Principles of Computer Security CompTIA+ SecurityChapter 24

南开大学智慧树知到“信息安全”《信息安全概论》网课测试题答案（图片大小可自由调整）第1卷一.综合考核(共10题)1.在面向变换域的数字水印算法中，DFT算法是一种()A.离散小波变换算法B.离散傅里叶变换算法C.离散余弦变换算法D.最低有效位变换算法2.在CC标准中，目标是使产品在极端危险的环境中使用且目前只限于可进行形式化分析的安全产品的安全可信度级别是()。

A.EAL1B.EAL3C.EAL5D.EAL73.在访问控制中，主体对客体的操作行为和约束条件的关联集合被称为()A.主体B.客体C.访问控制策略D.访问操作4.AES是一种分组密码算法。

()A.正确B.错误5.Windows系统安全架构的核心是什么?()A.用户认证B.访问控制C.管理与审计D.安全策略6.在RBAC中，所有的授权应该给予角色而不是直接给用户或用户组。

()A.正确B.错误7.信息安全CIA三元组中的I指的是()。

A.机密机B.完整性C.可用性D.可控性8.以下是散列函数的是()。

A.RSAB.MD5C.DESD.AES9.信息安全CIA三元组中的A指的是()A.机密机B.完整性C.可用性D.可控性10.信息安全CIA三元组中的A指的是()。

A.机密机B.完整性C.可用性D.可控性第1卷参考答案一.综合考核1.参考答案：B2.参考答案：D3.参考答案：C4.参考答案：A5.参考答案：D6.参考答案：A7.参考答案：B8.参考答案：B9.参考答案：C10.参考答案：C。

PRIVACY AND SECURITY（隐私与安全）PRIVACY（隐私）Computer ethics are guidelines for moral com-puter use. Four computer ethics issues are pri-vacy, accuracy, property, and access.译文：计算机伦理道德电脑使用指南。

四个计算机伦理问题是隐私、精确度、性能和访问。

Large Databases（大型数据库）Large organizations are constantly compiling in-formation about us. Reverse directories list tele-phone numbers followed by subscriber names. Information resellers (information brokers) collect and sell personal data. Electronic pro-files are compiled from databases to provide highly detailed and personalized descriptions of individuals.译文：大型组织在不断地收集有关我们的资料。

反向目录列表电话号码跟随着用户名。

信息经销商（信息经济人）收集并销售个人资料。

电子配置文件从数据库中编译为个人提供非常详细的和个性化的描述。

Identity theft is the illegal assumption of someone’s identity for the purposes of economic gain. Mistaken identity occurs when an elec-tronic profile of one person is switched with an-other. The Freedom of Information Act entitles individuals access to governmental records relat-ing to them.译文：身份盗用是非法是为了经济利益的目的，非法假设某人的身份。

Principles of Operating SystemSecurityOperating system security is a critical aspect of ensuring the confidentiality, integrity, and availability of data within a computer system. The principles of operating system security are essential guidelines that help protect the system from unauthorized access, data breaches, and malicious attacks.One of the key principles of operating system security is the principle of least privilege. This principle states that users and processes should only be granted the minimum level of access and permissions necessary to perform their required tasks. By limiting access rights to only what is needed, the risk of unauthorized activities and potential security breaches is greatly reduced.Another important principle of operating system security is the concept of defense in depth. This principle involves implementing multiple layers of security controls to protect the system from various types of threats. By employing a combination of access control mechanisms, encryption, firewalls, intrusion detection systems, and other security measures, organizations can create a strong defense against potential security breaches.Access control is another fundamental principle of operating system security. Access control mechanisms, such as user authentication, authorization, and accounting, help ensure that only authorized users can access resources and perform specific actions within the system. By properly configuring access controls, organizations can prevent unauthorized access and maintain the confidentiality and integrity of their data.Auditing and monitoring are also critical principles of operating system security. Regular auditing of system logs and monitoring of network traffic can help organizations detect and respond to security incidents in a timely manner. By monitoring system activity and keeping detailed logs, organizations can identify suspicious behavior, track system changes, and investigate security breaches effectively.Secure configuration management is another important principle of operating system security. By ensuring that systems are properly configured, regularly updated, and patched with the latest security updates, organizations can reduce the risk of security vulnerabilities and exploits. Secure configuration management practices help maintain the overall security posture of the system and mitigate the risk of security incidents.Additionally, secure coding practices are essential principles of operating system security. By following secure coding guidelines and best practices, developers can create secure and robust applications that are less vulnerable to security exploits and attacks. Secure coding practices, such as input validation, secure error handling, and memory management, help prevent common security vulnerabilities, such as buffer overflows and injection attacks.In conclusion, the principles of operating system security are vital guidelines that help organizations protect their systems and data from security threats. By following these principles, organizations can establish a strong security posture, reduce the risk of security breaches, and safeguard the confidentiality, integrity, and availability of their data. Implementing robust security measures, such as least privilege, defense in depth, access control, auditing, monitoring, secure configuration management, and secure coding practices, can help organizations enhance the security of their operating systems and mitigate the risk of security incidents.。

第15章计算机伦理、道德与法规主要知识点：(1) 计算机伦理学(2) 计算机职业伦理规范(3) 职业理想与职业道德(4) 信息产业的法律法规本章重点：计算机职业伦理规范，职业道德，信息产业的法律法规本章难点：计算机职业伦理规范，信息产业的法律法规教学时数：2学时思维导论：15.1 计算机伦理学15.1.1 计算机伦理学概述计算机伦理学（computer ethics）是对计算机行业从业人员职业道德进行系统规范的新兴学科。

1．计算机伦理学的产生与发展1985年，美国著名哲学杂志《形而上学》发表了泰雷尔•贝奈姆的《计算机与伦理学》和杰姆斯•摩尔的《什么是网络伦理学》两篇论文，成为西方计算机伦理学兴起的重要标志。

美国学者斯平内洛在《信息技术的伦理方面》一书中提出了计算机道德是非判断应当遵守的三条一般规范性原则。

一是“自主原则”；二是“无害原则”；三是“知情同意原则”。

西方学者还对计算机“职业”、“职业人员”、“职业道德”的特殊性问题作了探讨。

2．建设计算机伦理的重要性信息时代的来临，迫切需要全社会高度重视计算机伦理的建设。

计算机技术依然处在探索与发展的过程中，必须借助人类特有的伦理智慧和道德精神的指引，才能防止研究与应用的急功近利，把技术上的“不确定性”对社会可能带来的危害降低到最低程度。

3．构建计算机伦理的基本原则（1）促进人类美好生活原则。

（2）平等与互惠原则。

（3）自由与责任原则。

（4）知情同意原则。

（5）无害原则。

4．计算机伦理学的内容（1）隐私保护。

（2）预防计算机犯罪。

（3）知识产权保护。

（4）软件盗版。

（5）病毒扩散。

（6）黑客。

（7）行业行为规范。

15.1.2 计算机职业伦理规范1．美国计算机伦理研究的实践美国计算机伦理问题研究中比较集中研究的现实道德问题有，计算机信息技术（包括软件、硬件、网络、专家系统）的知识产权问题，计算机犯罪、“黑客”与网络安全问题，信息与网络时代的个人隐私权的保护问题，信息技术产品对消费者和社会的责任问题，信息网络技术应用者个人的自由权利与道德责任问题，为控制国际互联网“色情音像”、“攻击言论”、“虚拟伤害”而建立审查制度的问题，企业信息技术与反不正当竞争的问题等。

可信计算机评估准则英文回答：The Trusted Computing Evaluation Criteria (TCE) was released by the National Information Assurance Partnership (NIAP) in 2004. It is an evaluation criteria for commercial off-the-shelf (COTS) information technology (IT) products that are designed to provide trusted services in support of security-sensitive applications.The TCE is based on the Common Criteria for Information Technology Security Evaluation (CC), which is an international standard for evaluating the security of IT products. The TCE extends the CC by adding requirements for trusted computing, such as:The ability to measure the integrity of the system.The ability to control access to the system.The ability to audit the actions of the system.The TCE is a voluntary standard, but it is often usedby governments and organizations to evaluate the securityof IT products.中文回答：可信计算评估准则（TCE）是由国家信息安全保障伙伴关系(NIAP) 于 2004 年发布的。

2024年全国保密教育线上培训考试试题库及答案—、选择题1、国家安全机关受理公民和组织举报电话为()。

A、12315B、12339C、12399D、110答案：B2、国家保密标准体系框架包含()。

A、技术标准、管理标准、行业监督标准B、技术标准、行业监督标准、测评与检查标准C、评估标准、检查标准、管理标准D、技术标准、管理标准、测评与检查标准答案：D3、国家安全工作的基础是()。

A、政治安全B、军事安全C、经济安全D、国土安全答案：C3国家安全工作应当以()为根本。

A、政治安全B、军事安全C、经济安全D、国土安全答案：A4、关于参加涉密会议、活动人员保密管理要求，下列说法错误的是()。

A、可自行委托其他人员代替参加涉密会议活动B、不得擅自记录、录音、摄像C、不得使用无线键盘、无线网卡等无线设备或装置D、不得将手机带入答案：A5、根据《中华人民共和国国家安全法》规定，每年()为全民国家安全教育日。

A、4月1日B、4月10日C、4月15日D、4月30日答案：C6、根据GM/T0054-2018信息系统密码应用基本要求,以下对于应用和数据安全测评的测评对象,说法不正确的是()。

A、条款[7、4、5a]:身份鉴别测评对象:应用系统管理员、应用系统、密码产品、技术文档B、条款[7、4、5b]:访问控制信息和敏感标记的完整性测评对象:应用系统、密码产品、技术文档C、条款[7、4、5c]:数据传输保密性测评对象:业务系统、密码产品、技术文档D、条款[7、4、5d]:数据存储保密性测评对象:业务系统、密码产品、技术文档答案：B7、公钥密码学的思想最早是由()提出的。

A、迪菲(Diffie)和赫尔曼(Hellman)B、欧拉(Euler)C、Rivest,Shamir,AdlemanD、费马(Fermat)答案：A8、关于IPSecVPN产品使用的密钥,下列描述正确的有()。

A、会话密钥是在密钥交换第二阶段得到的对称算法密钥,用于数据报文的加密和完整性保护B、设备密钥是非对称算法使用的公私钥对,包括签名密钥对和加密密钥对C、工作密钥是在密钥交换第一阶段得到的对称算法密钥,用于保护会话密钥交换的过程D、设备密钥中签名密钥对用于鉴别和数字签名,加密密钥对用于加密对称密钥答案：ABCD9、关于保密检查整改和复查，下列说法错误的是()。