equipment to meet current business needs and take into account future business needs. Use advanced technology, equipment and materials as much as possible to meet the needs of high-speed data transmission, so that the entire system can maintain technological advancement for a period of time and have good development potential to adapt to future business development and technology upgrade needs. .
2. Safety and reliability. In order to ensure various business applications, the network must have high reliability and must not have a single point of failure. It is necessary to carry out high-reliability design and construction in all aspects such as computer room layout, structural design, equipment selection, and daily maintenance. On the basis of using reliability technologies such as hardware backup and redundancy for key equipment, relevant software technologies are used to provide a strong management mechanism,
Control means and technical measures such as accident monitoring and security confidentiality are used to improve the safety and reliability of the computer room.
3. Flexibility and scalability. The computer room must have good flexibility and scalability, and be able to expand equipment capacity and increase the number of users it can accommodate according to the needs of continuous business development. Ability to support multiple network transmissions and multiple physical interfaces
capabilities, providing flexibility for technology upgrades and equipment updates.
4. Standardization. The overall design of the computer room system is based on international standards and relevant standards promulgated by the country, including various building and computer room design standards, power and electrical security standards, and computer LAN and wide area network standards, and adheres to unified specifications to provide additional resources for future business development and design. Lay the foundation.
5. Economical and investment protection. The computer room should be built with a high performance-price ratio to maximize the output and investment ratio of funds. It can maintain system operation with lower costs and less personnel investment, providing high performance and benefits. Rhinoceros may retain and
Extend investments in existing systems and make full use of past investments in capital and technology.
6. Manageability. The computer room has a certain degree of complexity. As the business continues to develop, management tasks will inevitably become increasingly arduous. Therefore, in the design of the computer center, a comprehensive and complete computer room management and monitoring system must be established. The equipment selected should have intelligent and manageable functions. At the same time, advanced management and monitoring system equipment and software should be used to achieve advanced centralized management and monitoring, real-time monitoring and monitoring of the operating status of the entire computer room, real-time lights, voice alarms, real-time Event recording can quickly determine faults, improve operating performance and reliability, and simplify the maintenance work of computer room managers, thereby providing the most powerful guarantee for the safe and reliable operation of the computer room.
45. "Using advanced and mature technologies and equipment to meet current business needs and taking into account future business needs" reflects the "( )" computer room engineering design principle.
A. Practicality and advancement
B. Flexibility and scalability
C. Economics/Investment Protection
D.Manageability
Answer: A
Analysis: Computer room engineering design principles: 1. Practicality and advancement. Use advanced and mature technology and equipment to meet current business needs and take into account future business needs. Use advanced technology, equipment and materials as much as possible to meet the needs of high-speed data transmission, so that the entire system can maintain technological advancement for a period of time and have good development potential to adapt to future business development and technology upgrade needs. . 2. Safety and reliability. In order to ensure various business applications, the network must have high reliability and must not have a single point of failure. It is necessary to carry out high-reliability design and construction in all aspects such as computer room layout, structural design, equipment selection, and daily maintenance. On the basis of using reliability technologies such as hardware backup and redundancy for key equipment, relevant software technologies are used to provide strong management mechanisms, control means, accident monitoring and security confidentiality and other technical measures to improve the safety and reliability of the computer room. 3. Flexibility and scalability. The computer room must have good flexibility and scalability, and be able to expand equipment capacity and increase the number of users it can accommodate according to the needs of continuous business development. It has the ability to support multiple network transmissions and multiple physical interfaces, and provides flexibility for technology upgrades and equipment updates: 4. Standardization. The overall design of the computer room system is based on international standards and relevant standards promulgated by the country, including various building and computer room design standards, power and electrical guarantee standards, and computer LAN and wide area network standards. We adhere to unified specifications to increase future business development and equipment capacity. Lay the foundation.
5. Economical and investment protection. The computer room should be built with a high performance-price ratio to maximize the output and investment ratio of funds. It can maintain system operation with lower costs and less personnel investment, providing high performance and benefits. Retain and extend investments in existing systems as much as possible, and make full use of past investments in capital and technology. 6. Manageability. The computer room has a certain degree of complexity. As the business continues to develop, management tasks will inevitably become increasingly arduous. Therefore, in the design of the computer center, a comprehensive and complete computer room management and monitoring system must be established. The equipment selected should have intelligent and manageable functions. At the same time, advanced management and monitoring system equipment and software should be used to achieve advanced centralized management and monitoring, real-time monitoring and monitoring of the operating status of the entire computer room, real-time lights, voice alarms, real-time Event recording can quickly determine faults, improve operating performance and reliability, and simplify the maintenance work of computer room managers, thereby providing the most powerful guarantee for the safe and reliable operation of the computer room.