Based on Safe Softwares Feature Manipulation

信息安全概论知到章节测试答案智慧树2023年最新上海电力大学第一章测试1.下面那个（）发表的论文《保密系统的信息理论》使得密码成为一门科学。

参考答案:Shannon2.信息安全涵盖的两个层次，是（）层次和网络层次。

参考答案:信息3.PDRR模型中，D是指（）参考答案:检测4.以下不属于信息安全目标的是（）参考答案:响应和恢复5.信息安全技术体系包括：物理安全、系统安全、（）和应用安全。

参考答案:网络安全第二章测试1.对称密码的五个基本要素是___、___、___、___和___。

参考答案:null2.凯撒密码的密文是“PHHW PH DIWHU FODVV”，密钥是3，那明文是___。

参考答案:null3.私钥密码又叫___或___。

参考答案:null4.数据加密标准DES的明文长度是___，密钥长度是___，子密钥长度是___，密文长度是___，加密轮数是___。

参考答案:null5.公钥密码又称为___或___。

参考答案:null6.数字签名的五大功能包括：___、___、___、___和___。

参考答案:null第三章测试1.鉴别的主要目的包括 ___和___参考答案:null2.数字签名机制是建立在 ___密码体制之上的，其具有 ___ 、 ___ 等优点。

参考答案:null3.常用的身份识别技术可以分为两大类：一类是 ___的身份识别技术，根据采用密码技术的特点又可以分为 ___ 、 ___ 、 ___ 三种不同的身份识别技术；另一类是 ___ 的身份识别技术。

参考答案:null4.在一个信息安全系统中， ___ 、 ___ 可以公开，只要___ 没有被泄露，保密信息仍是安全的参考答案:null5.在密钥分发的过程中，除要保护待分配密钥的机密性之外，还要保证密钥的___ 、 ___、 ___ 和 ___ 。

参考答案:null6.密钥产生有 ___ 、 ___ 和 ___ 三个制约条件。

2014年公需科目：信息安全知识、科研方法与论文写作模拟题1模拟题目1一、判断题(每题2分)1.根据ISO13335标准，信息是通过在数据上施加某些约定而赋予这些数据的特殊含义。

正确错误2.确定信息安全保护等级的步骤是赋值、确定两个指标等级、确定业务子系统等级。

正确错误3.信息安全保护能力技术要求分类中，业务信息安全类记为A。

正确错误4.只靠技术就能够实现安全。

正确5.灾难恢复和容灾是同一个意思。

正确错误6.在网络安全技术中，防火墙是第二道防御屏障。

正确错误7.入侵检测技术能够识别来自外部用户的入侵行为和内部用户的未经授权活动。

正确错误8.对于一个信息系统来说，它的安全性不在于它是否采用了最新的加密算法和最先进的设备，而是由系统本身最薄弱之处及漏洞所确定的。

正确错误9.美国的布什切尼政府把信息高速公路，互联网的发展推动起来了。

正确10.电子商务是成长潜力大，综合效益好的产业。

正确错误11.物流是电子商务市场发展的基础。

正确错误12.对专业技术人员来说，科研论文是资格认定和职称评审的主要依据之一。

正确错误13.科研课题/项目是科学研究的主要内容，也是科学研究的主要实践形式，更是科研方法的应有实践范畴，是科研管理的主要抓手。

正确错误14.科研方法注重的是研究方法的指导意义和学术价值。

正确15.西方的“方法”一词来源于英文。

正确错误16.期刊论文从投稿到发表需要有一个编辑评价的标准，但是它更需要有一个质量的监控体系、监控体制。

正确错误17.科研成果是衡量科学研究任务完成与否、质量优劣以及科研人员贡献大小的重要标志。

正确错误18.著作权人仅仅指作者。

正确错误19.著作权由人身性权利和物质性权利构成。

正确错误20.一稿多投产生纠纷的责任一般情况由作者承担。

正确错误二、单项选择(每题2分)21.信息安全策略的基本原则是（）。

A、确定性、完整性、有效性B、确定性、完整性、可靠性C、完整性、可靠性、保密性D、可靠性、有用性、完整性22.（）是实现安全管理的前提。

2020年信息安全工程师下半年考前预测押题（八）第1题：要成功实施信息系统安全管理并进行维护，应首先对系统（）进行评估鉴定。

A.风险B.资产C.威胁D.脆弱性参考答案：D第2题：下面病毒中，属于蠕虫病毒的是(。

A、Wom.Sasser病毒B、Trojan.QQPSW病毒C、Backdoor.IRCBot病毒D、Macro.Melissa病毒参考答案：A第3题：下列叙述中错误的是()。

A：数字签名可以保证信息在传输过程中的完整性B：数字签名可以保证数据在传输过程中的安全性C：数字签名可以对发送者的身份进行认证D：数字签名可以防止交易中的抵赖法则参考答案：B第4题：下面对于标识和鉴别的解释最准确的是：()A.标识用于区别不同的用户，而鉴别用于验证用户身份的真实性B.标识用于区别不同的用户，而鉴别用于赋予用户权限C.标识用于保证用户信息的完整性，而鉴别用于验证用户身份的真实性D.标识用于保证用户信息的完整性，而鉴别用于赋予用户权限参考答案：A第5题：国际电信联盟将每年的5月17日确立为世界电信日，今年已经是第38届。

今年世界电信日的主题为()A、“让全球网络更安全”B、“信息通信技术：实现可持续发展的途径”C、“行动起来创建公平的信息社会”参考答案：A第6题：关于80年代Mirros蠕虫危害的描述，哪句话是错误的？（）A、该蠕虫利用Unix系统上的漏洞传播B、窃取用户的机密信息，破坏计算机数据文件C、占用了大量的计算机处理器的时间，导致拒绝服务D、大量的流量堵塞了网络，导致网络瘫痪参考答案：B第7题：为了有效的完成工作，信息系统安全部门员工最需要以下哪一项技能？（）A、人际关系技能B、项目管理技能C、技术技能D、沟通技能参考答案：D第8题：对MBOSS系统所有资产每年至少进行（）次安全漏洞自评估。

A、1B、2C、3D、4参考答案：A第9题：数据处理中心的物理环境中，最佳湿度应该保持在什么样的程度？()A、30%-40%B、40%-50%C、45%-60%D、50%-70%参考答案：C第10题：在IPSec中，（）是两个通信实体经过协调建立起来的一种协定，觉得用来保护数据包安全的IPSec协议、密码算法、密钥等信息。

人工智能安全的布莱切利宣言一、前言人工智能（Artificial Intelligence，简称本人）是当今科技领域备受关注的热门话题，其在各个领域的应用不断扩展。

然而，随着人工智能技术的快速发展，相关安全问题也日益凸显。

为此，我们需要对人工智能安全问题有更多的关注和探讨，以确保人工智能的发展不会给社会带来负面影响。

二、人工智能安全面临的挑战1. 数据安全挑战人工智能的学习和决策都依赖于大量的数据，而这些数据的安全性必须受到保障。

然而，当前网络上存在大量数据泄露和隐私侵犯的情况，这将对人工智能的学习和预测带来巨大的安全隐患。

2. 算法安全挑战人工智能的运行往往依赖于复杂的算法，而这些算法可能存在漏洞或被攻击的可能。

一旦人工智能的算法受到攻击，可能会导致严重的后果，甚至威胁到公共安全。

3. 伦理道德挑战人工智能的发展可能会带来诸多伦理道德问题，比如在自动驾驶领域的道德决策问题，或者在医疗领域的隐私保护问题。

这些问题需要我们认真对待，避免人工智能的发展对社会和个人带来不利影响。

三、布莱切利宣言鉴于上述挑战和问题，我们倡导制定人工智能安全的布莱切利宣言，主要内容包括：1. 制定严格的数据隐私保护法律和政策，保障个人数据的安全性和隐私权，防止数据滥用和泄露。

2. 加强人工智能算法的安全性研究，发现和修复算法中的漏洞和弱点，防范算法被攻击和操纵。

3. 重视人工智能伦理道德的问题，建立伦理委员会和评估机制，对人工智能的应用进行道德评估和监督。

4. 推动跨国合作，共同应对人工智能带来的全球性安全挑战，共同制定人工智能安全的国际标准和规范。

四、结语人工智能的发展离不开安全的保障，我们应该以前瞻性的眼光，认真对待人工智能安全的问题，制定相应的政策和措施。

”布莱切利宣言”是我们对人工智能安全问题的解决提出的倡议和建议，我们呼吁相关利益相关者能够共同努力，实现人工智能的可持续发展和社会的和谐进步。

五、人工智能安全的具体措施在制定布莱切利宣言的基础上，我们需要采取一系列具体措施来确保人工智能的安全发展：1. 加强技术研究和创新，提高人工智能系统的鲁棒性和安全性。

《网络安全技术》英文习题集Chapter 1 IntroductionANSWERS NSWERS TO QUESTIONS1.1 What is the OSI security architecture?The OSI Security Architecture is a framework that provides a systematic way of defining the requirements for security and characterizing the approaches to satisfying those requirements. The document defines security attacks, mechanisms, and services, and the relationships among these categories.1.2 What is the difference between passive and active security threats? Passive attacks have to do with eavesdropping on, or monitoring, transmissions. Electronic mail, , and client/server exchanges are examples of transmissions that can be monitored. Active attacks include the modification of transmitted data and attempts to gain unauthorized access to computer systems.1.3 Lists and briefly define categories of passive and active security attacks?Passive attacks: release of message contents and traffic analysis. Active attacks: masquerade, replay, modification of messages, and denial of service.1.4 Lists and briefly define categories of security service? Authentication: The assurance that the communicating entity is the one that it claims to be.Access contr ol: The prevention of unauthorized use of a resource (i.e., this service controls who can have access to a resource, under what conditions access can occur, and what those accessing the resource are allowed to do). Data confidentiality: The protection of data from unauthorized disclosure. Data integrity: The assurance that data received are exactly as sent by an authorized entity (i.e., contain no modification, insertion, deletion, or replay). Nonrepudiation: Provides protection against denial by one of the entities involved in a communication of having participated in all or part of the communication.Availability service: The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system (i.e., a system is available if it provides services according to the system design whenever users request them).Chapter2 Symmetric Encryptionand Message ConfidentialityANSWERS NSWERS TO QUESTIONS2.1 What are the essential ingredients of a symmetric cipher? Plaintext, encryption algorithm, secret key, ciphertext, decryption algorithm.2.2 What are the two basic functions used in encryption algorithms? Permutation and substitution.2.3 How many keys are required for two people to communicate via a symmetric cipher?One secret key.2.4 What is the difference between a block cipher and a stream cipher?A stream cipher is one that encrypts a digital data stream one bit or one byte at a time. A block cipher is one in which a block of plaintext is treated as a whole and used to produce a ciphertext block of equal length.2.5 What are the two general approaches to attacking a cipher? Cryptanalysis and brute force.2.6 Why do some block cipher modes of operation only use encryption while others use both encryption and decryption?In some modes, the plaintext does not pass through the encryption function, but is XORed with the output of the encryption function. The math works out that for decryption in these cases, the encryption function must also be used.2.7 What is triple encryption?With triple encryption, a plaintext block is encrypted by passing it through an encryption algorithm; the result is then passed through the same encryption algorithm again; the result of the second encryption is passed through the same encryption algorithm a third time. Typically, the second stage uses the decryption algorithm rather than the encryption algorithm.2.8 Why is the middle portion of 3DES a decryption rather than an encryption?There is no cryptographic significance to the use of decryption for the second stage. Its only advantage is that it allows users of 3DES to decrypt data encrypted by users of the older single DES by repeating the key.2.9 What is the difference between link and end-to-end encryption?With link encryption, each vulnerable communications link is equipped on both ends with an encryption device. With end-to-end encryption, the encryption process is carried out at the two end systems. The source host or terminal encrypts the data; the data in encrypted form are then transmitted unaltered across the network to the destination terminal or host.2.10 List ways in which secret keys can be distributed to two communicating parties.For two parties A and B, key distribution can be achieved in a number of ways, as follows:(1)A can select a key and physically deliver it to B.(2)A third party can select the key and physically deliver it to A and B.(3)If A and B have previously and recently used a key, one party can transmit the new key to the other, encrypted using the old key.(4)If A and B each has an encrypted connection to a third party C, C can deliver a key on the encrypted links to A and B.2.11 What is the difference between a session key and a master key?A session key is a temporary encryption key used between two principals. A master key is a long-lasting key that is used between a key distribution center and a principal for the purpose of encoding the transmission of session keys. Typically, the master keys are distributed by noncryptographic means.2.12 What is a key distribution center?A key distribution center is a system that is authorized to transmit temporary session keys to principals. Each session key is transmitted in encrypted form, using a master key that the key distribution center shares with the target principal.ANSWERS NSWERS TO PROBLEMS2.1 What RC4 key value will leave S unchanged during initialization? That is, after the initial permutation of S, the entries of S will be equal to the values from 0 through 255 in ascending order.Use a key of length 255 bytes. The first two bytes are zero; that is K[0] = K[1] = 0. Thereafter, we have: K[2] = 255; K[3] = 254; … K[255]= 2.2.2 If a bit error occurs in the transmission of a ciphertext character in8-bit CFB mode, how far does the error propagate?Nine plaintext characters are affected. The plaintext character correspondingto the ciphertext character is obviously altered. In addition, the altered ciphertext character enters the shift register and is not removed until the next eight characters are processed.2.3 Key distribution schemes using an access control center and/or a key distribution center have central points vulnerable to attack. Discuss the security implications of such centralization.The central points should be highly fault-tolerant, should be physically secured, and should use trusted hardware/software.Chapter 3 Public-Key Cryptography and Message AuthenticationANSWERS NSWERS TO QUESTIONS3.1 List three approaches to message authentication.Message encryption, message authentication code, hash function.3.2 What is message authentication code?An authenticator that is a cryptographic function of both the data to be authenticated and a secret key.3.3 Briefly describe the three schemes illustrated in Figture3.2.(a) A hash code is computed from the source message, encrypted using symmetric encryption and a secret key, and appended to the message. At the receiver, the same hash code is computed. The incoming code is decrypted using the same key and compared with the computed hash code. (b) This is the same procedure as in (a) except that public-key encryption is used; the sender encrypts the hash code with the sender's private key, and the receiver decrypts the hash code with the sender's public key. (c) A secret value is appended to a message and then a hash code is calculated using the message plus secret value as input. Then the message (without the secret value) and the hash code are transmitted. The receiver appends the same secret value to the message and computes the hash value over the message plus secret value. This is then compared to the received hash code.3.4 What properties must a hash function have to be useful for message authentication?(1)H can be applied to a block of data of any size.(2)H produces a fixed-length output.(3)H(x) is relatively easy to compute for any given x, making both hardware and software implementations practical.(4)For any given value h, it is computationally infeasible to find x such that H(x) = h. This is sometimes referred to in the literature as the one-way property. (5)For any given block x, it is computationally infeasible to find y ≠x with H(y) =H(x).(6)It is computationally infeasible to find any pair (x, y) such that H(x) = H(y).3.5 In the context of a hash function, what is a compression function? The compression function is the fundamental module, or basic building block, of a hash function. The hash function consists of iterated application of the compression function.3.6 What are the principal ingredients of a public-key cryptosystem? Plaintext: This is the readable message or data that is fed into the algorithm as input. Encryption algorithm: The encryption algorithm performs varioustransformations on the plaintext. Public and private keys: This is a pair of keys that have been selected so that if one is used for encryption, the other is used for decryption. The exact transformations performed by the encryption algorithm depend on the public or private key that is provided as input. Ciphertext: This is the scrambled message produced as output. It depends on the plaintext and the key. For a given message, two different keys will produce two different ciphertexts. Decryption algorithm: This algorithm accepts the ciphertext and the matching key and produces the original plaintext.3.7 List and briefly define three uses of a public-key cryptosystem. Encryption/decryption: The sender encrypts a message with the recipient's public key. Digital signature: The sender "signs" a message with its private key. Signing is achieved by a cryptographic algorithm applied to the message or to a small block of data that is a function of the message. Key exchange: Two sides cooperate to exchange a session key. Several different approaches are possible, involving the private key(s) of one or both parties.3.8 What is the difference between a private key and a secret key?The key used in conventional encryption is typically referred to as a secret key. The two keys used for public-key encryption are referred to as the public key and the private key.3.9 What is digital signature?A digital signature is an authentication mechanism that enables the creator of a message to attach a code that acts as a signature. The signature is formed by taking the hash of the message and encrypting the message with the creator's private key. The signature guarantees the source and integrity of the message.3.10 What is a public-key certificate?A pubic-key certificate consists of a public key plus a User ID of the key owner, with the whole block signed by a trusted third party. Typically, the third party is a certificate authority (CA) that is trusted by the user community, such as a government agency or a financial institution.3.11 How can public-key encryption be used to distribute a secret key? Several different approaches are possible, involving the private key(s) of one or both parties. One approach is Diffie-Hellman key exchange. Anotherapproach is for the sender to encrypt a secret key with the recipient's public key.ANSWERS NSWERS TO PROBLEMS3.1 Consider a 32-bit hash function defined as the concatenation of two 16-bit functions: XOR and RXOR, defined in Section 3.2 as “two simple hash function.”a. Will this checksum detect all errors caused by an odd number of error bits? Explain.b. Will this checksum detect all errors caused by an even number of error bits? If not, characterize the error patterns that will cause the checksum to fail.c. Comments on the effectiveness of this function for use a hash functions for authentication.a. Yes. The XOR function is simply a vertical parity check. If there is an odd number of errors, then there must be at least one column that contains an odd number of errors, and the parity bit for that column will detect the error. Note that the RXOR function also catches all errors caused by an odd number of error bits. Each RXOR bit is a function of a unique "spiral" of bits in the block of data. If there is an odd number of errors, then there must be at least one spiral that contains an odd number of errors, and the parity bit for that spiral will detect the error.b. No. The checksum will fail to detect an even number of errors when both the XOR and RXOR functions fail. In order for both to fail, the pattern of error bits must be at intersection points between parity spirals and parity columns such that there is an even number of error bits in each parity column and an even number of error bits in each spiral.c. It is too simple to be used as a secure hash function; finding multiple messages with the same hash function would be too easy.3.2 Suppose H (m) is a collision resistant hash function that maps a message of arbitrary bit length into an n-bit hash value. Is it true that, for all messages x, x’ with x≠x’,we have H(x)≠H(x’)?Explain your answer.The statement is false. Such a function cannot be one-to-one because the number of inputs to the function is of arbitrary, but the number of unique outputs is 2n. Thus, there are multiple inputs that map into the same output.3.3 Perform encryption and decryption using the RSA algorithm, as in Figture3.9, for the following:a. p=3;q=11;e=7;M=5b. p=5;q=11;e=3;M=9c. p=7;q=11;e=17;M=8d. p=11;q=13;e=11;M=7e. p=17;q=31;e=7;M=2.Hint: D ecryption is not as hard as you think; use some finesse.a. n = 33; ⎫(n) = 20; d = 3; C = 26.b. n = 55; ⎫(n) = 40; d = 27; C = 14.c. n = 77; ⎫(n) = 60; d = 53; C = 57.d. n = 143; ⎫(n) = 120; d = 11; C = 106.e. n = 527; ⎫(n) = 480; d = 343; C = 128. For decryption, we have128343 mod 527 = 128256 ⋅ 12864 ⋅ 12816 ⋅ 1284 ⋅ 1282 ⋅ 1281 mod 527= 35 ⋅ 256 ⋅ 35 ⋅ 101 ⋅ 47 ⋅ 128 = 2 mod 527= 2 mod 2573.4 In a public-key system using RSA, you intercept the cipher text C=10 sent to a user whose public key is e=5, n=35.What is the plaintext M?M = 53.5 In an RSA system, the public key of a given user is e=31,n=3599.What is the private key of this user?d = 30313.6 Suppose we have a set of blocks encoded with the RSA algorithm and we don’t have the private key, Assume n=pq, e is the public key. Suppose also someone tells us they know one of the plaintext blocks has a common factor with n. Does this help us in any way?Yes. If a plaintext block has a common factor with n modulo n then the encoded block will also have a common factor with n modulo n. Because we encode blocks that are smaller than pq, the factor must be p or q and the plaintext block must be a multiple of p or q. We can test each block for primality. If prime, it is p or q. In this case we divide into n to find the other factor. If not prime, we factor it and try the factors as divisors of n.3.7 Consider a Diffie-Hellman scheme with a common prime q=11 and a primitive root a=2.a. If user A has public key YA=9, what is A’s private key XA?b. If user B has public key YB=3, what is the shared secret key K?a. XA = 6b. K = 3Chapter 4 Authentication ApplicationsANSWERS NSWERS TO QUESTIONS4.1 What problem was Kerberos designed to address?The problem that Kerberos addresses is this: Assume an open distributed environment in which users at workstations wish to access services on servers distributed throughout the network. We would like for servers to be able to restrict access to authorized users and to be able to authenticate requests for service. In this environment, a workstation cannot be trusted to identify its users correctly to network services.4.2 What are three threats associated with user authentication over a network or Internet?A user may gain access to a particular workstation and pretend to be another user operating from that workstation. 2. A user may alter the network address of a workstation so that the requests sent from the altered workstation appear to come from the impersonated workstation. 3. A user may eavesdrop on exchanges and use a replay attack to gain entrance to a server or to disrupt operations.4.3 List three approaches to secure user authentication in a distributed environment.Rely on each individual client workstation to assure the identity of its user or users and rely on each server to enforce a security policy based on user identification (ID). 2. Require that client systems authenticate themselves to servers, but trust the client system concerning the identity of its user. 3. Require the user to prove identity for each service invoked. Also require that servers prove their identity to clients.4.4 What four requirements are defined for Kerberos?Secure: A network eavesdropper should not be able to obtain the necessary information to impersonate a user. More generally, Kerberos should be strong enough that a potential opponent does not find it to be the weak link. Reliable: For all services that rely on Kerberos for access control, lack of availability of the Kerberos service means lack of availability of the supported services. Hence, Kerberos should be highly reliable and should employ a distributed server architecture, with one system able to back up another. Transparent: Ideally, the user should not be aware that authentication is taking place, beyond the requirement to enter a password. Scalable: The system should be capable of supporting large numbers of clients and servers. This suggests a modular, distributed architecture.4.5 What entities constitute a full-service Kerberos environment?A full-service Kerberos environment consists of a Kerberos server, a number of clients, and a number of application servers.4.6 In the context of Kerberos, what is a realm?A realm is an environment in which: 1. The Kerberos server must have the user ID (UID) and hashed password of all participating users in its database. All users are registered with the Kerberos server. 2. The Kerberos server must share a secret key with each server. All servers are registered with the Kerberos server.4.7 What are the principal difference between version 4 and version 5 of Kerberos?Version 5 overcomes some environmental shortcomings and some technical deficiencies in Version 4.4.8 What is the purpose of the X.509 standard?X.509 defines a framework for the provision of authentication services by the X.500 directory to its users. The directory may serve as a repository ofpublic-key certificates. Each certificate contains the public key of a user and is signed with the private key of a trusted certification authority. In addition, X.509 defines alternative authentication protocols based on the use of public-key certificates.4.9 What is a chain of certificates?A chain of certificates consists of a sequence of certificates created by different certification authorities (CAs) in which each successive certificate is a certificate by one CA that certifies the public key of the next CA in the chain.4.10 How is an X.509 certificate revoked?The owner of a public-key can issue a certificate revocation list that revokes one or more certificates.ANSWERS NSWERS TO PROBLEMS4.1 Show that a random error in block of cipher text is propagated to all subsequent blocks of plaintext in PCBC mode (Figure 4.9).An error in C1 affects P1 because the encryption of C1 is XORed with IV to produceP1. Both C1 and P1 affect P2, which is the XOR of the encryption of C2 with the XOR of C1 and P1. Beyond that, P N–1 is one of the XORed inputs to forming P N.4.2 The 1988 version of X.509 lists properties that PSA keys must satisfy to be secure, given current knowledge about the difficulty of factoring large numbers. The discussion concludes with a constraint on the public exponent and the modulus n: It must be ensured that e>log2 (n) to prevent attack by taking the eth root mod n to disclose the plaintext. Although the constraint is correct, the reason given for requiring it is incorrect. What is wrong with the reason given and what is the correct reason?Taking the eth root mod n of a ciphertext block will always reveal the plaintext, no matter what the values of e and n are. In general this is a very difficult problem, and indeed is the reason why RSA is secure. The point is that, if e istoo small, then taking the normal integer eth root will be the same as taking the eth root mod n, and taking integer eth roots is relatively easy.Chapter 5 Electronic Mail SecurityANSWERS NSWERS TO QUESTIONS5.1 What are the five principal services provided by PGP? Authentication, confidentiality, compression, e-mail compatibility, and segmentation5.2 What is the utility of a detached signature?A detached signature is useful in several contexts. A user may wish to maintain a separate signature log of all messages sent or received. A detached signature of an executable program can detect subsequent virus infection. Finally, detached signatures can be used when more than one party must sign a document, such as a legal contract. Each person's signature is independent and therefore is applied only to the document. Otherwise, signatures would have to be nested, with the second signer signing both the document and the first signature, and so on.5.3 Why does PGP generate a signature before applying compression?a. It is preferable to sign an uncompressed message so that one can store only the uncompressed message together with the signature for future verification. If one signed a compressed document, then it would be necessary either to store a compressed version of the message for later verification or to recompress the message when verification is required.b. Even if one were willing to generate dynamically a recompressed message for verification, PGP's compression algorithm presents a difficulty. The algorithm is not deterministic; various implementations of the algorithm achieve different tradeoffs in running speed versus compression ratio and, as a result, produce different compressed forms. However, these different compression algorithms are interoperable because any version of the algorithm can correctly decompress the output of any other version. Applying the hash function and signature after compression would constrain all PGP implementations to the same version of the compression algorithm.5.4 What is R64conversion?R64 converts a raw 8-bit binary stream to a stream of printable ASCII characters. Each group of three octets of binary data is mapped into four ASCII characters.5.5 Why is R64 conversion useful for an e-mail application?When PGP is used, at least part of the block to be transmitted is encrypted. If only the signature service is used, then the message digest is encrypted (with the sender's private key). If the confidentiality service is used, the message plus signature (if present) are encrypted (with a one-time symmetric key). Thus, part or all of the resulting block consists of a stream of arbitrary 8-bit octets. However, many electronic mail systems only permit the use of blocks consisting of ASCII text.5.6 Why is the segmentation and reassembly function in PGP needed?E-mail facilities often are restricted to a maximum message length.5.7 How does PGP use the concept of trust?PGP includes a facility for assigning a level of trust to individual signers and to keys.5.8 What is RFC822?RFC 822 defines a format for text messages that are sent using electronic mail.5.9 What is MIME?MIME is an extension to the RFC 822 framework that is intended to address some of the problems and limitations of the use of SMTP (Simple Mail Transfer Protocol) or some other mail transfer protocol and RFC 822 for electronic mail.5.10 What is S/MIME?S/MIME (Secure/Multipurpose Internet Mail Extension) is a security enhancement to the MIME Internet e-mail format standard, based on technology from RSA Data Security.ANSWERS NSWERS TO PROBLEMS5.1 In the PGP scheme, what is the expected number of session keys generated before a previously created key is produced?This is just another form of the birthday paradox discussed in Appendix 11A. Let us state the problem as one of determining what number of session keys must be generated so that the probability of a duplicate is greater than 0.5. From Equation (11.6) in Appendix 11A, we have the approximation:k =1.18 ⋅ nFor a 128-bit key, there are 2128 possible keys. Thereforek =1.18 ⋅ 2128 =1.18 ⋅ 2645.2 The first 16 bits of the message digest in a PGP signature are translated in the clear.a. To what extent does this compromise the security of the hash algorithm?b. To what extent does it in fact perform its intended function, namely, to help determine if the correct RSA key was used to decrypt the digest?a. Not at all. The message digest is encrypted with the sender's private key. Therefore, anyone in possession of the public key can decrypt it and recover the entire message digest.b. The probability that a message digest decrypted with the wrong key would have an exact match in the first 16 bits with the original message digest is 2–16.5.3 In Figure 5.4, each entry in the public-key ring contains an owner trust field that indicates the degree of trust associated with thispublic-key owner. Why is that not enough? That is, if this owner is trusted and this is supposed to be the owner’s public key, why is not that trust enough to permit PGP to use this public key?We trust this owner, but that does not necessarily mean that we can trust that we are in possession of that owner's public key.5.4 Consider radix-64 conversion as a form of encryption. In this case, there is no key. But suppose that an opponent knew only that some form of substitution algorithm was being used to encrypt English text and didnot guess it was R64. How effective would this algorithm be against cryptanalysis?It certainly provides more security than a monoalphabetic substitution. Because we are treating the plaintext as a string of bits and encrypting 6 bits at a time, we are not encrypting individual characters. Therefore, the frequency information is lost, or at least significantly obscured.5.5 Phil Zimmermann chose IDEA, three-key triple DES, and CAST-128 as symmetric encryption algorithms for PGP.Give reasons why each of the following symmetric encryption algorithms for described in this book is suitable or unsuitable for PGP: DES, two-key triple DES, and AES.DES is unsuitable because of its short key size. Two-key triple DES, which has a key length of 112 bits, is suitable. AES is also suitable.Chapter 6 IP SecurityANSWERS NSWERS TO QUESTIONS6.1 Give examples of applications of IPSec.Secure branch office connectivity over the Internet: A company can build a secure virtual private network over the Internet or over a public WAN. This enables a business to rely heavily on the Internet and reduce its need for private networks, saving costs and network management overhead. Secure remote access over the Internet: An end user whose system is equipped with IP security protocols can make a local call to an Internet service provider (ISP) and gain secure access to a company network. This reduces the cost of toll charges for traveling employees and telecommuters. Establishing extranet and intranet connectivity with partners: IPSec can be used to secure communication with other organizations, ensuring authentication and confidentiality and providing a key exchange mechanism. Enhancing electronic commerce security: Even though some Web and electronic commerce applications have built-in security protocols, the use of IPSec enhances that security.6.2 What service are provided by IPSec?Access control; connectionless integrity; data origin authentication; rejection of replayed packets (a form of partial sequence integrity); confidentiality (encryption); and limited traffic flow confidentiality。

中国石油大学（华东）智慧树知到“计算机科学与技术”《信息安全技术》网课测试题答案（图片大小可自由调整）第1卷一.综合考核(共15题)1.Microsoft把软件更新、补丁和新功能集成为一个大的自安装软件包，称为()。

A.Service PackB.PatchC.HotfixD.Update2.以下属于“可传染的独立性恶意代码”的是()A.传统病毒B.蠕虫C.特洛伊木马D.逻辑炸弹3.下列命令最好的是()A.FATB.FAT32C.NTFSD.以上都可以4.拒绝服务是一种系统安全防护措施，它保护计算机系统以防止黑客的攻击。

()A.错误B.正确5.拒绝服务是一种系统安全机制，它可以保护系统以防病毒对计算机系统的攻击。

()A.错误B.正确6.下列关于病毒的说法正确是()。

A.病毒只会感染可执行文件B.系统经反病毒软件检测和杀毒后，该系统内就没有病毒了C.干净的移动介质只要写保护就不会感染病毒D.联网的计算机只要不主动下载网上的文件就不会感染病毒7.信息系统安全的最基本目标“CIA”是指()。

A.机密性、完整性、鉴别B.机密性、完整性、可用性C.机密性、完整性、抗抵赖性D.机密性、访问控制、鉴别8.“公钥密码体制”的含义是()A.两个密钥都公开B.将私有密钥公开，公开密钥保密C.两个密钥都保密D.将公开密钥公开，私有密钥保密9.应用代理防火墙隐藏了防火墙背后系统的IP地址。

()A.错误B.正确10.计算机系统安全性取决于系统中是否安装了防火墙和防病毒软件。

()A.错误B.正确11.现代密码体制把算法和密钥分开，只需要保证密钥的安全性，算法是可以公开的。

()A.错误B.正确12.访问控制的目的是防止对系统的非授权访问。

()A.错误B.正确13.访问控制的目的是防止用户破坏系统。

()A.错误B.正确14.应用代理防火墙所有连接都在防火墙处终止，并且还隐藏了防火墙背后系统的IP地址。

()A.错误B.正确15.在Windows xp中，为了设置本地文件访问权限，应该使用NTFS文件系统。

八年级英语信息安全保护方法单选题30题1.We need to install a good _____ to protect our computer from viruses.A.softwareB.firewallC.hardwareD.program答案：B。

本题考查信息安全相关名词。

选项A“software”是软件，不能直接保护电脑免受病毒侵害。

选项B“firewall”防火墙，可以阻止病毒和恶意软件的入侵，符合题意。

选项C“hardware”是硬件，与防病毒关系不大。

选项D“program”程序，比较宽泛，不一定能起到保护电脑免受病毒侵害的作用。

2.Which one is an important tool for information security?A.keyboardB.mouseC.antivirus softwareD.monitor答案：C。

选项A“keyboard”键盘是输入设备，与信息安全关系不大。

选项B“mouse”鼠标也是输入设备，与信息安全无直接关系。

选项C“antivirus software”杀毒软件是信息安全的重要工具，正确。

选项D“monitor”显示器只是输出设备，不能保障信息安全。

3.A _____ can prevent unauthorized access to a network.A.routerB.switchC.gatewayD.server答案：C。

选项A“router”路由器主要用于网络连接和路由选择。

选项B“switch”交换机用于连接多台设备。

选项C“gateway”网关可以防止未经授权的访问网络，符合题意。

选项D“server”服务器主要提供服务，不能防止未经授权的访问。

4.The _____ is used to store important data securely.A.diskB driveC.cloud storageD.hard drive答案：C。

计算机三级信息安全技术单选题1、【题目】—国务院发布《计算机信息系统安全保护条例》。

选项：A. 1990年2月18日B. 1994 年2 月18 EIC. 2000年2月18日D. 2004年2月18日答案：B解析：暂无解析1、【题目】根据BS 7799的规定，访问控制机制在信息安全保障体系中属于环节A. 保护B. 检测C. 响应D. 恢复答案：A解析：暂无解析1、【题目】ISO 7498-2开放系统安全互联体系架构模型描述了信息系统安全架构的层面，实现机制和安全服务，以下哪一项不是该模型涉及的安全机制？选项：A. 鉴别B. 数字签名C. 访问控制D. 路由控制答案：A解析：暂无解析1、【题目】以下关于置换密码的说法正确的是选项：A. 明文根据密钥被不同的密文字母代替B. 明文字母不变，仅仅是位置根据密钥发生改变C. 明文和密钥的每个bit异或D. 明文根据密钥作了移位答案：解析:暂无解析1 ＞【题目】使用Winspoof软件，可以用来() 选项：A. 显示好友的IPB. 显示陌生人的IPC. 隐藏的IPD. 攻击对方端口答案：C解析：暂无解析1、【题目】防火墙能够OA. 防范恶意的知情者B. 防范通过它的恶意连接C. 防备新的网络安全问题D. 完全防止传送己被病毒感染的软件和文件答案：B解析：暂无解析1、【题目】关于smurf攻击，描述不正确的是下面哪一项？选项：A. Smurf攻击是一种拒绝服务攻击，由于大量的网络拥塞，可能造成中间网络或目的网络的拒绝服务。

B. 攻击者发送一个echorequest广播包到中间网络，而这个包的源地址伪造成目的主机的地址。

中间网络上的许多“活”的主机会响应这个源地址。

攻击者的主机不会接受到这些冰雹般的echoreplies响应，目的主机将接收到这些包。

C. Smurf攻击过程利用ip地址欺骗的技术。

D. Smurf攻击是与目标机器建立大量的TCP半连接，耗尽系统的连接资源，达到拒绝服务攻击的目的。

诺顿网络安全调查报告
根据诺顿网络安全调查报告显示的数据分析，我们可以得出以下结论：
1. 在过去一年中，全球网络威胁不断增加。

网络犯罪分子利用各种方式入侵计算机系统，获取个人信息或进行其他非法活动。

2. 攻击者最常使用的手段之一是电子邮件钓鱼。

他们通常发送带有恶意附件或链接的电子邮件，以诱使受害者点击并暴露其计算机系统于威胁之下。

3. 云安全是当前的重要议题。

随着越来越多的组织将数据存储在云平台上，网络犯罪分子开始针对这些平台进行攻击。

4. 人们对于网络安全的意识正在提高，但仍然存在很大的改进空间。

用户应该警惕不明来源的电子邮件，始终保持系统和应用程序的更新，并使用强密码来保护自己的账户。

5. 金融领域是网络犯罪的主要目标之一。

攻击者利用各种技术手段窃取银行账户信息，导致用户财务损失。

6. 移动设备安全正面临越来越多的挑战。

人们越来越喜欢使用移动设备进行各种活动，但这也给网络犯罪分子提供了更多入侵的机会。

7. 人工智能技术可以用于改进网络安全防护。

许多组织正在研发和应用机器学习和自动化技术，以识别和应对不断变化的网
络威胁。

总之，当前网络安全形势严峻，我们必须加强意识和防护措施，以保护个人信息和资金安全。