CISSP认证常错题(源自铭学在线测试平台:https://www.maxstu.com/page/1773704)
【答案解析在题目之后】
题目1
Q:Andrea希望确保虚拟化环境之间的虚拟化网络安全。她在她所在州的多个位置使用虚拟机集群,并且在这些位置之间使用第三方互联网服务提供商。如果她在这些位置之间运行扁平化2层网络,以下哪项解决方案最适合保护她的流量?
Andrea wants to ensure that her virtualized networks are secure between virtual environments. She uses virtual machine clusters in multiple locations in her state with third-party internet service providers between those locations. Which of the following solutions is best suited to protecting her traffic if she runs a flattened layer 2 network between those locations?
A、TLS?
B、BGP?
C、IPsec
D、AES
题目2
Q:Henry的公司已经部署了广泛的物联网基础设施,用于楼宇监控,其中包括环境控制、占用传感器以及有助于管理楼宇的各种其他传感器和控制器。Henry在分析物联网部署时,应报告以下哪项安全问题最为关键?
Henry's company has deployed an extensive IoT infrastructure for building monitoring that includes environmental controls, occupancy sensors, and a variety of other sensors and controllers that help manage the building. Which of the following security concerns should Henry report as the most critical in his analysis of the IoT deployment?
A、IoT设备常见的安全日志本地存储空间不足
The lack of local storage space for security logs that is common to IoT devices.
B、IoT设备可能没有单独的管理界面,允许同一网络上的任何人尝试登录,这使得暴力攻击成为可能
The IoT devices may not have a separate administrative interface, allowing anybody on the same network to attempt to log into them and making brute-force attacks possible.
C、IoT设备可能不支持强加密通信,将日志和传感器数据暴露在网络上被拦截
The IoT devices may not support strong encryption for communications, exposing the log and sensor data to interception on the network.
D、IoT设备的长期支持和修补模型可能会给组织带来安全和运营风险
The long-term support and patching model for the IoT devices may create security and operational risk for the organization.
题目3
Q:Jill正在为她的组织采购新的网络硬件。她找到了一家从国外以更低价格进口硬件的灰色市场供应商。以这种方式获得的硬件最重要的安全问题是什么?
Jill is working to procure new network hardware for her organization. She finds a gray market supplier that is importing the hardware from outside the country at a much lower price. What security concern is the most significant for hardware acquired this way?
A、硬件和固件的安全性
The security of the hardware and firmware
B、硬件和软件支持的可用性
Availability of support for the hardware and software
C、硬件是否为实际供应商的合法产品
Whether the hardware is a legitimate product of the actual vendor
D、硬件的年龄
The age of the hardware
---------------
另有更多免费网安认证测试题和微信学习讨论群,可添加铭学在线小助手vx:maxstu_com,获取和加入。
---------------
题目1
答案:C
解析:IPsec VPN将允许Andrea在必要时保持她的网络作为2层扁平化网络运行,同时为她希望的流量提供安全性。TLS在更高的网络层运行,尽管流量可以通过隧道传递。BGP是一种路由协议,AES是加密算法。
An IPsec VPN will allow Andrea to keep her networks running as layer 2 flattened networks when necessary while providing the security for her traffic that she wants. TLS operates at a higher network layer, although traffic could be tunneled through it. BGP is a routing protocol, and AES is an encryption algorithm.
题目2
答案:D
解析:Henry最关心的应该是物联网设备的长期安全性和可支持性。随着这些设备越来越多地嵌入到建筑物和基础设施中,了解支持模型和安全模型很重要。可以通过将IoT设备放置在阻止其他用户直接访问设备的专用子网或网络上,来解决缺乏单独的管理访问权限和缺乏强加密的问题。 这将有助于限制风险,而不会产生不必要的费用或复杂性,并且是一种常见做法。 最后,缺乏存储空间可能是一个问题,但在考虑物联网设备可能产生的风险时,这并不是最重要的。
Henry's biggest concern should be the long-term security and supportability of the IoT devices. As these devices are increasingly embedded in buildings and infrastructure, the support model and security model are important to understand. Both the lack of separate administrative access and the lack of strong encryption can be addressed by placing the IoT devices on a dedicated subnet or network that prevents other users from accessing the devices directly. This will help limit the risk without undue expense or complexity and is a common practice. Finally, lack of storage space can be a concern, but is not the most important when looking at the risks IoT devices can create.
题目3
答案:A
解析:这些答案中的每一个都可能是一个问题,但最重要的安全问题是硬件和固件是否可以信任或可能已被修改。原始设备制造商(OEM)有商业原因来确保其产品的安全性,但供应链中的第三方可能不会感受到同样的压力。支持的可用性和硬件是否合法也是问题,但不是直接的安全问题。最后,硬件可能比预期的要旧,或者可能是使用过的、翻新过的或者不是新的。
Each of these answers may be a concern, but the overriding security concern is if the hardware and firmware can be trusted or may have been modified. Original equipment manufacturers (OEMs) have business reasons to ensure the security of their product, but third parties in the supply chain may not feel the same pressure. Both availability of support and whether the hardware is legitimate are also concerns, but less immediate security concerns. Finally, hardware may be older than expected, or may be used, refurbished, or other- wise not new.
