« 返回题库列表CISSP英文考试试题及答案解析|最新认证题库+学习资料
问题 #1
Which of the following is the MOST secure form of triple-DES encryption?
A. DES-EDE3
B. DES-EDE1
C. DES-EEE4
D. DES-EDE2
问题 #2
Which of the following is NOT a known type of Message Authentication Code (MAC)?
A. Keyed-hash message authentication code (HMAC)
B. DES-CBC
C. Signature-based MAC (SMAC)
D. Universal Hashing Based MAC (UMAC)
问题 #3
What is the maximum key size for the RC5 algorithm?
A. 128 bits
B. 256 bits
C. 1024 bits
D. 2040 bits
问题 #4
Which of the following algorithms is a stream cipher?
问题 #5
In an SSL session between a client and a server, who is responsible for generating the master secret that will be used as a seed to generate the symmetric keys that will be used during the session?
A. Both client and server
B. The client's browser
C. The web server
D. The merchant's Certificate Server
问题 #6
Which of the following was NOT designed to be a proprietary encryption algorithm?
A. RC2
B. RC4
C. Blowfish
D. Skipjack
问题 #7
Which of the following is NOT an encryption algorithm?
A. Skipjack
B. SHA-1
C. Twofish
D. DEA
问题 #8
What key size is used by the Clipper Chip?
A. 40 bits
B. 56 bits
C. 64 bits
D. 80 bits
问题 #9
Which of the following would BEST describe a Concealment cipher?
A. Permutation is used, meaning that letters are scrambled.
B. Every X number of words within a text, is a part of the real message.
C. Replaces bits, characters, or blocks of characters with different bits, characters or blocks.
D. Hiding data in another message so that the very existence of the data is concealed.
问题 #10
Which of the following is BEST provided by symmetric cryptography?
A. Confidentiality
B. Integrity
C. Availability
D. Non-repudiation
问题 #11
While using IPsec, the ESP and AH protocols both provide integrity services. However, when using AH, some special attention needs to be paid if one of the peers uses NAT for address translation service. Which of the items below would affects the use of AH
A. Key session exchange
B. Packet Header Source or Destination address
C. VPN cryptographic key size
D. Cryptographic algorithm used
问题 #12
Which of the following protocols offers native encryption?
A. IPSEC, SSH, PPTP, SSL, MPLS, L2F, and L2TP
B. IPSEC, SSH, SSL, TFTP
C. IPSEC, SSH, SSL, TLS
D. IPSEC, SSH, PPTP, SSL, MPLS, and L2TP
问题 #13
Which of the following is NOT a disadvantage of symmetric cryptography when compared with asymmetric ciphers?
A. Provides Limited security services
B. Has no built in Key distribution
C. Speed
D. Large number of keys are needed
问题 #14
Which of the following is more suitable for a hardware implementation?
A. Stream ciphers
B. Block ciphers
C. Cipher block chaining
D. Electronic code book
问题 #15
How many rounds are used by DES?
问题 #16
What is the key size of the International Data Encryption Algorithm (IDEA)?
A. 64 bits
B. 128 bits
C. 160 bits
D. 192 bits
问题 #17
Which of the following is NOT an example of a block cipher?
A. Skipjack
B. IDEA
C. Blowfish
D. RC4
问题 #18
The Diffie-Hellman algorithm is used for:
A. Encryption
B. Digital signature
C. Key agreement
D. Non-repudiation
问题 #19
A one-way hash provides which of the following?
A. Confidentiality
B. Availability
C. Integrity
D. Authentication
问题 #20
Which of the following is not a one-way hashing algorithm?
A. MD2
B. RC4
C. SHA-1
D. HAVAL
问题 #21
Which of the following statements pertaining to key management is NOT true?
A. The more a key is used, the shorter its lifetime should be.
B. When not using the full keyspace, the key should be extremely random.
C. Keys should be backed up or escrowed in case of emergencies.
D. A key's lifetime should correspond with the sensitivity of the data it is protecting.
问题 #22
Which of the following statements pertaining to link encryption is FALSE?
A. It encrypts all the data along a specific communication path.
B. It provides protection against packet sniffers and eavesdroppers.
C. Information stays encrypted from one end of its journey to the other.
D. User information, header, trailers, addresses and routing data that are part of the packets are encrypted.
问题 #23
Which key agreement scheme uses implicit signatures?
问题 #24
Cryptography does NOT concern itself with which of the following choices?
A. Availability
B. Integrity
C. Confidentiality
D. Validation
问题 #25
Which of the following does NOT concern itself with key management?
A. Internet Security Association Key Management Protocol (ISAKMP)
B. Diffie-Hellman (DH)
C. Cryptology (CRYPTO)
D. Key Exchange Algorithm (KEA)
问题 #26
Which of the following encryption algorithms does NOT deal with discrete logarithms?
A. El Gamal
B. Diffie-Hellman
C. RSA
D. Elliptic Curve
问题 #27
Which of the following statements pertaining to message digests is NOT true?
A. The original file cannot be created from the message digest.
B. Two different files should not have the same message digest.
C. The message digest should be calculated using at least 128 bytes of the file.
D. Message digests are usually of fixed size.
问题 #28
Which type of attack is based on the probability of two different messages using the same hash function producing a common message digest?
A. Differential cryptanalysis
B. Differential linear cryptanalysis
C. Birthday attack
D. Statistical attack
问题 #29
Which of the following elements is NOT included in a Public Key Infrastructure (PKI)?
A. Timestamping
B. Repository
C. Certificate revocation
D. Internet Key Exchange (IKE)
问题 #30
Which of the following was developed in order to protect against fraud in electronic fund transfers (EFT) by ensuring the message comes from its claimed originator and that it has not been altered in transmission?
A. Secure Electronic Transaction (SET)
B. Message Authentication Code (MAC)
C. Cyclic Redundancy Check (CRC)
D. Secure Hash Standard (SHS)
问题 #31
Which of the following statements pertaining to Secure Sockets Layer (SSL) is FALSE?
A. The SSL protocol was developed by Netscape to secure Internet client-server transactions.
B. The SSL protocol's primary use is to authenticate the client to the server using public key cryptography and digital certificates.
C. Web pages using the SSL protocol start with HTTPS
D. SSL can be used with applications such as Telnet, FTP and email protocols.
问题 #32
What is the name of the protocol use to set up and manage Security Associations (SA) for IP Security (IPSec)?
A. Internet Key Exchange (IKE)
B. Secure Key Exchange Mechanism
C. Oakley
D. Internet Security Association and Key Management Protocol
问题 #33
Which of the following binds a subject name to a public key value?
A. A public-key certificate
B. A public key infrastructure
C. A secret key infrastructure
D. A private key certificate
问题 #34
What can be defined as a digital certificate that binds a set of descriptive data items, other than a public key, either directly to a subject name or to the identifier of another certificate that is a public-key certificate?
A. A public-key certificate
B. An attribute certificate
C. A digital certificate
D. A descriptive certificate
问题 #35
What can be defined as a data structure that enumerates digital certificates that were issued to CAs but have been invalidated by their issuer prior to when they were scheduled to expire?
A. Certificate revocation list
B. Certificate revocation tree
C. Authority revocation list
D. Untrusted certificate list
问题 #36
Who vouches for the binding between the data items in a digital certificate?
A. Registration authority
B. Certification authority
C. Issuing authority
D. Vouching authority
问题 #37
What enables users to validate each other's certificate when they are certified under different certification hierarchies?
A. Cross-certification
B. Multiple certificates
C. Redundant certification authorities
D. Root certification authorities
问题 #38
Which of the following would best define a digital envelope?
A. A message that is encrypted and signed with a digital certificate.
B. A message that is signed with a secret key and encrypted with the sender's private key.
C. A message encrypted with a secret key attached with the message. The secret key is encrypted with the public key of the receiver.
D. A message that is encrypted with the recipient's public key and signed with the sender's private key.
问题 #39
What can be defined as a value computed with a cryptographic algorithm and appended to a data object in such a way that any recipient of the data can use the signature to verify the data's origin and integrity?
A. A digital envelope
B. A cryptographic hash
C. A Message Authentication Code
D. A digital signature
问题 #40
The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection states that critical areas should be illuminated up to?
A. Illuminated at nine feet high with at least three foot-candles
B. Illuminated at eight feet high with at least three foot-candles
C. Illuminated at eight feet high with at least two foot-candles
D. Illuminated at nine feet high with at least two foot-candles
问题 #41
Which of the following is an Internet IPsec protocol to negotiate, establish, modify, and delete security associations, and to exchange key generation and authentication data, independent of the details of any specific key generation technique, key establ
A. OAKLEY
B. Internet Security Association and Key Management Protocol (ISAKMP)
C. Simple Key-management for Internet Protocols (SKIP)
D. IPsec Key exchange (IKE)
问题 #42
Which of the following is defined as a key establishment protocol based on the Diffie-Hellman algorithm proposed for IPsec but superseded by IKE?
A. Diffie-Hellman Key Exchange Protocol
B. Internet Security Association and Key Management Protocol (ISAKMP)
C. Simple Key-management for Internet Protocols (SKIP)
D. OAKLEY
问题 #43
Which of the following is defined as an Internet, IPsec, key-establishment protocol, partly based on OAKLEY, that is intended for putting in place authenticated keying material for use with ISAKMP and for other security associations?
A. Internet Key exchange (IKE)
B. Security Association Authentication Protocol (SAAP)
C. Simple Key-management for Internet Protocols (SKIP)
D. Key Exchange Algorithm (KEA)
问题 #44
Which of the following can best be defined as a key distribution protocol that uses hybrid encryption to convey session keys? This protocol establishes a long-term key once, and then requires no prior communication in order to establish or exchange keys o
A. Internet Security Association and Key Management Protocol (ISAKMP)
B. Simple Key-management for Internet Protocols (SKIP)
C. Diffie-Hellman Key Distribution Protocol
D. IPsec Key exchange (IKE)
问题 #45
Which of the following can best be defined as a key recovery technique for storing knowledge of a cryptographic key by encrypting it with another key and ensuring that only certain third parties can perform the decryption operation to retrieve the stored
A. Key escrow
B. Fair cryptography
C. Key encapsulation
D. Zero-knowledge recovery
问题 #46
Which of the following can best be defined as a cryptanalysis technique in which the analyst tries to determine the key from knowledge of some plaintext-ciphertext pairs?
A. A known-plaintext attack
B. A known-algorithm attack
C. A chosen-ciphertext attack
D. A chosen-plaintext attack
问题 #47
Which of the following is NOT a property of a one-way hash function?
A. It converts a message of a fixed length into a message digest of arbitrary length.
B. It is computationally infeasible to construct two different messages with the same digest.
C. It converts a message of arbitrary length into a message digest of a fixed length.
D. Given a digest value, it is computationally infeasible to find the corresponding message.
问题 #48
The Data Encryption Algorithm performs how many rounds of substitution and permutation?
问题 #49
Which of the following statements is MOST accurate regarding a digital signature?
A. It is a method used to encrypt confidential dat
A.
B. It is the art of transferring handwritten signature to electronic medi
A.
C. It allows the recipient of data to prove the source and integrity of dat
A.
D. It can be used as a signature system and a cryptosystem.
问题 #50
The computations involved in selecting keys and in enciphering data are complex, and are not practical for manual use. However, using mathematical properties of modular arithmetic and a method known as "_________________," RSA is quite feasible for comput
A. computing in Galois fields
B. computing in Gladden fields
C. computing in Gallipoli fields
D. computing in Galbraith fields
问题 #51
Which of the following concerning the Rijndael block cipher algorithm is NOT true?
A. The design of Rijndael was strongly influenced by the design of the block cipher Square.
B. A total of 25 combinations of key length and block length are possible
C. Both block size and key length can be extended to multiples of 64 bits.
D. The cipher has a variable block length and key length.
问题 #52
This type of attack is generally most applicable to public-key cryptosystems, what type of attack am I?
A. Chosen-Ciphertext attack
B. Ciphertext-only attack
C. Plaintext Only Attack
D. Adaptive-Chosen-Plaintext attack
问题 #53
What is NOT true about a one-way hashing function?
A. It provides authentication of the message
B. A hash cannot be reverse to get the message used to create the hash
C. The results of a one-way hash is a message digest
D. It provides integrity of the message
问题 #54
You've decided to authenticate the source who initiated a particular transfer while ensuring integrity of the data being transferred. You can do this by:
A. having the sender encrypt the message with his private key.
B. having the sender encrypt the hash with his private key.
C. having the sender encrypt the message with his symmetric key.
D. having the sender encrypt the hash with his public key.
问题 #55
Which of the following type of lock uses a numeric keypad or dial to gain entry?
A. Bolting door locks
B. Cipher lock
C. Electronic door lock
D. Biometric door lock
问题 #56
In a dry pipe system, there is no water standing in the pipe - it is being held back by what type of valve?
A. Relief valve
B. Emergency valve
C. Release valve
D. Clapper valve
问题 #57
The most prevalent cause of computer center fires is which of the following?
A. AC equipment
B. Electrical distribution systems
C. Heating systems
D. Natural causes
问题 #58
Under what conditions would the use of a Class C fire extinguisher be preferable to a Class A extinguisher?
A. When the fire involves paper products
B. When the fire is caused by flammable products
C. When the fire involves electrical equipment
D. When the fire is in an enclosed area
问题 #59
Examples of types of physical access controls include all EXCEPT which of the following?
A. badges
B. locks
C. guards
D. passwords
问题 #60
Which of the following statements pertaining to fire suppression systems is TRUE?
A. Halon is today the most common choice as far as agents are concerned because it is highly effective in the way that it interferes with the chemical reaction of the elements within a fire.
B. Gas masks provide an effective protection against use of CO2 systems. They are recommended for the protection of the employees within data centers.
C. CO2 systems are NOT effective because they suppress the oxygen supply required to sustain the fire.
D. Water Based extinguishers are NOT an effective fire suppression method for class C (electrical) fires.
问题 #61
How should a doorway of a manned facility with automatic locks be configured?
A. It should be configured to be fail-secure.
B. It should be configured to be fail-safe.
C. It should have a door delay cipher lock.
D. It should not allow piggybacking.
问题 #62
Which of the following is a proximity identification device that does not require action by the user and works by responding with an access code to signals transmitted by a reader?
A. A passive system sensing device
B. A transponder
C. A card swipe
D. A magnetic card
问题 #63
According to ISC2, what should be the fire rating for the internal walls of an information processing facility?
A. All walls must have a one-hour minimum fire rating.
B. All internal walls must have a one-hour minimum fire rating, except for walls to adjacent rooms where records such as paper and media are stored, which should have a two-hour minimum fire rating.
C. All walls must have a two-hour minimum fire rating.
D. All walls must have a two-hour minimum fire rating, except for walls to adjacent rooms where records such as paper and media are stored, which should have a three-hour minimum fire rating.
问题 #64
Which of the following statements pertaining to air conditioning for an information processing facility is TRUE?
A. The AC units must be controllable from outside the are
A.
B. The AC units must keep negative pressure in the room so that smoke and other gases are forced out of the room.
C. The AC units must be on the same power source as the equipment in the room to allow for easier shutdown.
D. The AC units must be dedicated to the information processing facility.
问题 #65
Which of the following statements pertaining to secure information processing facilities is NOT true?
A. Walls should have an acceptable fire rating.
B. Windows should be protected with bars.
C. Doors must resist forcible entry.
D. Location and type of fire suppression systems should be known.
问题 #66
What is a common problem when using vibration detection devices for perimeter control?
A. They are vulnerable to non-adversarial disturbances.
B. They can be defeated by electronic means.
C. Signal amplitude is affected by weather conditions.
D. They must be buried below the frost line.
问题 #67
Under what conditions would the use of a "Class C" hand-held fire extinguisher be preferable to the use of a "Class A" hand-held fire extinguisher?
A. When the fire is in its incipient stage.
B. When the fire involves electrical equipment.
C. When the fire is located in an enclosed are
A.
D. When the fire is caused by flammable products.
问题 #68
To be in compliance with the Montreal Protocol, which of the following options can be taken to refill a Halon flooding system in the event that Halon is fully discharged in the computer room?
A. Order an immediate refill with Halon 1201 from the manufacturer.
B. Contact a Halon recycling bank to make arrangements for a refill.
C. Order a Non-Hydrochlorofluorocarbon compound from the manufacturer.
D. Order an immediate refill with Halon 1301 from the manufacturer.
问题 #69
Within Crime prevention through Environmental Design (CPTED) the concept of territoriality is BEST described as:
A. ownership.
B. protecting specific areas with different measures.
C. localized emissions.
D. compromise of the perimeter.
问题 #70
In the physical security context, a security door equipped with an electronic lock configured to ignore the unlock signals sent from the building emergency access control system in the event of an issue (fire, intrusion, power failure) would be in which o
A. Fail Soft
B. Fail Open
C. Fail Safe
D. Fail Secure
问题 #71
An employee ensures all cables are shielded, builds concrete walls that extend from the true floor to the true ceiling and installs a white noise generator. What attack is the employee trying to protect against?
A. Emanation Attacks
B. Social Engineering
C. Object reuse
D. Wiretapping
问题 #72
Electrical systems are the lifeblood of computer operations. The continued supply of clean, steady power is required to maintain the proper personnel environment as well as to sustain data operations. Which of the following is not an element that can thre
A. Transient Noise
B. Faulty Ground
C. Brownouts
D. UPS
问题 #73
The ideal operating humidity range is defined as 40 percent to 60 percent. High humidity (greater than 60 percent) can produce what type of problem on computer parts?
A. Static electricity
B. Corrosion
C. Energy-plating
D. Element-plating
问题 #74
Which of the following provides coordinated procedures for minimizing loss of life, injury, and property damage in response to a physical threat?
A. Business continuity plan
B. Incident response plan
C. Disaster recovery plan
D. Occupant emergency plan
问题 #75
The main risks that physical security components combat are all of the following EXCEPT:
A. SYN flood
B. Physical damage
C. Theft
D. Tailgating
问题 #76
A momentary power outage is a:
A. spike
B. blackout
C. surge
D. fault
问题 #77
A momentary high voltage is a:
A. spike
B. blackout
C. surge
D. fault
问题 #78
What can be defined as a momentary low voltage?
A. spike
B. blackout
C. sag
D. fault
问题 #79
A prolonged high voltage is a:
A. spike
B. blackout
C. surge
D. fault
问题 #80
A prolonged complete loss of electric power is a:
A. brownout
B. blackout
C. surge
D. fault
问题 #81
A prolonged electrical power supply that is below normal voltage is a:
A. brownout
B. blackout
C. surge
D. fault
问题 #82
While referring to physical security, what does positive pressurization means?
A. The pressure inside your sprinkler system is greater than zero.
B. The air goes out of a room when a door is opened and outside air does not go into the room.
C. Causes the sprinkler system to go off.
D. A series of measures that increase pressure on employees in order to make them more productive.
问题 #83
How many bits compose an IPv6 address?
A. 32 bits
B. 64 bits
C. 96 bits
D. 128 bits
问题 #84
What protocol is used on the Local Area Network (LAN) to obtain an IP address from its known MAC address?
A. Reverse address resolution protocol (RARP)
B. Address resolution protocol (ARP)
C. Data link layer
D. Network address translation (NAT)
问题 #85
Which of the following security-focused protocols has confidentiality services operating at a layer different from the others?
A. Secure HTTP (S-HTTP)
B. FTP Secure (FTPS)
C. Secure socket layer (SSL)
D. Sequenced Packet Exchange (SPX)
问题 #86
Packet Filtering Firewalls can also enable access for:
A. only authorized application port or service numbers.
B. only unauthorized application port or service numbers.
C. only authorized application port or ex-service numbers.
D. only authorized application port or service integers.
问题 #87
Which of the following is NOT a VPN communications protocol standard?
A. Point-to-point tunneling protocol (PPTP)
B. Challenge Handshake Authentication Protocol (CHAP)
C. Layer 2 tunneling protocol (L2TP)
D. IP Security
问题 #88
What layer of the OSI/ISO model does Point-to-point tunneling protocol (PPTP) work at?
A. Data link layer
B. Transport layer
C. Session layer
D. Network layer
问题 #89
Which of the following statements pertaining to VPN protocol standards is false?
A. L2TP is a combination of PPTP and L2F.
B. L2TP and PPTP were designed for single point-to-point client to server communication.
C. L2TP operates at the network layer.
D. PPTP uses native PPP authentication and encryption services.
问题 #90
Which IPSec operational mode encrypts the entire data packet (including header and data) into an IPSec packet?
A. Authentication mode
B. Tunnel mode
C. Transport mode
D. Safe mode
问题 #91
Which of the following category of UTP cables is specified to be able to handle gigabit Ethernet (1 Gbps) according to the EIA/TIA-568-B standards?
A. Category 5e UTP
B. Category 2 UTP
C. Category 3 UTP
D. Category 1e UTP
问题 #92
In which LAN transmission method is a source packet copied and sent to specific multiple destinations but not ALL of the destinations on the network?
A. Overcast
B. Unicast
C. Multicast
D. Broadcast
问题 #93
Which of the following can prevent hijacking of a web session?
问题 #94
What is defined as the rules for communicating between computers on a Local Area Network (LAN)?
A. LAN Media Access methods
B. LAN topologies
C. LAN transmission methods
D. Contention Access Control
问题 #95
Which of the following is a LAN transmission method?
A. Broadcast
B. Carrier-sense multiple access with collision detection (CSMA/CD)
C. Token ring
D. Fiber Distributed Data Interface (FDDI)
问题 #96
In what LAN topology do all the transmissions of the network travel the full length of cable and are received by all other stations?
A. Bus topology
B. Ring topology
C. Star topology
D. FDDI topology
问题 #97
Which of the following IEEE standards defines the token ring media access method?
A. 802.3
B. 802.11
C. 802.5
D. 802.2
问题 #98
Which of the following LAN devices only operates at the physical layer of the OSI/ISO model?
A. Switch
B. Bridge
C. Hub
D. Router
问题 #99
Which of the following technologies has been developed to support TCP/IP networking over low-speed serial interfaces?
A. ISDN
B. SLIP
C. xDSL
D. T1
问题 #100
Which xDSL flavor, appropriate for home or small offices, delivers more bandwidth downstream than upstream and over longer distance?
A. VDSL
B. SDSL
C. ADSL
D. HDSL
闽公网安备 35012102500533号
|
闽ICP备18010967号-7