« 返回题库列表2026年CISSP全英文题库免费下载|最新考试真题+答案解析
问题 #1
Role based access control is attracting increasing attention particularly for what applications?
A. Scientific
B. Commercial
C. Security
D. Technical
问题 #2
What is one advantage of deploying Role based access control in large networked applications?
A. Higher security
B. Higher bandwidth
C. User friendliness
D. Lower cost
问题 #3
DAC and MAC policies can be effectively replaced by:
A. Rule based access control.
B. Role based access control.
C. Server based access control.
D. Token based access control
问题 #4
Which of the following correctly describe Role based access control?
A. It allows you to specify and enforce enterprise-specific security policies in a way that maps to your user profile groups.
B. It allows you to specify and enforce enterprise-specific security policies in a way that maps to your organizations structure.
C. It allows you to specify and enforce enterprise-specific security policies in a way that maps to your ticketing system.
D. It allows you to specify and enforce enterprise-specific security policies in a way that maps to your ACL.
问题 #5
Which of the following RFC talks about Rule Based Security Policy?
A. 1316
B. 1989
C. 2717
D. 2828
问题 #6
With Rule Based Security Policy, a security policy is based on:
A. Global rules imposed for all users.
B. Local rules imposed for some users.
C. Global rules imposed for no body.
D. Global rules imposed for only the local users.
问题 #7
With Rule Based Security Policy, global rules usually rely on comparison of the _______ of the resource being accessed.
A. A group of users.
B. Users
C. Sensitivity
D. Entities
问题 #8
Which of the following is a facial feature identification product that can employ artificial intelligence and can require the system to learn from experience?
A. All of the choices.
B. Digital nervous system.
C. Neural networking
D. DSV
问题 #9
Which option is NOT a benefit derived from the use of neural networks?
A. Linearity
B. Input-Output Mapping
C. Adaptivity
D. Fault Tolerance
问题 #10
Which of the following is a characteristic of a decision support system (DSS)?
A. DSS is aimed at solving highly structured problems
B. DSS emphasizes flexibility in the decision making approach of users
C. DSS supports only structured decision-making tasks
D. DSS combines the use of models with non-traditional data access and retrieval functions
问题 #11
Which of the following is a communication mechanism that enables direct conversation between two applications?
A. DDE
B. OLE
C. ODBC
D. DCOM
问题 #12
Which expert system operating mode allows determining if a given hypothesis is valid?
A. Vertical chaining
B. Lateral chaining
C. Forward chaining
D. Backward chaining
问题 #13
Which one of the following is a security issue related to aggregation in a database?
A. Polyinstantiation
B. Inference
C. Partitioning
D. Data swapping
问题 #14
How is polyinstantiation used to secure a multilevel database?
A. It prevents low-level database users from inferring the existence of higher level dat
A.
B. It confirms that all constrained data items within the system conform to integrity specifications.
C. It ensures that all mechanism in a system are responsible for enforcing the database security policy.
D. Two operations at the same layer will conflict if they operate on the same data item and at least one of them is an update.
问题 #15
Which of the following defines the software that maintains and provides access to the database?
A. database management system (DBMS)
B. relational database management systems (RDBMS)
C. database identification system (DBIS)
D. Interface Definition Language system (IDLS)
问题 #16
Which of the following is not a responsibility of a database administrator?
A. Maintaining databases
B. Implementing access rules to databases
C. Reorganizing databases
D. Providing access authorization to databases
问题 #17
SQL commands do not include which of the following?
A. Select, Update
B. Grant, Revoke
C. Delete, Insert
D. Add, Replace
问题 #18
A persistent collection of interrelated data items can be defined as which of the following?
A. database
B. database management system
C. database security
D. database shadowing
问题 #19
Which one of the following is commonly used for retrofitting multilevel security to a Database Management System?
A. Trusted kernel
B. Kernel controller
C. Front end controller
D. Trusted front-end
问题 #20
Which of the following is the marriage of object-oriented and relational technologies combining the attributes of both?
A. object-relational database
B. object-oriented database
C. object-linking database
D. object-management database
问题 #21
A department manager has read access to the salaries of the employees in his/her department but not to the salaries of employees in other departments. A database security mechanism that enforces this policy would typically be said to provide which of the
A. content-dependent access control
B. context-dependent access control
C. least privileges access control
D. ownership-based access control
问题 #22
Which of the following is an important part of database design that ensures that attributes in a table depend only on the primary key?
A. Normalization
B. Assimilation
C. Reduction
D. Compaction
问题 #23
Which of the following does not address Database Management Systems (DBMS) Security?
A. Perturbation
B. Cell suppression
C. Padded Cells
D. Partitioning
问题 #24
Which of the following is commonly used for retrofitting multilevel security to a database management system?
A. trusted front-end
B. trusted back-end
C. controller
D. kernel
问题 #25
Normalizing data within a database includes all of the following except which?
A. Eliminating repeating groups by putting them into separate tables
B. Eliminating redundant data
C. Eliminating attributes in a table that are not dependent on the primary key of that table
D. Eliminating duplicate key fields by putting them into separate tables
问题 #26
SQL commands do not include which of the following?
A. Select, Update
B. Grant, Revoke
C. Delete, Insert
D. Add, Replace
问题 #27
SQL security issues include which of the following?
A. The granularity of authorizations
B. The size of databases
C. The complexity of key structures
D. The number of candidate key elements
问题 #28
Which of the following are placeholders for literal values in a Structured Query Language (SQL) query being sent to the database on a server?
A. Bind variables
B. Assimilation variables
C. Reduction variables
D. Resolution variables
问题 #29
What ensures that attributes in a table depend only on the primary key?
A. Referential integrity
B. The database management system (DBMS)
C. Data Normalization
D. Entity integrity
问题 #30
Which of the following represent the rows of the table in a relational database?
A. attributes
B. records or tuples
C. record retention
D. relation
问题 #31
With regard to databases, which of the following has characteristics of ease of reusing code and analysis and reduced maintenance?
A. Object-Oriented Data Bases (OODB)
B. Object-Relational Data Bases (ORDB)
C. Relational Data Bases
D. Data Base management systems (DBMS)
问题 #32
Complex applications involving multimedia, computer aided design, video, graphics, and expert systems are more suited to which of the following?
A. Object-Oriented Data Bases (OODB)
B. Object-Relational Data Bases
C. Relational Data Bases
D. Data base management systems (DBMS)
问题 #33
Which of the following refers to the number of columns in a table?
A. Schema
B. Relation
C. Degree
D. Cardinality
问题 #34
Which of the following refers to the number of rows in a relation?
A. cardinality
B. degree
C. depth
D. breadth
问题 #35
Which of the following refers to the number of columns in a relation?
A. degree
B. cardinality
C. depth
D. breadth
问题 #36
What is one disadvantage of content-dependent protection of information?
A. It increases processing overhead
B. It requires additional password entry
C. It exposes the system to data locking
问题 #37
Which one of the following control steps is usually NOT performed in data warehousing applications?
A. Monitor summary tables for regular use.
B. Control meta data from being used interactively.
C. Monitor the data purging plan.
D. Reconcile data moved between the operations environment and data warehouse.
问题 #38
A storage information architecture does not address which of the following?
A. archiving of data
B. collection of data
C. management of data
D. use of data
问题 #39
Which of the following can be defined as the set of allowable values that an attribute can take?
A. domain of a relation
B. domain name service of a relation
C. domain analysis of a relation
D. domains, in database of a relation
问题 #40
Programmed procedures which ensure that valid transactions are processed accurately and only once in the current timescale are referred to as
A. Data installation controls
B. Application controls
C. Operation controls
D. Physical controls
问题 #41
What is the most effective means of determining how controls are functioning within an operating system?
A. Interview with computer operator
B. Review of software control features and/or parameters
C. Review of operating system manual
D. Interview with product vendor
问题 #42
Program change controls must ensure that all changes are
A. Audited to verify intent.
B. Tested to ensure correctness.
C. Implemented into production systems.
D. Within established performance criteri
A.
问题 #43
Which question is NOT true concerning Application Control?
A. It limits end users use of applications in such a way that only particular screens are visible
B. Only specific records can be requested choice
C. Particular uses of application can be recorded for audit purposes
D. Is non-transparent to the endpoint applications so changes are needed to the applications involved
问题 #44
A computer program used to process the weekly payroll contains an instruction that the amount of the gross pay cannot exceed $2,500 for any one employee. This instruction is an example of a control that is referred to as a:
A. sequence check
B. check digit
C. limit check
D. record check
问题 #45
What are edit controls?
A. Preventive controls
B. Detective controls
C. Corrective controls
D. Compensating controls
问题 #46
Which one of the following properties of a transaction processing system ensures that once a transaction completes successfully (commits), the update service even if there is a system failure?
A. Atomicity
B. Consistency
C. Isolation
D. Durability
问题 #47
To ensure integrity, a payroll application program may record transactions in the appropriate accounting period by using
A. Application checkpoints
B. Time and date stamps
C. Accrual journal entries
D. End of period journals
问题 #48
What ensures that the control mechanisms correctly implement the security policy for the entire life cycle of an information system?
A. Accountability controls
B. Mandatory access controls
C. Assurance procedures
D. Administrative controls
问题 #49
Development staff should:
A. Implement systems
B. Support production data
C. Perform unit testing
D. Perform acceptance testing
问题 #50
Which of the following is not used as a cost estimating technique during the project planning stage?
A. Delphi technique
B. Expert Judgment
C. Program Evaluation Review Technique (PERT) charts
D. Function points (FP)
问题 #51
Which of the following methodologies is appropriate for planning and controlling activities and resources in a system project?
A. Gantt charts
B. Program evaluation review technique (PERT)
C. Critical path methodology (CPM)
D. Function point analysis (FP)
问题 #52
Which of the following is an advantage of using a high-level programming language?
A. It decreases the total amount of code writters
B. It allows programmers to define syntax
C. It requires programmer-controlled storage management
D. It enforces coding standards
问题 #53
The design phase in a system development life cycle includes all of the following EXCEPT
A. Determining sufficient security controls.
B. Conducting a detailed design review.
C. Developing an operations and maintenance manual.
D. Developing a validation, verification, and testing plan.
问题 #54
By far, the largest security exposure in application system development relates to
A. Maintenance and debugging hooks.
B. Deliberate compromise.
C. Change control.
D. Errors and lock of training
问题 #55
Which of the following is a 5th Generation Language?
A. LISP
B. BASIC
C. NATURAL
D. Assembly Language
问题 #56
When considering the IT Development Life-Cycle, security should be:
A. Mostly considered during the initiation phase.
B. Mostly considered during the development phase.
C. Treated as an integral part of the overall system design.
D. Add once the design is completed.
问题 #57
Which of the following represents the best programming?
A. Low cohesion, low coupling
B. Low cohesion, high coupling
C. High cohesion, low coupling
D. High cohesion, high coupling
问题 #58
The INITIAL phase of the system development life cycle would normally include
A. Cost-benefit analysis
B. System design review
C. Executive project approval
D. Project status summary
问题 #59
Which of the following computer design approaches is based on the fact that in earlier technologies, the instruction fetch was the longest part of the cycle?
A. Pipelining
B. Reduced Instruction Set Computers (RISC)
C. Complex Instruction Set Computers (CISC)
D. Scolar processors
问题 #60
Which one of the following tests determines whether the content of data within an application program falls within predetermined limits?
A. Parity check
B. Reasonableness check
C. Mathematical accuracy check
D. Check digit verification
问题 #61
Buffer overflow and boundary condition errors are subsets of:
A. Race condition errors
B. Access validation errors
C. Exceptional condition handling errors
D. Input validation errors
问题 #62
Which of the following statements pertaining to software testing approaches is correct?
A. A bottom-up approach allows interface errors to be detected earlier
B. A top-down approach allows errors in critical modules to be detected earlier
C': ") The test plan and results should be retained as part of the system's permanent documentation", 'D. Black box testing is predicated on a close examination of procedural detail
问题 #63
Which of the following phases of a system development life-cycle is most concerned with authenticating users and processes to ensure appropriate access control decisions?
A. Development/acquisition
B. Implementation
C. Operation/Maintenance
D. Initiation
问题 #64
Which of the following would be the most serious risk where a systems development life cycle methodology is inadequate?
A. The project will be completed late
B. The project will exceed the cost estimates
C. The project will be incompatible with existing systems
D. The project will fail to meet business and user needs
问题 #65
Which of the following would best describe the difference between white-box testing and black-box testing?
A. White-box testing is performed by an independent programmer team
B. Black-box testing uses the bottom-up approach
C. White-box testing examines the program internal logical structure
D. Black-box testing involves the business units
问题 #66
Which of the following refers to the work product satisfying the real-world requirements and concepts?
A. validation
B. verification
C. concurrence
D. accuracy
问题 #67
Which model, based on the premise that the quality of a software product is a direct function of the quality of it's associated software development and maintenance processes, introduced five levels with which the maturity of an organization involved in t
A. The total Quality Model (TQM)
B. The IDEAL Model
C. The Software Capability Maturity Model
D. The Spiral Model
问题 #68
Which of the following would provide the best stress testing environment?
A. Test environment using test data
B. Test environment using live workloads
C. Production environment using test data
D. Production environment using live workloads
问题 #69
In a change control environment, which one of the following REDUCES the assurance of proper changes to source programs in production status?
A. Authorization of the change.
B. Testing of the change.
C. Programmer access.
D. Documentation of the change.
问题 #70
Why should batch files and scripts be stored in a protected area?
A. Because of the least privilege concept
B. Because they cannot be accessed by operators
C. Because they may contain credentials
D. Because of the need-to-know concept
问题 #71
The PRIMARY purpose of operations security is
A. Protect the system hardware from environment damage.
B. Monitor the actions of vendor service personnel.
C. Safeguard information assets that are resident in the system.
D. Establish thresholds for violation detection and logging.
问题 #72
Which of the following is not a component of a Operations Security "triples"?
A. Asset
B. Threat
C. Vulnerability
D. Risk
问题 #73
A periodic review of user account management should not determine:
A. Conformity with the concept of least privilege
B. Whether active accounts are still being used
C. Strength of user-chosen passwords
D. Whether management authorizations are up-to-date
问题 #74
Which of the following functions is less likely to be performed by a typical security administrator?
A. Setting user clearances and initial passwords
B. Adding and removing system users
C. Setting or changing file sensitivity labels
D. Reviewing audit data
问题 #75
Who is responsible for setting user clearances to computer-based information?
A. Security administrators
B. Operators
C. Data owners
D. Data custodians
问题 #76
Who is the individual permitted to add users or install trusted programs?
A. Database Administrator
B. Computer Manager
C. Security Administrator
D. Operations Manager
问题 #77
In Unix, which file is required for you to set up an environment such that every used on the other host is a trusted user that can log into this host without authentication?
A. /etc/shadow
B. /etc/host.equiv
C. /etc/passwd
D. None of the choices.
问题 #78
For what reason would a network administrator leverage promiscuous mode?
A. To screen out all network errors that affect network statistical information.
B. To monitor the network to gain a complete statistical picture of activity.
C. To monitor only unauthorized activity and use.
D. To capture only unauthorized internal/external use.
问题 #79
Which of the following questions is less likely to help in assessing controls over hardware and software maintenance?
A. In access to all program libraries restricted and controlled?
B. Are integrity verification programs used by applications to look for evidences of data tampering, errors, and omissions?
C. Is there version control?
D. Are system components tested, documented, and approved prior to promotion to production?
问题 #80
Which of the following correctly describe "good" security practice?
A. Accounts should be monitored regularly.
B. You should have a procedure in place to verify password strength.
C. You should ensure that there are no accounts without passwords.
D. All of the choices.
问题 #81
Access to the _________ account on a Unix server must be limited to only the system administrators that must absolutely have this level of access.
A. Superuser of inetd.
B. Manager or root.
C. Fsf or root
D. Superuser or root.
问题 #82
Which of the following files should the security administrator be restricted to READ only access?
A. Security parameters
B. User passwords
C. User profiles
D. System log
问题 #83
Root login should only be allowed via:
A. Rsh
B. System console
C. Remote program
D. VNC
问题 #84
What does "System Integrity" mean?
A. The software of the system has been implemented as designed.
B': ") Users can't tamper with processes they do not own", 'C. Hardware and firmware have undergone periodic testing to verify that they are functioning properly
D. Design specifications have been verified against the formal top-level specification
问题 #85
Operations Security seeks to primarily protect against which of the following?
A. object reuse
B. facility disaster
C. compromising emanations
D. asset threats
问题 #86
In order to avoid mishandling of media or information, you should consider using:
A. Labeling
B. Token
C. Ticket
D. SLL
问题 #87
In order to avoid mishandling of media or information, which of the following should be labeled?
A. All of the choices.
B. Printed copies
C. Tape
D. Floppy disks
问题 #88
Compact Disc (CD) optical media types is used more often for:
A. very small data sets
B. very small files data sets
C. larger data sets
D. very aggregated data sets
问题 #89
At which temperature does damage start occurring to magnetic media?
A. 100 degrees
B. 125 degrees
C. 150 degrees
D. 175 degrees
问题 #90
Which of the following statements pertaining to air conditioning for an information processing facility is correct?
A. The AC units must be controllable from outside the area
B. The AC units must keep negative pressure in the room so that smoke and other gases are forced out of the room
C. The AC units must be n the same power source as the equipment in the room to allow for easier shutdown
D. The AC units must be dedicated to the information processing facilities
问题 #91
Removing unnecessary processes, segregating inter-process communications, and reducing executing privileges to increase system security is commonly called
A. Hardening
B. Segmenting
C. Aggregating
D. Kerneling
问题 #92
RAID levels 3 and 5 run:
A. faster on hardware
B. slower on hardware
C. faster on software
D. )at the same speed on software and hardware
问题 #93
Which of the following RAID levels functions as a single virtual disk?
A. RAID Level 7
B. RAID Level 5
C. RAID Level 10
D. RAID Level 2
问题 #94
Which of the following takes the concept of RAID 1 (mirroring) and applies it to a pair of servers?
A. A redundant server implementation
B. A redundant client implementation
C. A redundant guest implementation
D. A redundant host implementation
问题 #95
Which of the following enables the drive array to continue to operate if any disk or any path to any disk fails?
A. RAID Level 7
B. RAID Level 1
C. RAID Level 2
D. RAID Level 5
问题 #96
Depending upon the volume of data that needs to be copied, full backups to tape can take:
A. an incredible amount of time
B. a credible amount of time
C. an ideal amount of time
D. an exclusive amount of time
问题 #97
Which one of the following entails immediately transmitting copies of on-line transactions to a remote computer facility for backup?
A. Archival storage management (ASM)
B. Electronic vaulting
C. Hierarchical storage management (HSM)
D. Data compression
问题 #98
When continuous availability (24 hours-a-day processing) is required, which one of the following provides a good alternative to tape backups?
A. Disk mirroring
B. Backup to jukebox
C. Optical disk backup
D. Daily archiving
问题 #99
Zip/Jaz drives are frequently used for the individual backups of small data sets of:
A. specific application data
B. sacrificial application data
C. static application data
D. dynamic application data
问题 #100
With non-continuous backup systems, data that was entered after the last backup prior to a system crash will have to be:
A. recreated
B. created
C. updated
D. deleted
闽公网安备 35012102500533号
|
闽ICP备18010967号-7