安全管理与应用开发安全（有答案）

法律法规

QUESTION1

Inthepublicsector,asopposedtotheprivatesector,duecareisusuallydeterminedby

A.Minimumstandardrequirements.

B.Legislativerequirements.

C.Insurancerates.

D.Potentialforlitigation.

相对于私人部门，在公共部门中，应有的注意通常由什么决定？

A.最低标准要求

B.法律要求

C.保险费率

D.潜在的诉讼

Answer:D

Explanation:

QUESTION2

Whatistheminimumandcustomarypracticeofresponsibleprotectionofassetsthataffectsa

communityorsocietalnorm?

A.Duediligence

B.Riskmitigation

C.Assetprotection

D.Duecare

保护会对社区或是社会规范产生影响的资产的最低的且常规的实践的责任称为什么？

A.应有的勤奋

B.风险缓解

C.财产保护

D.应有的注意

Answer:D

Explanation:"Duecareandduediligencearetermsthatareusedthroughoutthisbook.Due

diligenceistheactofinvestigatingandunderstandingtherisksthecompanyfaces.Acompany

practicesduecarebydevelopingsecuritypolicies,procedures,andstandards.Duecareshows

thatacompanyhastakenresponsibilityfortheactivitiesthattakeplacewithinthecorporationand

hastakenthenecessarystepstohelpprotectthecompany,itsresources,andemployeesfrom

possiblerisks.Soduediligenceisunderstandingthecurrentthreatsandrisksandduecareis

implementingcountermeasurestoprovideprotectionfromtnosethreats.Ifacompanydoesnot

practiceduecareandduediligencepertainingtothesecurityofitsassets,itcanbelegallycharged

withnegligenceandheldaccountableforanyramificationsofthatnegligence.Pg.85ShonHarris:

All-in-OneCISSPCertification

“Thefollowinglistdescribessomeoftheactionsrequiredtoshowthatduecareisbeingproperly

practicedinacorporation:

Pg.616ShonHarris:All-in-OneCISSPCertification

QUESTION3

Underthestandardofduecare,failuretoachievetheminimumstandardswouldbeconsidered

A.Negligent

B.Unethical

C.Abusive

D.Illegal

在应有的注意的标准下，未能达到它的最低标准会被认为：

A.玩忽职守

B.不道德的

C.被滥用的

D.非法的

Answe匚A

Explanation:DueCare:carewnichanordinaryprudentpersonwouldhaveexercisedunderthe

sameorsimilarcircumstances."DueCare"and"ReasonabeCare"areusedinterchangeably.-

RonaldKrutzTheCISSPPREPGuide(goldedition)pg896

QUESTION4

Undertheprincipleofculpablenegligence,executivescanbeheldliableforlossesthatresultfrom

computersystembreachesif:

A.thecompanyisnotamulti-nationalcompany

B.theyhavenotexercisedduecareprotectingcomputingresources

C.theyhavefailedtoproperlyinsurecomputerresourcesagainstloss

D.thecompanydoesnotprosecutethehackerthatcausedthebreach

在玩忽问责的原则下，在以下哪种情况中，执行层会因计算机系统被攻击而造成的损失而负有法律责

任？

A.该公司不是一个多国公司

B.他们没有践行应有的注意来,呆护计算资源

C.他们未能针对损失而为计算机资源进行适当的投保

D.公司未对引起破坏的黑客提起诉讼

Answer:B

Explanation:

QUESTION5

Thecriteriaforevaluatingthelegalrequirementsforimplementingsafeguardsistoevaluatethe

cost(C)ofinstitutingtheprotectionversustheestimatedloss(L)resultingfromtheexploitationof

thecorrespondingvulnerability.Therefore,alegalliabilityexistswhen?

A.C<L

B.C<L-(residualrisk)

C.C>L

D.C>L-(residualrisk)

评估实施保护措施的法律要求的标准是评估实施保护的成本(C)和评估相应脆弱性被利用所造成的损

失(L)。因此，当满足以下什么条件时，则保护的法律义务存在？

A.C<L

B.CvL-(剩余风险)

C.C>L

D.C>L-(剩余风险)

Answer:A

Explanation:

QUESTION6

Thetypicalcomputerfelonsareusuallypersonswithwhichofthefollowingcharacteristics?

A.Theyhavehadpreviouscontactwithlawenforcement

B.Theyconspirewithothers

C.Theyholdapositionoftrust

D.Theydeviatefromtheacceptednormsofsecurity

典型的计算机罪犯具备以下哪种特征？

A.他们之前与执法部门有过接触

B.他们会与其他人共谋

C.他们处于被信任的角色

D.他们偏离了公认的安全规范

Answer:D

Explanation:

QUESTION7

Whichofthefollowingisresponsibleforthemostsecurityissues?

A.Outsideespionage

B.Hackers

C.Personnel

D.EquipmentFailure

以下哪项角色对大多数的安全问题负有责任？

A.外部间谍

B.黑客

C.员工

D.设备故障

Answer:C

Explanation:

QUESTION8

Whichofthefollowingcategoriesofhackersposesthegreatestthreat?

A.Disgruntledemployees

B.Studenthackers

C.Criminalhackers

D.Corporatespies

以下哪类黑客的威胁程度最大？

A.怀有恶意的雇员

B.学生黑客

C.罪犯黑客

D.公司间谍

Answer:A

Explanation:

QUESTION9

Whichofthefollowingtoolsislesslikelytobeusedbyahacker?

A.lOphtcrack

B.Tripwire

C.Crack

D.Johntheripper

黑客不大会使用以下哪种工具？

A.lOphtcrack

B.Tripwire

C.Crack

D.Johntheripper

Answer:B

Explanation:“Othersecuritypackages,suchasthepopularTripwiredataintegrityassurance

packages,alsoprovideasecondaryantivirusfunctionality.Tripwireisdesignedtoalert

administratorsofunauthorizedfilemodifications.Ifsoftenusedtodetectwebserverdefacements

andsimilarattacks,butitalsomayprovidesomewarningofvirusinfectionsifcriticalsystem

executablefiles,suchasCOMMAND.COM,aremodifiedunexpectedly.Thesesystemsworkby

maintainingadatabaseofhashvaluesforallfilesstoredonthesystem.Thesearchivehashvalues

arethencomparedtocurrentcomputedvaluestodetectanyfilesthatweremodifiedbetweenthe

twoperiods.,,Pg.224Tittel:CISSPStudyGuide

QUESTION10

Supportingevidenceusedtohelpproveanideaofpointisdescribedas?Itcannotstandonitsown,

butisusedasasupplementarytooltohelpproveaprimarypieceofevidence:

A.Circumstantialevidence

B.Corroborativeevidence

C.Opinionevidence

D.Secondaryevidence

支持性证据作为用来耗助证明所描述的一个观点。它木身并不成立，但它可以作为一种支持

性的工具来帮助证明一条主要证据。

A.间接证据

B.确定性证据

C.观点证据

D.辅助证据

Answer:B

Explanation:

QUESTION11

Whichofthefollowingwouldbestdescribesecondaryevidence?

A.Oraltestimonybyanon-expertwitness

B.Oraltestimonybyanexpertwitness

C.Acopyofapieceofevidence

D.Evidencethatprovesaspecificact

以下哪项对辅助性证据的描述最恰当？

A.非专家证人的口头证词

B.专家证人的口头证词

C.证据的拷贝

D,能证明某个特定行为的证据

Answer:C

Explanation:

QUESTION12

Whichofthefollowingexceptionsislesslikelytomakehea-sayevidenceadmissibleincourt?

A.Recordsarecollectedduringtheregularconductofbusiness

B.Recordsarecollectedbyseniororexecutivemanagement

C.Recordsarecollectedatornearthetimeofoccurrenceoftheactbeinginvestigated

D.Recordsareinthecustodyofthewitnessonaregularbasis

以下哪种例外不大会使传闻证据在法庭上被接受？

A.常规业务过程中收集的记录

B.由高级或执行管理层收集的汜录

C.在所调杳的行为发生时或发生临近时收集的记录

D.由证人定期保管所产生的记录

Answer:B

Explanation:

QUESTION13

Whichofthefollowingrulesislesslikelytoallowcomputerevidencetobeadmissibleincourt?

A.Itmustproveafactthatisrraterialtothecase

B.Itsreliabilitymustbeproven

C.Theprocessforproducingitmustbedocumented

D.Thechainofcustodyofevidencemustshowwhocollected,security,controlled,handled,

transported,andtamperedwiththeevidence

以卜哪条规则不大会使计算机证据在法庭上被接受？

A.必须有事实证明材料与案件相关

B.它的可靠性需要被证明

C.它产生的过程必须要文档化

D.证据的保管链要展示谁对证据进行收集，保护，控制，处理，运输和纂改。

Answer:C

Explanation:

QUESTION14

Acopyofevidenceororaldescriptionofitscontents;notreliableasbestevidenceiswhattypeof

evidence?

A.Directevidence

B.Circumstantialevidence

C.Hearsayevidence

D.Secondaryevidence

证据的拷贝或是对证据内容的口头描述，它们并没有最佳证据那么可靠，它们会被认为是什么类型的

证据？

A.直接证据

B.观点证据

C.传闻证据

D.辅助性证据

AnswersD

Explanation:

QUESTION15

Inordertobeabletosuccessfullyprosecuteanintruder:

A.Apointofcontactshouldbedesignatedtoberesponsibleforcommunicatingwithlaw

enforcementandotherexternalagencies.

B.Aproperchainofcustodyofevidencehastobepreserved

C.Collectionofevidencehastobedonefollowingpredefinedprocedures

D.Wheneverpossible,analyze,areplicaofthecompromisedresource,nottheoriginal,thereby

avoidinginadvertentlytamperingwithevidence

为了能对入侵者成功地提起诉讼：

A.设计一个负责与执法部门利其他外部机构进行沟通的接触点

B.维持一个恰当的证据保管链

C.按照预定义的步骤收集证据

D.任何可能的时候，对被破坏资源的副本进行分析，而不是原件，因此可以避免无意中对证据的纂

改

Answer:B

Explanation:

QUESTION16

WhichofthefollowingisLEASTnecessarywhencreatingevidencetagsdetailingthechainof

custodyforelectronicevidence?

A.Themodeandmeansoftransportation.

B.Notifyingthepersonwhoownstheinformationbeingseized.

C.Completedescriptionoftheevidence,includingqualityifnecessary.

D.Whoreceivedtheevidence.

当创建用于详细标明电子证据证据保管链的证据标签时，以下哪项是最不必需的？

A.运输的模式和方式

B.告知证据所有者被杳封的信息

C.完善对证据的描述，如果必要可以包括对证据质量的描述

D.谁接收了证据

AnswersB

Explanation:Thereferencesindicatethattransportationisimportant.

Eachpieceofevidenceshouldbemarkedinsomewaywiththedate,time,initialsofthecollector,

andacasenumberifonehasbeenassigned...Thepiecesofevidenceshouldthenbesealedina

containerandthecontainershouldbemarkedwiththesameinformation.Thecontainershouldbe

sealedwithevidencetapeandifpossible,thewritingshouldbeonthetapesoabrokensealcanbe

detected.-ShortHarrisAll-in-oneCISSPCertificationGuidepg673

Inmanycases,itisnotpossibleforawitnesstouniquelyidentifyanobjectincourt.Inthosecases,

achainofevidencemustbeestablished.Thisinvolveseveryonewhohandlesevidence-including

thepolicewhooriginallycollectit,theevidencetechnicianswhoprocessit,andthelawyerswhouse

itincourt.Thelocationoftheevidencemustbefullydocumentedfromthemomentitwascollected

tothemomentitappearsincourttoensurethatitisindeedthesameitem.Thisrequiresthorough

labelingofevidenceandcomprehensivelogsnotingwhohadaccesstotheevidenceatspecific

timesandthereasonstheyrequiredsuchaccess.1'Pg.593Tittel:

CISSPStudyGuide.

Theevidencelifecyclecoverstheevidencegatheringandapplicationprocess.Thislifecyclehas

thefollowingcomponents:

Discoveryandrecognition

Protection

Recording

Collection

Collectallrelevantstoragemedia

Makeimageofharddiskbeforeremovingpower

Printoutscreen

Avoiddegaussingequipment

Identification

Preservation

Protectmagneticmediafromerasure

Storeinproperenvironment

Transportation

Presentationinacourtoflaw

Returnofevidencetoowner

Pg.309Krutz:TheCISSPPrepGuide

Thelifecycleofevidenceincludes

*Collectionandidentification

*Storage,preservation,andtransportation

*Presentationincourt

*Beingreturnedtovictimorowner

Pg677ShonHarris:All-In-OneCISSPCertificationExamGuide

QUESTION17

Whywouldamemorydumpbeadmissibleasevidenceincourt?

A.Becauseitisusedtodemonstratethetruthofthecontents

B.Becauseitisusedtoidentifythestateofthesystem

C.Becausethestateofthememorycannotbeusedasevidence

D.Becauseoftheexclusionaryrule

为什么内存转储在法庭上作为证据被承认？

A.因为它可用于证实内容的真实性

B.因为它可用于确定系统的状态

C.因为内存的状态不能被用作证据

D.因为排斥性规则

Answer:B

Explanation:

QUESTION18

Ycuaredocumentingapossiblecomputerattack.

WhichoneofthefollowingmethodsisNOTappropriateforlegalrecordkeeping?

A.Aboundpapernotebook.

B.Anelectronicmaildocument.

C.Apersonalcomputerin“capture”modethatprintsimmediately.

D.Microcassetterecorderforverbalnotes

你记录了一起可能的计算机攻击。

以下哪项方法作为法律记录的保存是不合适的？

A.束缚式的纸质笔记本

B.申，子邮件文档

C.“捕捉”模式下的个人计算机并立即将其打印出

D.用微盒式磁带录音机记录的语音说明

Answer:D

Explanation:

QUESTION19

Tounderstandthe“whys”incrime,manytimesitisnecessarytounderstandMOM.Whichofthe

followingisnotacomponento\MOM?

A.Opportunities

B.Methods

C.Motivation

D.Means

为了理解犯罪中的“为什么”，很多时候有必要了解MOM。以下哪项不是MOM中的组成部分？

A.机会(Opportunities)

B.方式(Methods)

C.动机(Motivation)

D.方法(Means)

Answer:B

Reference:pg600ShonHarris:All-in-OneCISSPCertification

QUESTION20

Semethingthatisproprietarytothatcompanyandimportanceforitssurvivalandprofitabilityiswhat

typeofintellectualpropertylaw?

A.TradeProperty

B.TradeAsset

C.Patent

D.TradeSecret

有时候它属于公司专有的，而且对于公司的生存和盈利来说是非常重要的，它属于那种类型的知识产

权法律？

A.商业所有权

B.商业资产

C.专利

D.商业机密

Answer:D

Explanation:

QUESTION21

WhichofthefollowingistheBESTwaytopreventsoftwarelicenseviolations?

A.Implementingacorporatepolicyoncopyrightinfringementsandsoftwareuse.

B.RequiringthatallPCsbedisklessworkstations.

C.InstallingmeteringsoftwareontheLANsoapplicationscanbeaccessedthroughthemetered

software.

D.RegularlyscanningusedPCstoensurethatunauthorizedcopiesofsoftwarehavenotbeen

loadedonthePC.

以下哪种方法能最好的防止违反软件许可证？

A.实施关于版权侵犯和软件使用的公司策略

B.要求统一使用无盘工作站

C.在局域网内安装测量软件，通过该测量软件来访问应用

D.定期扫描使用的PCs,确保没有PC装载了未授权的软件

Answer:D

Explanation:Sinceitsimpossibletocontrolalltheeffortsoftheuserstoinstallsoftwarewithoutthe

properlicensesintheirPC's(SpeciallydownloadedfromtheInternet),thebestwaytoprevent

licensesviolationsisthroughregularaudittoeverysingleuserPCtoseewhafstheins:alled

programsareandwhafsthenatureofthem(Shareware,freeware,licensed).WecantuseLAN

monitoringsoftwarebecausenotalltheapplicationsarenetworkenabled,also,thereisusuallya

policyaboutsoftwareinstallation,buttheusersdonotrelyonthemmanytimes.Italsoaverynice

practicetopunishtheusersmakingsoftwarelicenseviolations.

QUESTION22

Under"NamedPerils”formofPropertyinsurance

A.BurdenofproofthatparticularlossiscoveredisonInsurer.

B.BurdenofproofthatparticularlossisnotcoveredisonInsurer.

C.BurdenofproofthatparticularlossiscoveredisonInsured.

D.BurdenofproofthatparticularlossisnotcoveredisonInsured.

“指定危险”形式下的财产保险

A.特定损失的举证责任由承保人承担

B.特定损失的举证责任不是由承保人承担

C.特定损失的举证责任由被保险人承担

D.特定损失的举证责任不是由被保险人承担

Answer:C

Explanation:Hereissomethingon“NamedPerils“foryourunderstanding:“NamedPerilsisa

formalandspecificlistingofperilscoveredinapolicyprovidingpropertyinsurance.Apolicy

coveringfordamagebyfireissaidtocoverfor"thenamedperil"offire”.Asyoucansee,AnswerC

iscorrect.

应用安全

QUESTION23

WithintherealmofITsecurity,whichofthefollowingcombinationsbestdefinesrisk?

A.Threatcoupledwithabreach.

B.Threatcoupledwithavulnerability.

C.Vulnerabilitycoupledwithanattack.

D.Threatcoupledwithabreachofsecurity.

在IT安全领域内，以下哪项组合最好的定义了风险？

A.威胁与违规

B.威胁与脆弱性

C.脆弱性与攻击

D.威胁与安全违规

Answe匚B

Explanation:Thisisthemainconcept,whenwetalkaboutapossibleriskwealwayshavea

possiblevulnerabilityinthesystemattacked.Thisvulnerabilitycanmakeathreattobesuccessful.

Wecansaythatthelevelofriskcanbemeasuresthroughthelevelofvulnerabilitiesinourcurrent

systemsandtheabilityoftheattackerstoexploitthemtomakeathreatsuccessful.

QUESTION24

Whichofthefollowingwouldbethebestreasonforseparatingthetestanddevelopment

environments?

A.Torestrictaccesstosystemsundertest.

B.Tocontrolthestabilityofthetestenvironment.

C.Tosegregateuseranddevelopmentstaff.

D.Tosecureaccesstosystemsunderdevelopment.

以卜.哪项最好的描述了分离测试和开发环境的原因？

A.约束测试环境下对系统的访问

B.控制测试环境的稳定

C.分离用户和开发员工

D.为了在开发环境中安全访问系统

Answer:B

Explanation:Thisistherightanswer,withaseparationofthetwoenvironments(Testand

development),wecangetamorestableandmore“incontrol”environment,Sincewearemaking

testsinthedevelopmentenvironment,wedon'twantourproductionprocessesthere,wedon't

wanttoexperimentthingsinourproductionprocesses.Withaseparationoftheenvironmentswe

cangetamoreriskfreeproductionenvironmentandmorecontrolandflexibilityoverthetest

environmentforthedevelopers.

QUESTION25

Atwhichofthefollowingphasesofasoftwaredevelopmentlifecyclearesecurityandaccess

controlsnormallydesigned?

A.Coding

B.Productdesign

C.Softwareplansandrequirements

D.Detaileddesign

安全与访问控制设计通常在软件开发生命周期中的哪个阶段？

A.编码

B.产品设计

C.软件的计划与要求

D.细节设计

Answer:D

Explanation:Securitycontrolsandaccesscontrolsarenormallydesignedinthe“Detailed”phaseof

design.Inthisphaseyouhavethedesignofmanyofthesecurityfeaturesofyourdevelopmentlike

authentication,confidentialityfunctionality,nonrepudiationcapabilities.Inthisphaseyoucanalso

definewhatisgoingtobetheaccesscontrolmethodforthesoftware,wecanmakeitdiscretionary

(lessrestrictive),mandatory(morerestrictive),rolebasedandothers.

QUESTION26

Whataredatabaseviewsusedfor?

A.Toensurereferentialintegrity.

B.Toalloweasieraccesstodatainadatabase.

C.Torestrictuseraccesstodatainadatabase.

D.Toprovideaudittrails.

数据库视角的作用是什么？

A.确保参考完整性

B.为了允许更容易的访问数据库中的数据

C.为了约束用户访问数据库中的数据

D.为了提供审计轨迹

Answer:C

Explanation:Throughtheuseofaviewwecanprovidesecurityfortheorganizationrestrictingusers

accesstocertaindataortotherealtablescontainingtheinformationinourdatabase.Forexample,

wecancreateaviewthatbringsdatafrom3tables,onlyshowing2ofthe4columnsineach.

Insteadofgivingaccesstothetablesthatcontaintheinformation,wegiveaccesstotheview,so

theusercanaccessthisfixedinformationbutdoesnothaveprivilegesoverthetablescontainingit.

Thisprovidessecurity.

QUESTION27

Whydoescompiledcodeposemoreriskthaninterpretedcode?

A.Becausemaliciouscodecanbeembeddedinthecompiledcodeandcanbedifficulttodetect.

B.Becausethebrowsercansafelyexecuteallinterpretedapplets.

C.Becausecompilersarenotreliable.

D.Itdoesnot.Interpretedcodeposesmoreriskthancompiledcode.

为什么编译后的代码比解释性的代码存在更多的风险？

A.因为恶意代码可以嵌入在编译后的代码中，很难被检测出

B.因为浏览器能安全地执行所有的解释性的applets

C.因为编译器不可靠

D.并不是。解释性代码比编译后代码存在更多的风险

AnswersA

Explanation:Sincethecompiledcodehasalreadybeentranslatedtobinarylanguage(the

languageunderstandednativelybythecomputers),itsverydifficultforus(thehumans)todetect

maliciouscodeinsideanapplication,thisisbecauseitsnotapparentlyvisible,youhavetofind

thatmaliciouscodethroughthebehavioroftheprogram.Instead,whenwetalkaboutInterpreted

code,weusealanguageinterpreter,thatisapieceofsoftwarethatallowstheend-usertowritea

programinsomehuman-readablelanguage,andhavethisprogramexecuteddirectlybythe

interpreter.

Thisisincontrasttolanguagecompilers,thattranslatethenuman-readablecodeinto

machinereadablecode,sothattheend-usercanexecutethemachine-readablecodeatalatertime.

Thisisfarmoreeasiertodetectmaliciouscodeinsidetheprograms,youjustneedtoseewhat

pieceofcodeproducedtheundesiredaction.

QUESTION28

Whichmodel,basedonthepremisethatthequalityofasoftwareproductisadirectfunctionofthe

qualityofitsassociatedsoftwaredevelopmentandmaintenanceprocesses,introducedfivelevels

withwhichthematurityofanorganizationinvolvedinthesoftwareprocessisevaluated?

A.TheTotalQualityModel(TQM)

B.TheIDEALModel

C.TheSoftwareCapabilityMarurityModel

D.TheSpiralModel

哪种模型，是基于之前软件产品的质量，并且与它现在的开发和维护过程直接相关，引入了5个分级

来评估该组织在软件流程上的成熟度的？

A.全面质量管理模型(TQM)

B.IDEAL模型

C.软件能力成熟度模型

D.螺旋模型

Answer•:C

Explanation:TheCapabilityMaturityModelforSoftwaredescribestheprinciplesandpractices

underlyingsoftwareprocessmaturityandisintendedtohelpsoftwareorganizationsimprovethe

maturityoftheirsoftwareprocessesintermsofanevolutionarypathfromadhoc,chaoticprocesses

tomature,disciplinedsoftwareprocesses.TheCMMisorganizedintofivematuritylevels:

1)Initial.Thesoftwareprocessischaracterizedasadhoc,andoccasionallyevenchaotic.Few

processesaredefined,andsuccessdependsonindividualeffortandheroics.

2)Repeatable.Basicprojectmanagementprocessesareestablishedtotrackcost,schedule,and

functionality.Thenecessaryprocessdisciplineisinplacetorepeatearliersuccessesonprojects

withsimilarapplications.

3)Defined.Thesoftwareprocessforbothmanagementandengineeringactivitiesisdocumented,

standardized,andintegratedintoastandardsoftwareprocessfortheorganization.Allprojectsuse

anapproved,tailoredversionoftheorganization'sstandardsoftwareprocessfordevelopingand

maintainingsoftware.

4)Managed.Detailedmeasuresofthesoftwareprocessandproductqualityarecollected.Boththe

softwareprocessandproductsarequantitativelyunderstoodandcontrolled.

5)Optimizing.Continuousprocessimprovementisenabledbyquantitativefeedbackfromthe

processandfrompilotinginnovativeideasandtechnologies.

QUESTION29

Whichofthefollowingisusedindatabaseinformationsecuritytohideinformation?

A.Inheritance

B.Polyinstantiation

C.Polymorphism

D.Delegation

在数据库信息安全中，以下哪项用于信息隐藏？

A.继承

B.多实例

C.多态

D.委托

Answer:B

Explanation:Polyinstantiationrepresentsanenvironmentcharacterizedbyinformationstoredin

morethanonelocationinthedatabase.Thispermitsasecuritymodelwithmultiplelevels-of-view

andauthorization.Thecurrentproblemwithpolyinstantiationisensuringtheintegrityofthe

informationinthedatabase.Wthoutaneffectivemethodforthesimultaneousupdatingofall

occurrencesofthesamedataelement-integritycannotbeguaranteed.

QUESTION30

DuringwhichphaseofanITsystemlifecyclearesecurityrequirementsdeveloped?

A.Operation

B.Initiation

C.Development

D.Implementation

安全要求的开发在IT系统生命周期的哪个阶段中？

A.运营

B.初始

C.开发

D.实施

Answer:C

Explanation:TheSystemDevelopmentLifeCycleistheprecessofdevelopinginformationsystems

throughinvestigation,analysis,design,implementation,andmaintenance.TheSystem

DevelopmentLifeCycle(SDLC)isalsoknownasInformationSystemsDevelopmentorApplication

Development.IfyoutakealookatthestandardITsystemlifecyclechart,youwillseethat

everythingthatdealswithsecurityrequirementsisdoneatthe“development“stage.Inthisstage

youcancreatetheaccesscontrols,theformofauthenticationtouseandalltheother

securityrequirements.

QUESTION31

Whichofthefollowingisanadvantageofprototyping?

A.Prototypesystemscanprovdesignificanttimeandcostsavings.

B.Changecontrolisoftenlesscomplicatedwithprototypesystems.

C.Itensuresthatfunctionsorextrasarenotaddedtotheirtendedsystem.

D.Stronginternalcontrolsareeasiertoimplement.

以卜哪项是原型模型的优点？

A.原型系统能节省大量的时间和成本

B.原型系统中的变更控制通常不是很复杂

C.它确保功能和额外的附加不会添加到原有系统中

D.强内部控制能容易地实施

Answer:A

Explanation:ThePrototypePhaseisalsocalledthe“ProofofConceprPhase.Whetherifs

calledoneortheotherdependsonwhatthecreatoristryingto“prove.”Ifthemaindeliverableof

thePhaseincludesaworkingversionoftheproduct'stechnicalfeatures,ifsa“prototype.”Ifthe

maindeliverablejustlookslikeithastheproducfstechnicalfeatures,thenit'sa'proofofconcept/,

Prototypescansavetimeandmoneybecauseyoucantestsomefunctionalityearlierintheprocess.

Ycudon'thavetomakethewholefinalproducttobegintestingit.

QUESTION32

Whywouldadatabasebedenormalized?

A.Toensuredataintegrity.

B.Toincreaseprocessingefficiency.

C.Topreventduplicationofdata.

D.Tosavestoragespace.

为什么数据库要去规范化？

A.为了确保数据的完整性

B.增加处理的效率

C.为了防止数据的重复

D.为了节省存储空间

Answer:B

Explanation:Denormalizationistheprocessofattemptingtooptimizetheperformanceofdata

storagebyaddingredundantdata.ItisnecessarybecausecurrentDBMSsarenotfullyrelational.A

fullyrelationalDBMSwouldbeabletopreservefullnormalizationatthelogicallevel,whileallowing

ittobemappedtoperformance-tunedphysicallevel.Databasedesignersoftenjustify

denormalizationonperformanceissues,buttheyshouldnotethatlogicaldenormalizationcaneasily

breaktheconsistencyofthedatabase,oneoftheall-importantACIDproperties.However,a

designercanachievetheperformancebenefitswhileretainingconsistencybyperforming

denormalizationataphysicallevel;suchdenormalizationisoftencalledcaching.

QUESTION33

Whatiscalledthenumberofcolumnsinatable?

A.Schema

B.Relation

C.Degree

D.Cardinality

表中列的数量称为什么？

A.模式

B.关系

C.度

D.基数

Answer:C

Explanation:Indatabaseterminology,isthesametosaythatthenumberofDegreesis"X”and

thatthenumberofcolumnsis"X"insideaTable.Thisquestionisjusttryingtotestourknowledge

ofrare,difficulttofinterminology.YoucancheckthisintheknowledgebaseofOracle.Whenwe

talkaboutdegrees,wearejusttalkingaboutcolumns.Theschemaisthestructureofthedatabase,

andtherelationsarethewayeachtablerelatestoothers.

QUESTION34

Whichofthefollowingbestdescribesthepurposeofdebuggingprograms?

A.Togeneraterandomdatathatcanbeusedtotestprogramsbeforeimplementingthen

B.Toensurethatprogramcodngflawsaredetectedandcorrected.

C.Toprotect,duringtheprogrammingphase,validchangesfrombeingoverwrittenbyother

changes.

D.Tocomparesourcecodeversionsbeforetransferringtothetestenvironment.

以下哪项最好地描述了程序调试的目的？

A.在程序部署之前，产生随机数据用来测试程序

B.确保检测到程序的编码缺陷并纠正它

C.在编程阶段，保护有效的变更不会被其他的变更所覆写

D.在传输给测试环境前比较源代码的版本

Answer:B

Explanation:Abugisacodingerrorinacomputerprogram.Theprocessoffindingbugsbefore

programfinalusersiscalleddebugging.Debuggingstartsafterthecodeisfirstwrittenand

continuesinsuccessivestageascodeiscombinedwithotherunitsofprogrammingtoforma

softwareproduct,suchasanoperatingsystemorapplication.Themainreasontodebugistodetect

andcorrecterrorsintheprogram.

QUESTION35

Whichofthefollowingisusedtocreateanddeleteviewsandrelationswithintables?

A.SQLDataDefinitionLanguage

B.SQLDataManipulationLanguage

C.SQLDataRelationalLanguage

D.SQLDataIdentificationLanguage

以卜.哪项用来创建和删除表中的视图和关系？

A.SQL数据定义语言

B.SQL数据操作语言

C.SQL数据关系语言

D.SQL数据确证语言

Answe匚A

Explanation:SQLsupportsthedatadefinitionlanguage(DDL)forcreating,altering,anddeleting

tablesandindexes.SQLdoesnotpermitmetadataobjectnamestoberepresentedbyparameters

inDDLstatements.WiththislanguageyoucancreatemanyoftheobjectsusedinSQL;this

languageisstandardandissuoportedbymostdatabasevendorsinitsstandardform.Manyof

themalsoextendsitsfunctionalityforproprietaryproducts.

QUESTION36

Whichofthefollowingisafacialfeatureidentificationproductthatcanemployartificialintelligenceand

canrequirethesystemtolearnfromexperience?

A.Allofthechoices.

B.Digitalnervoussystem.

C.Neuralnetworking

D.DSV

下列哪项可以使用人工智能的面部特征识别产品，并可以要求系统进行自学习？

A.所有选项

B.数字神经系统

C.神经网络

D.动态签名验证

Answer:C

Explanation:

Therearefacialfeatureidentificationproductsthatareonthemarketthatuseother

technologiesormethodstocaptureone'sface.Onetypeofmethodusedisneural

networkingtechnology.Thistypeoftechnologycanemployartificialintelligencethat

requiresthesystemto"learn"fromexperience.This"learning"experiencehelpsthe

systemtocloseinonanidentificationofanindividual.Mostfacialfeature

identificationsystemstodayonlyallowfbrtwo-dimensionalfrontali