CISSP认证每日知识点和常错题(12月17日)

Source

一、每日知识点(以下知识点源自CISSP官方学习指南Flash CARD)

知识点1:

Q:What are the key concepts of the role-based access control (RBAC) model?

问:基于角色的访问控制(RBAC)模型的关键概念是什么?

A:RBAC models use task-based roles, and users gain privileges when administrators place their accounts into a role or group. Taking a user out of a role removes the permissions granted through the role membership.

答:RBAC模型使用基于任务的角色,当管理员将其帐户放入角色或组时,用户将获得权限。让用户退出角色将删除通过角色成员身份授予的权限。

知识点2:

Q:Network devices at what layer and above separate broadcast domains?

问:网络设备位于哪一层及以上独立的广播域?

A:Layer 3

答:第三层

知识点3:

Q:What is SDx?

问:什么是SDx?

A:Software-defined everything (SDx) refers to a trend of replacing hardware with software using virtualization. SDx includes virtualization, virtualized software, virtual networking, containerization, serverless architecture, infrastructure as code, SDN, VSAN, software-defined storage (SDS), VDI, VMI, SDV, and software-defined data center (SDDC).

答:软件定义的一切(SDx)指的是使用虚拟化以软件取代硬件的趋势。SDx包括虚拟化、虚拟化软件、虚拟网络、集装箱化、无服务器体系结构、基础架构(如代码)、SDN、VSAN、软件定义存储(SDS)、VDI、VMI、SDV和软件定义数据中心(SDDC)。

---------------

二、CISSP认证常错题(源自CISSP认证官方习题集、CISSP认证官方综合测试题)【答案解析在题目之后】

题目1

以下哪种灭火系统的意外风险最大,可能会损坏数据中心的设备?

Which one of the following fire suppression systems poses the greatest risk of accidental discharge that damages equipment in a data center?

A、湿管  

Wet pipe 

B、干管 

Dry pipe

C、喷水

Deluge

D、预处理系统

Preaction

题目2

在软件测试期间,Jack假设了一个场景:一个黑客想访问他正在审查的应用程序。Jack在考虑黑客可能会从哪里入手,然后他针对攻击者的可能行为对系统进行测试,请问Jack进行的是什么类型的测试?

During software testing, Jack diagrams how a hacker might approach the application he is reviewing and determines what requirements the hacker might have. He then tests how the system would respond to the attacker's likely behavior. What type of testing is Jack conducting?

A、误用案例测试

Misuse case testing

B、用例测试 

Use case testing

C、Hacker用例测试

Hacker use case testing 

D、静态代码分析

Static code analysis

题目3

James决定实施一个NAC解决方案,使用后准入原则来控制网络连接。后准入原则不能解决什么类型的问题?

James has opted to implement a NAC solution that uses a post-admission philosophy for its control of network connectivity. What type of issues can't a strictly post-admission policy handle?

A、带外监控

Out-of-band monitoring

B、防止未连接的笔记本电脑在连接到网络后立即被利用

Preventing an unpatched laptop from being exploited immediately after connecting to the network

C、当用户行为与授权矩阵不匹配时,拒绝用户访问

Denying access when user behavior don’t match an authorization matrix

D、当用户行为满足基于授权的矩阵时,允许用户访问特定对象

Allowing a user access to a specific object when user behavior is allowed based on an authorization matrix

---------------

另有更多免费认证测试题,可私信我获取和做题:

---------------

题目1

答案:A

解析:干管、喷水和预处理系统使用的管道在正常情况下是空的,一旦检测到火灾迹象,管道才充满水。湿管使用的管道一直充满水,如果管道损坏,可能会损坏设备。

Dry pipe, deluge, and preaction systems all use pipes that remain empty until the system detects signs of a fire. Wet pipe systems use pipes filled with water that may damage equipment if there is damage to a pipe.

题目2

答案:A

解析:Jack正在执行误用案例测试,该测试方法侧重的是软件被误用的情况。静态代码测试的目的是检查代码本身是否存在缺陷,而不是测试软件在运行时的情况。Hacker用例测试是虚造的词。

Jack is performing misuse case analysis, a process that tests code based on how it would perform if it was misused instead of used properly. Use case testing tests valid use cases, whereas static code analysis involves reviewing the code itself for flaws rather than testing the live software. Hacker use case testing not an industry term for a type of testing.

题目3

答案:B

解析:后准入原则根据连接后的用户活动允许或拒绝访问。由于这不会在连接之前检查机器的状态,因此无法在连接后立即防止系统被利用。这并不排除带外或带内监控,但这确实意味着:在系统被允许进入网络之前,严格的后准入策略不会处理系统检查。

A post-admission philosophy allows or denies access based on user activity after connection. Since this don’t check the status of a machine before it connects, it can't prevent the exploit of the system immediately after connection. This doesn't preclude out-of-band or in-band monitoring, but it does mean that a strictly post-admission policy won't handle system checks before the systems are admitted to the network.