« 返回题库列表2026年CISSP全英文模拟题及答案|历年考试真题汇总
问题 #1
In what type of attack does an attacker try, from several encrypted messages, to figure out the key using the encryption process?
A. Known-plaintext attack
B. Ciphertext-only attack
C. Chosen-Ciphertext attack
D. Known Ciphertext attack
问题 #2
When combined with unique session values, message authentication can protect against which of the following?
A. Reverse engineering, frequency analysis, factoring attacks, and ciphertext-only attack.
B. Masquerading, frequency analysis, sequence manipulation, and ciphertext-only attack.
C. Reverse engineering, content modification, factoring attacks, and submission notification.
D. Masquerading, content modification, sequence manipulation, and submission notification.
问题 #3
The relative security of a commercial cryptographic system can be measured by the?
A. Rating value assigned by the government agencies that use the system.
B. Minimum number of cryptographic iterations required by the system.
C. Size of the key space and the available computational power.
D. Key change methodology used by the cryptographic system.
问题 #4
Which one of the following describes Kerchoff's Assumption for cryptoanalytic attack?
A. Key is secret; algorithm is Known
B. Key is known; algorithm is Known
C. Key is secret; algorithm is secret
D. Key is known; algorithm is secret
问题 #5
Which of the following actions can make a cryptographic key more resistant to an exhaustive attack?
A. None of the choices.
B. Increase the length of a key.
C. Increase the age of a key.
D. Increase the history of a key.
问题 #6
Which type of attack is based on the probability of two different messages using the same hash function producing a common message digest?
A. Differential cryptanalysis
B. Differential linear cryptanalysis
C. Birthday attack
D. Statistical attack
问题 #7
Frame-relay uses a public switched network to provide:
A. Local Area Network (LAN) connectivity
B. Metropolitan Area Network (MAN) connectivity
C. Wide Area Network (WAN) connectivity
D. World Area Network (WAN) connectivity
问题 #8
Which of the following technologies has been developed to support TCP/IP networking over low-speed serial interfaces?
A. ISDN
B. SLIP
C. xDSL
D. T1
问题 #9
Which of the following is a Wide Area Network that was originally funded by the Department of Defense, which uses TCP/IP for data interchange?
A. the Internet
B. the Intranet
C. the Extranet
D. The Ethernet
问题 #10
Internet specifically refers to the global network of:
A. public networks and Internet Service Providers (ISPs) throughout the world
B. private networks and Internet Services Providers (ISPs) through the world
C. limited networks and Internet Service Providers (ISPs) throughout the world
D. point networks and Internet Service Providers (ISPs) throughout the world
问题 #11
To improve the integrity of asynchronous communications in the realm of personal computers, the Microcom Networking Protocol (MNP) uses a highly effective communications error-control technique known as
A. Cyclic redundancy check.
B. Vertical redundancy check.
C. Checksum.
D. Echoplex.
问题 #12
Organizations should consider which of the following first before connecting their LANs to the Internet?
A. plan for implementing W/S locking mechanisms
B. plan for protecting the modem pool
C. plan for providing the user with his account usage information
D. plan for considering all authentication options
问题 #13
Which xDSL flavour delivers both downstream and upstream speeds of 1.544 MBps over two copper twisted pairs?
A. HDSL
B. SDSL
C. ADSL
D. VDSL
问题 #14
Which of the following statements pertaining to Asynchronous Transfer Mode (ATM) is false?
A. It can be used for voice
B. It can be used for data
C. It carries various sizes of packets
D. It can be used for video
问题 #15
Satellite communications are easily intercepted because__
A. transmissions are continuous 24 hours per day.
B. a satellite footprint is narrowly focused.
C. a satellite footprint is very large.
D. a satellite footprint does not change.
问题 #16
Which one of the following protocols CANNOT be used for full duplex Wide Area Network (WAN) communications?
A. Synchronous Data Link Control (SDLC)
B. Serial Line Internet Protocol (SLIP)
C. Point-to-Point Protocol (PPP)
D. High-Level Data Link Control (HDLC)
问题 #17
Fast ethernet operates at which of the following?
A. 10 MBps
B. 100 MBps
C. 1000 MBps
D. All of the above
问题 #18
Which of the following statements about the "Intranet" is NOT true?
A. It is an add-on to a local area network.
B. It is unrestricted and publicly available.
C. It is usually restricted to a community of users
D. t can work with MANS or WANS
问题 #19
Frame relay and X.25 networks are part of which of the following?
A. Circuit-switched services
B. Cell-switched services
C. Packet-switched services
D. Dedicated digital services
问题 #20
A Wide Area Network (WAN) may be privately operated for a specific user community, may support multiple communication protocols, or may provide network connectivity and services via:
A. interconnected network segments (extranets, intranets, and Virtual Private Networks)
B. interconnected network segments (extranets, internets, and Virtual Private Networks)
C. interconnected netBIOS segments (extranets, intranets, and Virtual Private Networks)
D. interconnected NetBIOS segments (extranets, interest, and Virtual Private Networks)
问题 #21
What is the proper term to refer to a single unit of Ethernet data?
A. Ethernet segment
B. Ethernet datagram
C. Ethernet frame
D. Ethernet packet
问题 #22
Which of the following is a LAN transmission protocol?
A. Ethernet
B. Ring Topology
C. Unicast
D. Polling
问题 #23
Which of the following access methods is used by Ethernet?
A. CSMA/CD
B. CSU/DSU
C. TCP/IP
D. FIFO
问题 #24
Which one of the following data transmission technologies is NOT packet-switch based?
A. X.25
B. ATM (Asynchronous Transfer Mode)
C. CSMA/CD (Carrier Sense Multiple Access/Collision Detection)
D. Frame Relay
问题 #25
Unshielded (UTP) does not require the fixed spacing between connections that is:
A. necessary with telephone-type connections
B. necessary with coaxial-type connections
C. necessary with twisted pair-type connections
D. necessary with fiber optic-type connections
问题 #26
What type of cable is used with 100Base-TX Fast Ethernet?
A. Fiber-optic cable
B. Four pairs of Category 3, 4, or 5 unshielded twisted-pair (UTP) wires.
C. Two pairs of Category 5 unshielded twisted-pair (UTP) or Category 1 shielded twisted-pair (STP) wires
D. RG-58 Cable
问题 #27
Which cable technology refers to the CAT 3 and Cat5 Categories?
A. Coaxial cables
B. Fiber Optic cables
C. Axial cables
D. Twisted Pair cables
问题 #28
On which Open System Interconnection (OSI) Reference Model layer are repeaters used as communications transfer devices?
A. Data-link
B. Physical
C. Network
D. Transport
问题 #29
In the OSI/ISO model, at what layer are some of the SLIP, CSLIP, PPP, control functions are provided?
A. Link
B. Transport
C. Presentation
D. Application
问题 #30
In the OSI/ISO model, at what level are TCP and UDP provided?
A. Transport
B. Network
C. Presentation
D. Application
问题 #31
DNS, FTP, TFTP, SNMP are provided at what level of the OSI/ISO model?
A. Application
B. Network
C. Presentation
D. Transport
问题 #32
Which of the following OSI layers does not provide confidentiality?
A. Presentation
B. Network
C. Transport
D. Session
问题 #33
Which of the following OSI layers provides routing and related services?
A. Network
B. Presentation
C. Physical
问题 #34
The International Standards Organization/Open Systems Interconnection (ISO/OSI) Layers does NOT have which of the following characteristics?
A. Standard model for network communications
B. Used to gain information from network devices such as count of packets received and routing tables
C. Allows dissimilar networks to communicate
D. Defines 7 protocol layers (
A. k.
A. protocol stacks)
问题 #35
Which of the following layers supervises the control rate of packet transfers in an Open Systems Interconnections (OSI) implementation?
A. Physical
B. Session
C. Transport
D. Network
问题 #36
Which Open Systems Interconnect (OSI) layers provide Transport Control Protocol/Internet Protocol (TCP/IP) end-to-end security?
A. Application and presentation
B. Presentation and session
C. Network and application
D. Application and transport
问题 #37
Which one of the following is a TRUE statement about the bottom three layers of the Open Systems Interconnection (OSI) Reference Model?
A. They generally pertain to the characteristics of the communicating end systems.
B. They cover synchronization and error control of network data transmissions.
C. They support and manage file transfer and distribute process resources.
D. They support components necessary to transmit network messages.
问题 #38
ICMP and IGMP belong to which layer of the OSI model?
A. Datagram
B. Network
C. Transport
D. Link
问题 #39
The International Standards Organization / Open Systems Interconnection (ISO/OSI) Layers 6 is which of the following?
A. Application Layer
B. Presentation Layer
C. Data Link Layer
D. Network Layer
问题 #40
Which OSI/ISO layer is IP implemented at?
A. Session layer
B. Transport layer
C. Network layer
D. Data link layer
问题 #41
Which of the following security-focused protocols operates at a layer different from the others?
A. Secure HTTP
B. Secure shell (SSH-2)
C. Secure socket layer (SSL)
D. Simple Key Management for Internet Protocols (SKIP)
问题 #42
In the OSI/ISO model, at what layer are some of the SLIP, CSLIP, PPP control functions are provided?
A. Link
B. Transport
C. Presentation
D. Application
问题 #43
The OSI model contains seven layers. TCP/IP is generally accepted as having how many layers?
A. four
B. five
C. six
D. eight
问题 #44
Which of the following layers provides end-to-end service?
A. Network Layer
B. Link Layer
C. Transport Layer
D. Presentation Layer
问题 #45
Both TCP and UDP use port numbers of what length?
A. 32 bits
B. 16 bits
C. 8 bits
D. 4 bits
问题 #46
Which one of the following is an effective communications error-control technique usually implemented in software?
A. Redundancy check
B. Packet filtering
C. Packet checksum
D. Bit stuffing
问题 #47
What is the proper term to refer to a single unit of TCP data at the transport layer?
A. TCP segment
B. TCP datagram
C. TCP frame
D. TCP packet
问题 #48
Each data packet is assigned the IP address of the sender and the IP address of the:
A. recipient
B. host
C. node
D. network
问题 #49
Which of the following type of packets can *easily* be denied with a stateful packet filter?
问题 #50
Which ports are the "Register ports", registered by the IANA?
A. Ports 128 to 255
B. Ports 1024 to 49151
C. Ports 1023 to 65535
D. Ports 1024 to 32767
问题 #51
What protocol was UDP based and mainly intended to provide validation of dial up user login passwords?
A. PPTP
B. L2TP
C. IPSec
D. TACACS
问题 #52
On which port is POP3 usually run?
问题 #53
The primary function of this protocol is to send messages between network devices regarding the health of the network:
A. Internet Control Message Protocol (ICMP)
B. Reverse Address Resolution Protocol (RARP)
C. Address Resolution Protocol (AR)
D. Internet Protocol (IP)
问题 #54
Telnet and rlogin use which protocol?
A. UDP
B. SNMP
C. TCP
D. IGP
问题 #55
The IP header contains a protocol field. If this file contains the value of 2, what type of data is contained within the IP datagram?
A. TCP
B. ICMP
C. UDP
D. IGMP
问题 #56
The IP header contains a protocol field. If this field contains the value of 17, what type of data is contained within the ip datagram?
A. TCP
B. ICMP
C. UDP
D. IGMP
问题 #57
Why do some sites choose not to implement Trivial File Transfer Protocol (TFTP)?
A. list restrictions
B. inherent security risks
C. user authentication requirement
D. directory restriction
问题 #58
The IP header contains a protocol field. If this field contains the value of 6, what type of data is contained within the ip datagram?
A. TCP
B. ICMP
C. UDP
D. IGMP
问题 #59
Which of the following is not a basic security service defined by the OSI?
A. Routing control
B. Authentication
C. Data Confidentiality
D. Logging and monitoring
问题 #60
Which of the following is not an OSI architecture-defined broad category of security standards?
A. Security techniques standards
B. Layer security protocol standards
C. Application-specific security
D. Firewall security standards
问题 #61
Which one of the following is the Open Systems Interconnection (OSI) protocol for message handling?
A. X.25
B. X.400
C. X.500
D. X.509
问题 #62
The IP header contains a protocol field. If this field contains the value of 1, what type of data is contained within the IP datagram?
A. TCP
B. ICMP
C. UDP
D. IGMP
问题 #63
Which of the following is true?
A. TCP is connection-oriented. UDP is not
B. UDP provides for Error Correction. TCP does not.
C. UDP is useful for longer messages
D. UDP guarantees delivers of dat
A. TCP does not guarantee delivery of dat
A.
问题 #64
What works as an E-mail message transfer agent?
A. SMTP
B. SNMP
C. S-RPC
D. S/MIME
问题 #65
A common way to create fault tolerance with leased lines is to group several T-1's together with an inverse multiplexer placed:
A. at one end of the connection
B. at both ends of the connection
C. somewhere between both end points
D. in the middle of the connection
问题 #66
Several methods provide telecommunications continuity, which of the following is a method of routing traffic through split cable or duplicate cable facilities?
A. diverse routing
B. alternative routing
C. last mile circuit protection
D. long haul network diversity
问题 #67
Which of the following is the primary security feature of a proxy server?
A. Client hiding
B. URL blocking
C. Route blocking
D. Content filtering
问题 #68
Which of the following Common Data Network Services is used to send and receive email internally or externally through an email gateway device?
A. File services
B. Mail services
C. Print Services
D. Client/Server services
问题 #69
Which one of the following is a technical solution for the quality of service, speed, and security problems facing the Internet?
A. Random Early Detection (RED) queuing
B. Multi-protocol label-switching (MPLS)
C. Public Key Cryptography Standard (PKCS)
D. Resource Reservation Protocol (RSVP)
问题 #70
How do you distinguish between a bridge and a router?
A. The router connects two networks at the data-link layer, while bridge connects two networks at the network layer
B. The bridge connects two networks at the data-link layer, while router connects two networks at the network layer
C. It is not possible to distinguish them. They have the same funcationality.
问题 #71
Why should you avoid having two routers connect your trusted internal LAN to your demilitarized zone?
A. Network congestion might cause the routers to pass data from your private network through the demilitarized zone
B. This provides attackers with multiple paths to access your trusted network
C. There is a substantial increase in cost with only a nominal increase in security
D. You may overlook an attack on one of your routers because your data still teaches the outside world from your other router
问题 #72
In the days before CIDR (Classless Internet Domain Routing), networks were commonly organized by classes. Which of the following would have been true of a Class B network?
A. The first bit of the ip address would be set to zero
B. The first bit of the ip address would be set to one and the second bit set to zero
C. The first two bits of an ip address would be set to one, and the third bit set to zero
D. The first three bits of the ip address would be set to one
问题 #73
Which of the following is an ip address that is private (i.e. reserved for internal networks, and not a valid address to use on the internet)?
A. 172.5.42.5
B. 172.76.42.5
C. 172.90.42.5
D. 172.16.42.5
问题 #74
Which of the following is an ip address that is private (i.e. reserved for internal networks, and not a valid address to use on the internet)?
A. 10.0.42.5
B. 11.0.42.5
C. 12.0.42.5
D. 13.0.42.5
问题 #75
Which of the following is an ip address that is private (i.e. reserved for internal networks, and not a valid address to use on the internet)?
A. 172.12.42.5
B. 172.140.42.5
C. 172.31.42.5
D. 172.15.45.5
问题 #76
In the days before CIDR (Classless Internet Domain Routing), networks were commonly organized by classes. Which of the following would have been true of a Class C network?
A. The first bit of the ip address would be set to zero
B. The first bit of the ip address would be set to one and the second bit set to zero
C. The first two bits of the ip address would be set to one, and the third bit set to zero
D. The first three bits of the ip address would be set to one
问题 #77
Which of the following is an ip address that is private (i.e. reserved for internal networks, and not a valid address to use on the Internet)?
A. 192.168.42.5
B. 192.166.42.5
C. 192.175.42.5
D. 172.1.42.5
问题 #78
How long are IPv4 addresses:
A. 32 bits long
B. 64 bits long
C. 128 bits long
D. 16 bits long
问题 #79
ARP and RARP map between which of the following?
A. DNS addresses and IP addresses
B. 32-bit hardware addresses and 48-bit IPv6 addresses
C. 32-bit hardware addresses and 48-bit IPv4 addresses
D. 32-bit addresses in IPv4 and 48-bit hardware addresses
问题 #80
Which protocol matches an Ethernet address to an Internet Protocol (IP) address?
A. Address Resolution Protocol (ARP)
B. Reverse Address Resolution Protocol (RARP)
C. Internet Control Message Protocol (ICMP)
D. User Datagram Protocol (UDP)
问题 #81
In a typical firewall configuration, what is the central host in organization's network security?
A. Stateful
B. Screen
C. Gateway
D. Bastion
问题 #82
Which one of the following describes a bastion host?
A. A physically shielded computer located in a data center or vault.
B. A computer which maintains important data about the network.
C. A computer which plays a critical role in a firewall configuration.
D. A computer used to monitor the vulnerability of a network.
问题 #83
Which of the following statements pertaining to firewalls is incorrect?
A. Firewalls should not run NIS (Network Information Systems)
B. Firewalls should mount files systems via NFS
C. All system logs on the firewall should log to a separate host
D. Compilers should be deleted from the firewall
问题 #84
Which is the MAIN advantage of having an application gateway?
A. To perform change control procedures for applications.
B. To provide a means for applications to move into production.
C. To log and control incoming and outgoing traffic.
D. To audit and approve changes to applications.
问题 #85
Which process on a firewall makes permit/deny forwarding decisions based solely on address and service port information?
A. Circuit Proxy
B. Stateful Packet Inspection Proxy
C. Application Proxy
D. Transparency Proxy
问题 #86
A proxy based firewall has which one of the following advantages over a firewall employing stateful packet inspection?
A. It has a greater throughput.
B. It detects intrusion faster.
C. It has greater network isolation.
D. It automatically configures the rule set.
问题 #87
Firewalls filter incoming traffic according to
A. The packet composition.
B. A security policy.
C. Stateful packet rules.
D. A security process.
问题 #88
Application Level Firewalls create:
A. a real circuit between the workstation client and the server
B. a virtual circuit between the workstation client and the server
C. a imaginary circuit between the workstation guest and the server
D. a temporary circuit between the workstation host and the server
问题 #89
Which of the following is the biggest concern with firewall security?
A. Internal hackers
B. Complex configuration rules leading to misconfiguration
C. Buffer overflows
D. Distributed denial of service (DDOS) attacks
问题 #90
Which of the following is true of network security?
问题 #91
Which of the following statements pertaining to firewalls is incorrect?
A. Firewall create bottlenecks between the internal and external network
B. Firewalls allow for centralization of security services in machines optimized and dedicated to the task
C. Strong firewalls can protect a network at all layers of the OSI models
D. Firewalls are used to create security checkpoints at the boundaries of private networks
问题 #92
Which of the following is the least important security service provided by a firewall?
A. Packet filtering
B. Encrypted tunnels
C. Network Address Translation
D. Proxy services
问题 #93
Which of the following firewall rules is less likely to be found on a firewall installed between an organization's internal network and internet?
A. Permit all traffic to and from local host
B. Permit all inbound ssh traffic
C. Permit all inbound tcp connections
D. Permit all syslog traffic to log-server.abc.org
问题 #94
Which of the following packets should NOT be dropped at a firewall protecting an organization's internal network?
A. Inbound packets with Source Routing option set
B. Router information exchange protocols
C. Inbound packets with an internal source IP address
D. Outbound packets with an external destination IP address
问题 #95
By examining the "state" and "context" of the incoming data packets, it helps to track the protocols that are considered "connectionless", such as UDP-based applications and Remote Procedure Calls (RPC). This type of firewall system is used in:
A. first generation firewall systems
B. second generation firewall systems
C. third generation firewall systems
D. fourth generation firewall systems
问题 #96
Which of the following statements pertaining to packet filtering is incorrect?
A. It is based on ACLs
B. It is not application dependant
C. It operates at the network layer
D. It keeps track of the state of a connection
问题 #97
A screening router can perform packet filtering based upon what data?
A. Translated source destination addresses.
B. Inverse address resolution.
C. Source and destination port number.
D. Source and destination addresses and application dat
A.
问题 #98
Why are hardware security features preferred over software security features?
A. They lock in a particular implementation.
B. They have a lower meantime to failure.
C. Firmware has fever software bugs.
D. They permit higher performance.
问题 #99
Firewalls can be used to
A. Enforce security policy.
B. Protect data confidentiality.
C. Protect against protocol redirects.
D. Enforce Secure Network Interface addressing.
问题 #100
Which one of the following operations of a secure communication session cannot be protected?
A. Session initialization
B. Session support
C. Session termination
D. Session control
闽公网安备 35012102500533号
|
闽ICP备18010967号-7