« 返回题库列表CISSP信息系统安全专家考试真题及答案|2026最新题库PDF下载+高频考点解析
问题 #1
Another name for a VPN is a:
A. tunnel
B. one-time password
C. pipeline
D. bypass
问题 #2
What is the framing specification used for transmitting digital signals at 1.544 Mbps on a T1 facility?
A. DS-0
B. DS-1
C. DS-2
D. DS-3
问题 #3
Which of the following is the BIGGEST concern with firewall security?
A. Internal hackers
B. Complex configuration rules leading to misconfiguration
C. Buffer overflows
D. Distributed denial of service (DDoS) attacks
问题 #4
Which of the following is the SIMPLEST type of firewall?
A. Stateful packet filtering firewall
B. Packet filtering firewall
C. Dual-homed host firewall
D. Application gateway
问题 #5
Which of the following devices enables more than one signal to be sent out simultaneously over one physical circuit?
A. Router
B. Multiplexer
C. Channel service unit/Data service unit (CSU/DSU)
D. Wan switch
问题 #6
Which of the following is NOT an advantage that TACACS+ has over TACACS?
A. Event logging
B. Use of two-factor password authentication
C. User has the ability to change his password
D. Ability for security tokens to be resynchronized
问题 #7
Which of the following remote access authentication systems is the MOST robust?
A. TACACS+
B. RADIUS
C. PAP
D. TACACS
问题 #8
Layer 2 of the OSI model has two sublayers. What are those sublayers, and what are two IEEE standards that describe technologies at that layer?
A. LLC and MAC; IEEE 802.2 and 802.3
B. LLC and MAC; IEEE 802.1 and 802.3
C. Network and MAC; IEEE 802.1 and 802.3
D. LLC and MAC; IEEE 802.2 and 802.3
问题 #9
Which of the following protects Kerberos against replay attacks?
A. Tokens
B. Passwords
C. Cryptography
D. Time stamps
问题 #10
Which of the following offers security to wireless communications?
A. S-WAP
B. WTLS
C. WSP
D. WDP
问题 #11
Which of the following is a Wide Area Network that was originally funded by the Department of Defense, which uses TCP/IP for data interchange?
A. The Internet.
B. The Intranet.
C. The extranet.
D. The Ethernet.
问题 #12
An intranet is an Internet-like logical network that uses:
A. a firm's internal, physical network infrastructure.
B. a firm's external, physical network infrastructure.
C. a firm's external, physical netBIOS infrastructure.
D. a firm's internal, physical netBIOS infrastructure.
问题 #13
An intranet provides more security and control than which of the following:
A. private posting on the Internet.
B. public posting on the Ethernet.
C. public posting on the Internet.
D. public posting on the Extranet.
问题 #14
Which of the following Common Data Network Services is used to share data files and subdirectories on file servers?
A. File services.
B. Mail services.
C. Print services.
D. Client/Server services.
问题 #15
Which of the following Common Data Network Services is used to send and receive email internally or externally through an email gateway device?
A. File services.
B. Mail services.
C. Print services.
D. Client/Server services.
问题 #16
Asynchronous Communication transfers data by sending:
A. bits of data sequentially
B. bits of data sequentially in irregular timing patterns
C. bits of data in sync with a heartbeat or clock
D. bits of data simultaneously
问题 #17
Communications devices must operate:
A. at different speeds to communicate.
B. at the same speed to communicate.
C. at varying speeds to interact.
D. at high speed to interact.
问题 #18
The basic language of modems and dial-up remote access systems is:
A. Asynchronous Communication.
B. Synchronous Communication.
C. Asynchronous Interaction.
D. Synchronous Interaction.
问题 #19
Which of the following Common Data Network Services is used to print documents to a shared printer or a print queue/spooler?
A. Mail services.
B. Print services.
C. Client/Server services.
D. Domain Name Service.
问题 #20
Which of the following Common Data Network Services allocates computing power resources among workstations with some shared resources centralized on a server?
A. Print services
B. File services
C. Client/Server services
D. Domain Name Service
问题 #21
Domain Name Service is a distributed database system that is used to map:
A. Domain Name to IP addresses.
B. MAC addresses to domain names.
C. MAC Address to IP addresses.
D. IP addresses to MAC Addresses.
问题 #22
The Domain Name System (DNS) is a global network of:
A. servers that provide these Domain Name Services.
B. clients that provide these Domain Name Services.
C. hosts that provide these Domain Name Services.
D. workstations that provide these Domain Name Services.
问题 #23
The communications products and services, which ensure that the various components of a network (such as devices, protocols, and access methods) work together refers to:
A. Netware Architecture.
B. Network Architecture.
C. WAN Architecture.
D. Multiprotocol Architecture.
问题 #24
Unshielded Twisted Pair cabling is a:
A. four-pair wire medium that is used in a variety of networks.
B. three-pair wire medium that is used in a variety of networks.
C. two-pair wire medium that is used in a variety of networks.
D. one-pair wire medium that is used in a variety of networks.
问题 #25
In the UTP category rating, the tighter the wind:
A. the higher the rating and its resistance against interference and crosstalk.
B. the slower the rating and its resistance against interference and attenuation.
C. the shorter the rating and its resistance against interference and attenuation.
D. the longer the rating and its resistance against interference and attenuation.
问题 #26
What works as an E-mail message transfer agent?
A. SMTP
B. SNMP
C. S-RPC
D. S/MIME
问题 #27
Which of the following statements pertaining to packet switching is NOT true?
A. Most data sent today uses digital signals over network employing packet switching.
B. Messages are divided into packets.
C. All packets from a message travel through the same route.
D. Each network node or point examines each packet for routing.
问题 #28
All hosts on an IP network have a logical ID called a(n):
A. IP address.
B. MAC address.
C. TCP address.
D. Datagram address.
问题 #29
An Ethernet address is composed of how many bits?
A. 48-bit address
B. 32-bit address.
C. 64-bit address
D. 128-bit address
问题 #30
Address Resolution Protocol (ARP) interrogates the network by sending out a?
A. broadcast.
B. multicast.
C. unicast.
D. semicast.
问题 #31
When a station communicates on the network for the first time, which of the following protocol would search for and find the Internet Protocol (IP) address that matches with a known Ethernet address?
A. Address Resolution Protocol (ARP).
B. Reverse Address Resolution Protocol (RARP).
C. Internet Control Message protocol (ICMP).
D. User Datagram Protocol (UDP).
问题 #32
Which protocol's primary function is to facilitate file and directory transfer between two machines?
A. Telnet.
B. File Transfer Protocol (FTP).
C. Trivial File Transfer Protocol (TFTP).
D. Simple Mail Transfer Protocol (SMTP)
问题 #33
What is the primary reason why some sites choose not to implement Trivial File Transfer Protocol (TFTP)?
A. It is too complex to manage user access restrictions under TFTP
B. Due to the inherent security risks
C. It does not offer high level encryption like FTP
D. It cannot support the Lightweight Directory Access Protocol (LDAP)
问题 #34
Which protocol is used to send email?
A. File Transfer Protocol (FTP).
B. Post Office Protocol (POP).
C. Network File System (NFS).
D. Simple Mail Transfer Protocol (SMTP).
问题 #35
Which of the following best describes the Secure Electronic Transaction (SET) protocol?
A. Originated by VISA and MasterCard as an Internet credit card protocol using Message Authentication Code.
B. Originated by VISA and MasterCard as an Internet credit card protocol using digital signatures.
C. Originated by VISA and MasterCard as an Internet credit card protocol using the transport layer.
D. Originated by VISA and American Express as an Internet credit card protocol using SSL.
问题 #36
Which of the following protocols is designed to send individual messages securely?
A. Kerberos
B. Secure Electronic Transaction (SET).
C. Secure Sockets Layer (SSL).
D. Secure HTTP (S-HTTP).
问题 #37
Secure Electronic Transaction (SET) and Secure HTTP (S-HTTP) operate at which layer of the OSI model?
A. Application Layer.
B. Transport Layer.
C. Session Layer.
D. Network Layer.
问题 #38
Why does fiber optic communication technology have significant security advantage over other transmission technology?
A. Higher data rates can be transmitted.
B. Interception of data traffic is more difficult.
C. Traffic analysis is prevented by multiplexing.
D. Single and double-bit errors are correctable.
问题 #39
Which of the following statements pertaining to IPSec is NOT true?
A. IPSec can help in protecting networks from some of the IP network attacks.
B. IPSec provides confidentiality and integrity to information transferred over IP networks through transport layer encryption and authentication.
C. IPSec protects against man-in-the-middle attacks.
D. IPSec protects against spoofing.
问题 #40
Which of the following is NOT a characteristic or shortcoming of packet filtering gateways?
A. The source and destination addresses, protocols, and ports contained in the IP packet header are the only information that is available to the router in making a decision whether or not to permit traffic access to an internal network.
B. They don't protect against IP or DNS address spoofing.
C. They do not support strong user authentication.
D. They are appropriate for medium-risk environment.
问题 #41
In order to ensure the privacy and integrity of the data, connections between firewalls over public networks should use:
A. Screened subnets
B. Digital certificates
C. An encrypted Virtual Private Network
D. Encryption
问题 #42
Which of the following protocols does not operate at the data link layer (layer 2)?
A. PPP
B. RARP
C. L2F
D. ICMP
问题 #43
Which of the following protocols operates at the session layer (layer 5)?
A. RPC
B. IGMP
C. LPD
D. SPX
问题 #44
Which layer of the TCP/IP protocol stack corresponds to the ISO/OSI Network layer (layer 3)?
A. Host-to-host layer
B. Internet layer
C. Network access layer
D. Session layer
问题 #45
Which layer of the OSI/ISO model handles physical addressing, network topology, line discipline, error notification, orderly delivery of frames, and optional flow control?
A. Physical
B. Data link
C. Network
D. Session
问题 #46
The Logical Link Control sub-layer is a part of which of the following?
A. The ISO/OSI Data Link layer.
B. The Reference monitor.
C. The Transport layer of the TCP/IP stack model.
D. Change management control.
问题 #47
Which of the following services relies on UDP?
A. FTP
B. Telnet
C. DNS
D. SMTP
问题 #48
Which of the following is NOT a common weakness of packet filtering firewalls?
A. Vulnerability to denial-of-service and related attacks.
B. Vulnerability to IP spoofing.
C. Limited logging functionality.
D. No support for advanced user authentication schemes.
问题 #49
Which Network Address Translation (NAT) is the MOST convenient and secure solution?
A. Hiding Network Address Translation
B. Port Address Translation
C. Dedicated Address Translation
D. Static Address Translation
问题 #50
What is the primary difference between FTP and TFTP?
A. Speed of negotiation
B. Authentication
C. Ability to automate
D. TFTP is used to transfer configuration files to and from network equipment.
问题 #51
Which of the following cable types is limited in length to 185 meters?
A. 10BaseT
B. RG8
C. RG58
D. 10Base5
问题 #52
In a SSL session between a client and a server, who is responsible for generating the master secret that will be used as a seed to generate the symmetric keys that will be used during the session?
A. Both client and server
B. The client's browser
C. The web server
D. The merchant's Certificate Server
问题 #53
Which of the following statements pertaining to PPTP (Point-to-Point Tunneling Protocol) is NOT true?
A. PPTP allows the tunneling of any protocols that can be carried within PPP.
B. PPTP does not provide strong encryption.
C. PPTP does not support any token-based authentication method for users.
D. PPTP is derived from L2TP.
问题 #54
During the initial stage of configuration of your firewall, which of the following rules appearing in an Internet firewall policy is inappropriate?
A. The firewall software shall run on a dedicated computer.
B. Appropriate firewall documentation and a copy of the rulebase shall be maintained on offline storage at all times.
C. The firewall shall be configured to deny all services not expressly permitted.
D. The firewall should be tested online first to validate proper configuration.
问题 #55
SMTP can best be described as:
A. a host-to-host email protocol.
B. an email retrieval protocol.
C. a web-based e-mail reading protocol.
D. a standard defining the format of e-mail messages.
问题 #56
Which of the following protocol is PRIMARILY used to provide confidentiality in a web based application thus protecting data sent across a client machine and a server?
A. SSL
B. FTP
C. SSH
D. S/MIME
问题 #57
What attack involves the perpetrator sending spoofed packet(s) which contains the same destination and source IP address as the remote host, the same port for the source and destination, having the SYN flag, and targeting any open ports that are open on t
A. Boink attack
B. Land attack
C. Teardrop attack
D. Smurf attack
问题 #58
Which of the following is NOT a component of IPSec?
A. Authentication Header
B. Encapsulating Security Payload
C. Key Distribution Center
D. Internet Key Exchange
问题 #59
Which of the following statements pertaining to IPSec is NOT true?
A. A security association has to be defined between two IPSec systems in order for bi-directional communication to be established.
B. Integrity and authentication for IP datagrams are provided by AH.
C. ESP provides for integrity, authentication and encryption to IP datagrams.
D. In transport mode, ESP only encrypts the data payload of each packet.
问题 #60
Which of the following statements pertaining to packet filtering is NOT true?
A. It is based on ACLs.
B. It is not application dependent.
C. It operates at the network layer.
D. It keeps track of the state of a connection.
问题 #61
Which of the following is a method of multiplexing data where a communication channel is divided into an arbitrary number of variable bit-rate digital channels or data streams. This method allocates bandwidth dynamically to physical channels having inform
A. Time-division multiplexing
B. Asynchronous time-division multiplexing
C. Statistical multiplexing
D. Frequency division multiplexing
问题 #62
If an organization were to deploy only one Intrusion Detection System (IDS) sensor to protect its information system from the Internet:
A. It should be host-based and installed on the most critical system in the DMZ, between the external router and the firewall.
B. It should be network-based and installed in the DMZ, between the external router and the firewall.
C. It should be network-based and installed between the firewall to the DMZ and the intranet.
D. It should be host-based and installed between the external router and the Internet.
问题 #63
Why is infrared generally considered to be more secure to eavesdropping than multidirectional radio transmissions?
A. Because infrared eavesdropping requires more sophisticated equipment.
B. Because infrared operates only over short distances.
C. Because infrared requires direct line-of-sight paths.
D. Because infrared operates at extra-low frequencies (ELF).
问题 #64
Authentication Headers (AH) and Encapsulating Security Payload (ESP) protocols are the driving force of IPSec. Authentication Headers (AH) provides the following service except:
A. Authentication
B. Integrity
C. Replay resistance and non-repudiations
D. Confidentiality
问题 #65
In IPSec, if the communication is to be gateway-to-gateway or host-to-gateway:
A. Tunnel mode of operation is required
B. Only transport mode can be used
C. Encapsulating Security Payload (ESP) authentication must be used
D. Both tunnel and transport mode can be used
问题 #66
Which of the following is NOT true about IPSec Tunnel mode?
A. Fundamentally an IP tunnel with encryption and authentication
B. Works at the Transport layer of the OSI model
C. Have two sets of IP headers
D. Established for gateway service
问题 #67
Which of the following statements is NOT true of IPSec Transport mode?
A. It is required for gateways providing access to internal systems
B. Set-up when end-point is host or communications terminates at end-points
C. If used in gateway-to-host communication, gateway must act as host
D. When ESP is used for the security protocol, the hash is only applied to the upper layer protocols contained in the packet
问题 #68
Which of the following statements pertaining to firewalls is NOT true?
A. Firewalls create bottlenecks between the internal and external network.
B. Firewalls allow for centralization of security services in machines optimized and dedicated to the task.
C. Firewalls protect a network at all layers of the OSI models.
D. Firewalls are used to create security checkpoints at the boundaries of private networks.
问题 #69
Which of the following is an extension to Network Address Translation that permits multiple devices providing services on a local area network (LAN) to be mapped to a single public IP address?
A. IP Spoofing
B. IP subnetting
C. Port address translation
D. IP Distribution
问题 #70
At which OSI/ISO layer is an encrypted authentication between a client software package and a firewall performed?
A. Network layer
B. Session layer
C. Transport layer
D. Data link layer
问题 #71
Which of the following attack is MOSTLY performed by an attacker to steal the identity information of a user such as credit card number, passwords, etc?
A. Smurf attack
B. Traffic analysis
C. Pharming
D. Interrupt attack
问题 #72
Which of the following was designed to support multiple network types over the same serial link?
A. Ethernet
B. SLIP
C. PPP
D. PPTP
问题 #73
What is an IP routing table?
A. A list of IP addresses and corresponding MAC addresses.
B. A list of station and network addresses with corresponding gateway IP address.
C. A list of host names and corresponding IP addresses.
D. A list of current network interfaces on which IP routing is enabled.
问题 #74
Which of the following should be allowed through a firewall to easy communication and usage by users?
A. RIP
B. IGRP
C. DNS
D. OSPF
问题 #75
Which of the following was developed as a simple mechanism for allowing simple network terminals to load their operating system from a server over the LAN?
A. DHCP
B. BootP
C. DNS
D. ARP
问题 #76
What is the greatest danger from DHCP?
A. An intruder on the network impersonating a DHCP server and thereby misconfiguring the DHCP clients.
B. Having multiple clients on the same LAN having the same IP address.
C. Having the wrong router used as the default gateway.
D. Having the organization's mail server unreachable.
问题 #77
Which of the following allows two computers to coordinate in executing software?
A. RSH
B. RPC
C. NFS
D. SNMP
问题 #78
Which of the following should NOT normally be allowed through a firewall?
A. SNMP
B. SMTP
C. HTTP
D. SSH
问题 #79
Which of the following NAT firewall translation modes allows a large group of internal clients to share a single or small group of ROUTABLE IP addresses for the purpose of hiding their identities when communicating with external hosts?
A. Static translation
B. Load balancing translation
C. Network redundancy translation
D. Dynamic translation
问题 #80
Which of the following NAT firewall translation modes offers no protection from hacking attacks to an internal host using this functionality?
A. Network redundancy translation
B. Load balancing translation
C. Dynamic translation
D. Static translation
问题 #81
Which of the following is the primary security feature of a proxy server?
A. Virus Detection
B. URL blocking
C. Route blocking
D. Content filtering
问题 #82
Which of the following is an advantage of proxies?
A. Proxies provide a single point of access, control, and logging.
B. Proxies must exist for each service.
C. Proxies create a single point of failure.
D. Proxies do not protect the base operating system.
问题 #83
Which of the following packets should NOT be dropped at a firewall protecting an organization's internal network?
A. Inbound packets with Source Routing option set
B. Router information exchange protocols
C. Inbound packets with an internal address as the source IP address
D. Outbound packets with an external destination IP address
问题 #84
A packet filtering firewall looks at the data packet to get information about the source and destination addresses of an incoming packet, the protocol (TCP, UDP, or ICMP), and the source and destination port for the:
A. desired service.
B. dedicated service.
C. delayed service.
D. distributed service.
问题 #85
Frame relay uses a public switched network to provide:
A. Local Area Network (LAN) connectivity.
B. Metropolitan Area Network (MAN) connectivity.
C. Wide Area Network (WAN) connectivity.
D. World Area Network (WAN) connectivity.
问题 #86
Which of the following is a drawback of fiber optic cables?
A. It is affected by electromagnetic interference (EMI).
B. It can easily be tapped.
C. The expertise needed to install it.
D. The limited distance at high speeds.
问题 #87
Which of the following is the MOST secure firewall implementation?
A. Dual-homed host firewalls
B. Screened-subnet firewalls
C. Screened-host firewalls
D. Packet-filtering firewalls
问题 #88
A Packet Filtering Firewall system is considered a:
A. first generation firewall.
B. second generation firewall.
C. third generation firewall.
D. fourth generation firewall.
问题 #89
Proxies work by transferring a copy of each accepted data packet from one network to another, thereby masking the:
A. data's payload.
B. data's details.
C. data's owner.
D. data's origin.
问题 #90
An application layer firewall is also called a:
A. Proxy
B. A Presentation Layer Gateway.
C. A Session Layer Gateway.
D. A Transport Layer Gateway.
问题 #91
Application Layer Firewalls operate at the:
A. OSI protocol Layer seven, the Application Layer.
B. OSI protocol Layer six, the Presentation Layer.
C. OSI protocol Layer five, the Session Layer.
D. OSI protocol Layer four, the Transport Layer.
问题 #92
One drawback of Application Level Firewall is that it reduces network performance due to the fact that it must analyze every packet and:
A. decide what to do with each application.
B. decide what to do with each user.
C. decide what to do with each port.
D. decide what to do with each packet.
问题 #93
A circuit level proxy is ____________ when compared to an application level proxy.
A. lower in processing overhead.
B. more difficult to maintain.
C. more secure.
D. slower.
问题 #94
In a stateful inspection firewall, data packets are captured by an inspection engine that is operating at the:
A. Network or Transport Layer.
B. Application Layer.
C. Inspection Layer.
D. Data Link Layer.
问题 #95
When an outgoing request is made on a port number greater than 1023, this type of firewall creates an ACL to allow the incoming reply on that port to pass:
A. packet filtering
B. Circuit level proxy
C. Dynamic packet filtering
D. Application level proxy
问题 #96
A demilitarized zone is:
A. a part of a network perfectly safe from hackers
B. a militarized network segment
C. a firewall
D. the network segment between the Internet and a private network
问题 #97
A DMZ is located:
A. right behind your first Internet facing firewall
B. right in front of your first Internet facing firewall
C. right behind your first network active firewall
D. right behind your first network passive Internet http firewall
问题 #98
The DMZ does not normally contain:
A. encryption server
B. web server
C. external DNS server
D. mail relay
问题 #99
A DMZ is also known as a:
A. screened subnet.
B. three legged firewall.
C. place to attract hackers.
D. bastion host.
闽公网安备 35012102500533号
|
闽ICP备18010967号-7