CISP模拟题6及答案（国外英文资料）.doc

CISP模拟题6及答案（国外英文资料） CISP simulation questions Which of the following descriptions of security risks is accurate? C A and security risks refer to the possibility of A specific vulnerability using one or group of threats to cause loss or damage to an organization. B, security risk refers to the fact that a specific threat USES one or a set of vulnerabilities to cause an organizations loss of assets. C, security risk refers to the possibility of a specific threat using one or a set of vulnerabilities to cause loss or damage to an organization D, security risk is a situation where the vulnerability of an asset is threatened. What is not a vulnerability category? a. A, hacker attacks B, operating system vulnerabilities C, the application of bugs D, the bad behavior of people 3, according to the information system security guarantee model, the following is not a security guarantee? a. A, confidentiality B, management, C, process, D, personnel, The system audit log does not include which of the following? D A, the timestamp B, user id, C, object identification D, the processing results The first step in the TCP 3 handshake agreement is to send A: A A, the SYN packet B, SCK package C, UDP packet D, NULL packet The following metrics can be used to determine which control measures are taken in the application system, except for B The importance of data in A system B, the feasibility of using network monitoring software C, if a specific action or process is not controlled effectively, the risk level is generated D, the efficiency, complexity and cost of each control technology If a user has skilled technical skills and has a thorough knowledge of the program, he can deftly avoid the safety procedure and the production procedure Make changes. To prevent this possibility, increase: B A, the review of the work processing report B, the production program is compared between copies controlled separately C, periodic test data run D, proper separation of responsibilities Application