2026年网络安全专业英语词汇及考点

2026年网络安全专业英语词汇及考点一、单选题（共10题，每题2分）1.题干：Whatdoestheterm"ZeroTrustArchitecture"primarilyemphasizeincybersecurity?选项：A."Trustbutverify"approachB.NetworksegmentationwithoutstrictcontrolsC.LeastprivilegeaccesscontrolD.Mandatoryaccesspoliciesonlyforinternalusers答案：C2.题干：Whichofthefollowingtoolsiscommonlyusedforpenetrationtestingtoidentifyvulnerabilitiesinwebapplications?选项：A.NessusB.MetasploitC.WiresharkD.Nmap答案：B3.题干：InISO/IEC27001terminology,whatdoes"BIA"standfor?选项：A.BusinessImpactAnalysisB.BusinessIntegrityAssuranceC.BusinessInformationAuditD.BusinessInfrastructureAssessment答案：A4.题干：Whatistheprimarypurposeofan"IncidentResponsePlan"?选项：A.TopreventdatabreachesB.TominimizedamageduringasecurityincidentC.TooptimizenetworkperformanceD.Totrainemployeesonsecuritypolicies答案：B5.题干：WhichcybersecurityframeworkisdevelopedbytheNationalInstituteofStandardsandTechnology(NIST)?选项：A.ISO27001B.COBIT5C.CISControlsD.NISTSP800-53答案：D6.题干：Whatdoes"APT"standforinthecontextofadvancedpersistentthreats?选项：A.AdvancedPersistentTaskB.AdvancedPersistentThreatC.AttackPersistentTechniqueD.Anti-PhishingTool答案：B7.题干：Whichprotocoliscommonlyusedforsecureremoteaccesstocorporatenetworks?选项：A.FTPB.TelnetC.SSHD.SMB答案：C8.题干：Whatisthetermforthepracticeofusingmultipleauthenticationfactorstoverifyauser'sidentity?选项：A.Multi-factorauthentication(MFA)B.Singlesign-on(SSO)C.Two-factorauthentication(2FA)D.Passwordlessauthentication答案：A9.题干：WhichcybersecuritylawintheEuropeanUnionimposesstrictpenaltiesfordatabreaches?选项：A.GDPRB.CCPAC.HIPAAD.FISMA答案：A10.题干：Whatdoes"Phishing"refertoincybersecurity?选项：A.UnauthorizedaccesstoanetworkB.Spear-phishingattacksC.DenialofService(DoS)attacksD.Malwaredistribution答案：B二、多选题（共5题，每题3分）1.题干：Whichofthefollowingarecommoncomponentsofa"SecurityInformationandEventManagement"(SIEM)system?选项：A.LogaggregationB.ThreatintelligenceintegrationC.Real-timemonitoringD.FirewallconfigurationE.Incidentresponseautomation答案：A,B,C,E2.题干：Whatarethekeyprinciplesofthe"CIATriad"incybersecurity?选项：A.ConfidentialityB.IntegrityC.AvailabilityD.AuthenticityE.Accessibility答案：A,B,C3.题干：Whichofthefollowingaretypesof"socialengineering"attacks?选项：A.PhishingB.VishingC.BaitingD.TailgatingE.Bruteforceattacks答案：A,B,C,D4.题干：Whatarethemainobjectivesofa"RiskAssessment"?选项：A.IdentifypotentialthreatsB.EvaluatevulnerabilitiesC.DeterminethelikelihoodofanattackD.CalculatetheimpactofabreachE.Recommendmitigationstrategies答案：A,B,C,D,E5.题干：Whichofthefollowingarecommonsecuritycontrolsunderthe"CISControls"?选项：A.InventoryandmanagementoforganizationalassetsB.MalwareprotectionC.DatalosspreventionD.EndpointdetectionandresponseE.Applicationwhitelisting答案：A,B,C,D,E三、填空题（共10题，每题2分）1.题干：Theprocessofdetecting,respondingto,andrecoveringfromsecurityincidentsisknownas_______management.答案：Incident2.题干：Asecurityframeworkthatprovidesguidelinesforprotectingcriticalinformationsystemsisthe_______CybersecurityFramework.答案：NIST3.题干：Thepracticeofchangingpasswordsfrequentlytoenhancesecurityiscalled_______.答案：Passwordrotation4.题干：Anattackthattargetsaspecificorganizationorindividualusingtailoredtacticsisknownas_______.答案：Spear-phishing5.题干：Theprincipleofgrantingusersonlytheminimumpermissionsnecessarytoperformtheirtasksiscalled_______.答案：Leastprivilege6.题干：Atypeofmalwarethatencryptsavictim'sfilesanddemandsaransomfortheirreturniscalleda(n)_______.答案：Ransomware7.题干：Theprocessofanalyzingdatatoidentifypotentialsecuritythreatsisknownas_______.答案：Threathunting8.题干：Asecurityprotocolthatencryptsdataduringtransmissionoveranetworkisthe_______protocol.答案：TLS9.题干：Thelegalrequirementthatorganizationsmustreportdatabreachestoauthoritiesandaffectedindividualsisknownasthe_______regulation.答案：GDPR10.题干：Asecuritymeasurethatrestrictsaccesstoanetworkbasedontheuser'sidentityanddeviceiscalled_______.答案：ZeroTrust四、简答题（共5题，每题5分）1.题干：Explainthedifferencebetween"Phishing"and"Spear-phishing"incybersecurity.答案：-Phishingisabroad,indiscriminateattackwhereattackerssendfraudulentemailsormessagestoalargenumberofpeople,hopingtotrickthemintorevealingsensitiveinformation.-Spear-phishingisatargetedformofphishingwhereattackersresearchandcustomizetheirattacktotargetspecificindividualsororganizations,makingitmorelikelytosucceed.2.题干：Whatarethethreekeycomponentsofthe"CIATriad"incybersecurity,andexplaintheirsignificance.答案：-Confidentiality:Ensuresthatsensitiveinformationisaccessibleonlytoauthorizedindividuals.-Integrity:Guaranteesthatdataisaccurateandunalteredduringstorageortransmission.-Availability:Ensuresthatsystemsanddataareaccessiblewhenneeded.Thesecomponentsformthefoundationofsecuritypoliciesandcontrols.3.题干：Describetheroleofan"IncidentResponseTeam"inmanagingcybersecurityincidents.答案：TheIncidentResponseTeamisresponsiblefor:-Detectingandassessingsecurityincidents.-Containingthethreattopreventfurtherdamage.-Eradicatingthethreatandrestoringsystemstonormaloperation.-Conductingpost-incidentanalysistoimprovefutureresponses.4.题干：Whatisthepurposeofthe"ISO27001"standardincybersecurity,andhowdoesitdifferfromthe"NISTCybersecurityFramework"?答案：-PurposeofISO27001:Itisaninternationalstandardthatprovidesaframeworkforestablishing,implementing,maintaining,andcontinuouslyimprovinganinformationsecuritymanagementsystem(ISMS).-DifferencefromNIST:ISO27001ismoreprescriptive,requiringorganizationstodocumentandadheretospecificsecuritycontrols,whileNISTismoreflexible,offeringguidelinesandbestpractices.5.题干：Explaintheconceptof"ZeroTrustArchitecture"anditsbenefitsinmoderncybersecurity.答案：-Concept:ZeroTrustArchitectureassumesthatnouserordeviceinsideoroutsidethenetworkshouldbetrustedbydefault;instead,everyaccessrequestmustbeverified.-Benefits:Reducestheriskoflateralmovementbyattackers,enhancesdataprotection,andimprovescompliancewithsecuritypolicies.五、论述题（共2题，每题10分）1.题干：Discusstheimportanceof"EmployeeTraining"incybersecurityandhoworganizationscanimprovetheirtrainingprograms.答案：-Importance:Employeesareoftenthefirstlineofdefenseagainstcyberthreats.Traininghelpsthemrecognizephishingattempts,managepasswordssecurely,andfollowsecurit