2022软件水平考试-中级信息安全工程师考试题库套卷13（含答案解析）

《2022软件水平考试-中级信息安全工程师考试题库套卷13（含答案解析）》由会员分享，可在线阅读，更多相关《2022软件水平考试-中级信息安全工程师考试题库套卷13（含答案解析）（8页珍藏版）》请在装配图网上搜索。

1、2022软件水平考试-中级信息安全工程师考试题库（含答案解析）1. 问答题：随着DDoS（Distributed Denial of Service，分布式拒绝服务）攻击的技术门槛越来越低，使其成为网络安全中最常见、最难防御的攻击之一，其主要目的是让攻击目标无法提供正常服务。请列举常用的DDoS攻击防范方法。答案： 本题解析：1.购买运营商流量清洗服务2.采购防DDos设备3.修复系统漏洞，关闭不必要开放的端口4.购买云加速服务5.增加出口带宽，提升硬件性能6. CDN加速2. 问答题：该协议中，用于给S服务和客户端通信提供会话密钥的是（2），用于各客户端和应用服务器端提供会话密钥的是（3）。

2、答案： 本题解析：（2）AS服务器（3）TGS服务器AS服务器在验证用户的身份之后，生成随机密钥用于客户端与TGS之间的会话加密。TGS服务器在获得AS发过来的票据后，确认客户端与应用服务器之间的关系，生成随机密钥用于客户端与应用服务器之间的会话加密。3. 问答题：【问题5】列举常见的网站DDOS攻击流量（任意2种），并简述针对DDOS攻击的网络流量清洗基本原理？s;font-family:宋体;mso-bidi-font-family:Times New Roman; font-size:10.5000pt;mso-font-kerning:1.0000pt; 小于 1213可交换位置】答案

3、： 本题解析：任意两种：HTTP Get Flood, HTTP Post Flood, HTTP Slow Header/Post, HTTPS Flood1.流量检测2.流量牵引与清洗3.流量回注常见的网站攻击流量包括HTTP Get Flood, HTTP Post Flood, HTTP Slow Header/Post, HTTPS Flood攻击等。1.流量检测 利用分布式多核硬件技术，基于深度数据包检测技术(DPI)监测、分析网络流量数据,快速识别隐藏在背景流量中的攻击包，以实现精准的流量识别和清洗。2.流量牵引与清洗 当监测到网络攻击流量时，如大规模DDoS攻击，流量牵引技术将

4、目标系统的流量动态转发到流量清洗中心来进行清洗。 流量清洗即拒绝对指向目标系统的恶意流量进行路由转发，从而使得恶意流量无法影响到目标系统。3.流量回注流量回注是指将清洗后的干净流量回送给目标系统，用户正常的网络流量不受清洗影响。4. 填空题：The modern study of symmetric-key ciphers relates mainly to the study of block ciphers and stream ciphers and to their applications.A block cipher is,in a sense,a modern embodimen

5、t of Albertis polyalphabetic cipher:block ciphers take as input a block of（）and a key,and output a block of ciphertext of the same size.Since messages are almost always longer than a single block,some method of knitting together successive blocks is required.Several have been developed,some with bet

6、ter security in one aspect or another than others.They are the mode of operations and must be carefully considered when using a block cipher in a cryptosystem. The Data Encryption Standard(DES)and the Advanced Encryption Standard(AES)are（）designs which have been designated cryptography standards by

7、the US government(though DESs designation was finally withdrawn after the AES was adopted).Despite its deprecation as an official standard,DES(especially its still-approved and much more secure triple-DES variant)remains quite popular;it is used across a wide range of applications,from ATM encryptio

8、n to e-mail privacy and secure remote access.Many other block ciphers have been designed and released,with considerable variation in quality.Many have been thoroughly broken.See Category:Block ciphers. Stream ciphers,in contrast to theblocktype,create an arbitrarily long stream of key material,which

9、 is combined（）the plaintext bit-by-bit or character-by-character,somewhat like the one-time pad.In a stream cipher,the output（）is created based on an internal state which changes as the cipher operates.That state change is controlled by the key,and,in some stream ciphers,by the plaintext stream as w

10、ell.RC4 is an example of a well-known,and widely used,stream cipher;see Category:Stream ciphers. Cryptographic hash functions(often called message digest functions)do not necessarily use keys,but are a related and important class of cryptographic algorithms.They take input data(often an entire messa

11、ge),and output a short fixed length hash,and do so as a one-way function.For good ones,（）(two plaintexts which produce the same hash)are extremely difficult to find. Message authentication codes(MACs)are much like cryptographic hash functions,except that a secret key is used to authenticate the hash

12、 value on receipt.These block an attack against plain hash functions.问题1选项A.plaintextB.ciphertextC.dataD.hash问题2选项A.stream cipherB.hash functionC.Message authentication codeD.Block cipher问题3选项A.ofB.forC.withD.in问题4选项A.hashB.streamC.ciphertextD.plaintext问题5选项A.collisionsB.imageC.preimageD.solution答案：

13、ADCBA 本题解析：暂无解析5. 问答题：问题4】网络威胁会导致非授权访问、信息泄露、数据被破坏等网络安全事件发生，其常见的网络威胁包括拒绝服务、病毒、木马、 (18) 等， 常见的网络安全防范措施包括访问控制、身份认证、数字签名、 (19) 、 包过滤和检测等。(18)备选: A.数据完整性破坏 B.物理链路破坏 C.存储介质破坏 D.电磁干扰(19)备选: A.数据备份 B.电磁防护 C.违规外联控制 D.数据加密答案： 本题解析：（18）A （19）D=mso-spacerun:yes;font-family:宋体;mso-bidi-font-family:Times New Roma

14、n; font-size:10.5000pt;mso-font-kerning:1.0000pt; 小于18空根据题干的并列项都是针对数据的相关攻击，而BCD都是物理层的安全威胁。19空类似。6. 问答题：安全目标的关键是实现安全的三大要素:机密性、完整性和可用性。对于一般性的信息类型的安全分类有以下表达形式: (机密性，影响等级)， (完整性，影响等级)， (可用性，影响等级) 在上述表达式中，影响等级的值可以取为低 (L)、中(M)、高(H) 三级以及不适用 (NA)。【问题1】。 (6分)请简要说明机密性、完整性和可用性的含义。【问题2】(2 分） 对于影响等级不适用通常只针对哪个安全要

15、素? 【问题 3 】(3分)如果一个普通人在它的个人 Web 服务器上管理其公开信息。请问这种公开信息的安全分类是什么?答案： 本题解析：问题一解析：（1）机密性：维护对信息访问和公开经授权的限制，包括保护个人隐私和私有的信息，机密性的缺失是指信息的非经授权的公开。（2）完整性：防止信息不适当的修改和毁坏，包括保证信患的不可抵赖性和真实性。完整性的缺失是指信息未经授权的修改和毁坏。（3）可用性：保证信息及时且可靠的访问和使用。可用性的缺失是指信息或信息系统的访问或使用被中断。问题二解析：对于公开信息类型，机密性的缺失并没有什么潜在的影响，因为公开的信息没有保密的需求，所以机密性在公开信息类型中

16、并不适用。问题三解析：一个普通人在它的个人 Web 服务器上管理其公开信息。首先机密性在公开信息类型中并不适用，比如海滨老师在个人微博上发表了一篇博文，显然这是公开信息，机密性的缺失不受影响；其次，对于完整性的缺失是一个 Moderate 的影响；再次，对可用性的缺失也是一个 Moderate 的影响。这种类型的公开信息的安全分类表述如下: (机密性， NA) , (完整性， M) , (可用性， M) 7. 问答题：高级持续威胁(简称APT)常常利用电子邮件，开展有针对性的目标攻击，威胁者A发送带有恶意Word附件的电子邮件到公司邮件服务器，等待邮件接收者执行电子邮件附件，触发恶意程序运行，

17、从而渗透到甲公司内部网络，请给出威胁者A的攻击流量经过的网络设备。针对APT，可以部署什么安全设备来自动检测?该设备的主要技术方法是什么？答案： 本题解析：从互联网-小于路由器-小于防火墙2-小于交换机-小于邮件服务器-小于交换机-小于防火墙1-小于客户机（王五） 部署APT检测系统，检测电子文档和电子邮件是否存在恶意代码，以防止攻击者通过电子邮件和电子文档渗透入侵网络。高级持续威胁(简称APT)通常利用电子邮件作为攻击目标系统。攻击者将恶意代码嵌入电子邮件中，然后把它发送到目标人群，诱使收件人打开恶意电子文档或单击某个指向恶意站点的链接。一旦收件人就范，恶意代码将会安装在其计算机中，从而远程

18、控制收件人的计算机，进而逐步渗透到收件人所在网络，实现其攻击意图。8. 问答题：用户的身份认证是许多应用系统的第一道防线，身份识别对确保系统和数据的安全保密极及其重要。以下过程给出了实现用户B对用户A身份的认证过程。1.A-B：A2.B-A：B,Nbpk(A)3.A-B：h(Nb)此处A和B是认证的实体，Nb是一个随机值，pk(A)表示实体A的公钥，B,Nbpk(A)表示用A的公钥对消息B娜进行加密处理，h(Nb)表示用哈希算法h对Nb计算哈希值。【问题1】（5分）认证与加密有哪些区别？【问题2】（6分）（1）包含在消息2中的“Nb”起什么作用？（2）“Nb“的选择应满足什么条件？【问题3】（

19、3分） 为什么消息3中的Nb要计算哈希值？ 【问题4】（4分） 上述协议存在什么安全缺陷？请给出相应的的解决思路。 答案： 本题解析：【问题一】认证和加密的区别在于：加密用以确保数据的保密性，阻止对手的被动攻击，如截取，窃听等；而认证用以确保报文发送者和接收者的真实性以及报文的完整性，阻止对手的主动攻击，如冒充、篡改、重播等。 【问题二】（1） Nb是一个随机值，只有发送方B和A知道，起到抗重放攻击作用。（2） 应具备随机性，不易被猜测。 【问题三】哈希算法具有单向性，经过哈希值运算之后的随机数，即使被攻击者截获也无法对该随机数进行还原，获取该随机数Nb的产生信息。 【问题四】存在重放攻击和中

20、间人攻击的安全缺陷；针对重放攻击的解决思路是加入时间戳、验证码等信息；针对中间人攻击的解决思路是加入身份的双向验证。9. 问答题：（2）网站安全策略要求网站的默认服务端口改成8081，远程计算机的IP地址为192.168.0.2，若要其可以访问网站服务器/www/admin资源。如何配置Apache相关文件以符合安全策略要求。答案： 本题解析：1.在httpd.conf文件中修改为：listen 80812.在access.conf中加入目录控制段。1.httpd.conf文件中修改http服务器的端口为8081.配置的基本语法是：语法：Listen IP-address:portnumber

21、 protocol默认的配置：Listen 80 修改为：Listen 80812.为了保证web服务器/www/admin目录的访问权限，需要在access.conf中加一个类似下面的目录控制段。注意不要将document root的位置设置为这个目录。这样，对于/www/admin只允许192.168.0.2可以访问，其他地址的访问都被拒绝。10. 填空题：Trust is typically interpreted as a subjective belief in the reliability，honesty and security of an entity on which we

22、 depend（）our welfare.In online environments we depend on a wide spectrun of things,ranging from computer hardware,software and data to people and organizations.A security solution always assumes certain entities function according to specific policies.To trust is precisely to make this sort of assum

23、ptions,hence,a trusted entity is the same as an entity that is assumed to function according to policy.A consequence of this is that a trust component of a system must work correctly in order?for the security of that system to hold,meaning that when a trusted（）fails,then the sytems and applications

24、that depend on it can（）be considered secure.An often cited articulation of this principle is:a trusted system or component is one that can break your security policy”(which happens when the trust system fails).The same applies to a trusted party such as a service provider(SP for short)that is,it mus

25、t operate according to the agreed or assumed policy in order to ensure the expected level of securty and quality of services.A paradoxical?conclusion to be drawn from this analysis is that security assurance may decrease when increasing the number of trusted components and parties that a service inf

26、rastructure depends on.This is because the security of an infrastructure consisting of many Trusted components typically follows the principle of the weakest link,that is,in many situations the the overall security can only be as strong as the least?reliable or least secure of all the trusted compon

27、ents.We cannot avoid using trusted security components,but the fewer the better.This is important to understand when designing the identity management architectures,that is,fewer the trusted parties in an identity management?model,stronger the security that can be achieved by it. The transfer of the

28、 social constructs of identity and trust into digital and computational concepts helps in designing and implementing large scale online markets and communities,and also plays an important role in the converging mobile and Internet environments.Identity management(denoted Idm hereafter)is about recog

29、nizing and verifying the correctness of identitied in online environment.Trust management becomes a component of（）whenever different parties rely on each other for identity provision and authentication.IdM and Trust management therefore depend on each other in complex ways because the correctness of

30、 the identity itself must be trusted for the quality and reliability of the corresponding entity to be trusted.IdM is also an essential concept when defining authorisation policies in personalised services. Establishing trust always has a cost,so that having complex trust requirement typically leads

31、 to high overhead in establishing the required trust.To reduce costs there will be?incentives for stakeholders to“cut corners”regarding trust requirements,which could lead to inadequate security.The challenge is to design IdM systems with relatively simple trust requirements.Cryptographic mechanisms

32、 are often a core component of IdM solutions,for example,for entity and data authentication.With cryptography,it is often possible to propagate trust from where it initially exists to where it is needed.The establishment of initial（）usually takes place in the physical world,and the subsequent propagation of trust happens online,often in an automated manner.问题1选项A.withB.onC.ofD.for问题2选项A.entityB.personC.componentD.thing问题3选项A.No longerB.neverC.alwaysD.often问题4选项A.SPB.IdMC.InternetD.entity问题5选项A.trustB.costC.IdMD.solution答案：DCABA 本题解析：暂无解析