# 0304測驗
|||| C ||||1.資安人員對整個系統架構進行瞭解及測試,進而分析系統的較不足處在那裡、哪些人有可能會進行攻擊,攻擊的目的是什麼以及要攻擊哪些地方,此種稱為? Security personnel understand and test the entire system architecture, and then analyze the system's shortcomings, who is likely to attack, what is the purpose of the attack, and where to attack. This is called?
A.對策分析 countermeasure analysis
B.威脅分析 threat analysis
C.弱點分析 vulnerability analysis
D.風險分析 risk analysis
|||| D ||||2.資訊安全的基本需求包括? What are the basic requirements for information security?
A.完整性 Integrity、可用性Availability
B.機密性Confidentiality、可用性Availability
C.機密性Confidentiality、完整性Integrity
D.機密性Confidentiality、完整性 Integrity、可用性Availability
|||| D ||||3.下列何者非資安好習慣? Which of the following is not a good habit for information security?
A.電子郵件要過濾 Emails to be filtered
B.應用系統要更新 Application system needs to be updated
C.電腦不使用要登出 Log out of the computer when not in use
D.使用生日做為密碼 Use birthday as password
|||| B ||||4.竊取資訊或是在他人的電腦中植入木馬程式,直接取得電腦中的資源及機密文件,不讓傳輸者發覺他的存在是屬於何種攻擊? What kind of attack is it to steal information or install a Trojan horse program in other people's computers to directly obtain resources and confidential files in the computer without letting the transmitter notice his existence?
A.主動式攻擊 active attack
B.被動式攻擊 passive aggressive
C.無意攻擊 unintentional attack
|||| A ||||5.ISO 27001中的PDCA循環是什麼? What is the PDCA cycle in ISO 27001?
A.Plan、Do、Check、Act
B.Program、Do、Check、Act
C.Plan、Do、Confirm、Act
D.Plan、Do、Check、Audit
|||| A ||||6.一般常見的災害,包括颱風、地震、水災等造成資訊系統破壞屬於何種資訊安全的威脅? What kind of information security threats are caused by damage to information systems caused by common disasters, including typhoons, earthquakes, floods, etc.?
A.天然威脅 natural threats
B.人為威脅 man-made threat
C.蓄意威脅 deliberate threat
D.主動威脅 active threat
|||| D ||||7.下列哪一項不是資訊安全通常會注重的資料?Which of the following is not information security usually pays attention to?
A.機密資料 confidential data
B.敏感資料 sensitive data
C.正確資料 integrity data
D.以上皆注重 Pay attention to the above
|||| B ||||8.透過數位簽章用來確保資料傳輸過程中,不會被駭客篡改及偽造,是為了達到? Digital signatures are used to ensure that data will not be tampered with or forged by hackers during transmission. What is the purpose of this?
A.機密性 Confidentiality
B.完整性 Integrity
C.可用性 Availability
|||| A ||||9.以郵件寄送偽裝成正常管道(網頁)寄送,當使用者進入這類網站填寫資料或開啟偽冒的惡意郵件之附件時,使用者的重要資訊就會立即外洩,甚至讓裝置中毒,此種攻繫手法為?It is sent by mail disguised as a normal channel (web page). When a user enters such a website to fill in information or opens an attachment of a fake malicious email, the user's important information will be immediately leaked, and the device may even be poisoned. What is this kind of attack method?
A.網路釣魚 Phishing
B.電腦蠕蟲 Computer Worm
C.木馬程式 Trojan Horse
D.殭屍電腦 Zombie computer
|||| C ||||10.何者不是資訊安全的目的?What is not the purpose of information security?
A.防止未經授權者得到有價值的資訊 Prevent unauthorized persons from obtaining valuable information
B.避免電腦設備受到災害的侵襲 Protect computer equipment from disasters
C.防止使用者輕鬆獲得資料 Prevent users from easily obtaining information
D.保護所有資訊系統之資源 Protect the resources of all information systems
# 0311測驗
|||| A ||||11.在安全管理上需注意之事項,哪一項敘述錯誤?Regarding matters to be noted in safety management, which statement is incorrect?
A.使用者離職時,不須將其使用權限註銷When a user leaves their position, there is no need to revoke their access rights.
B.隨時監視控制台(Console),是否有不明身分使用者企圖登入(Login)本系統。Monitor the console at all times to detect any unauthorized attempts to log into the system
C.定期檢查系統稽核檔(Log File),是否有異常狀況 Regularly check the system audit log files for any abnormal conditions
D.定期備份資料Regularly backup data
|||| A ||||12.「指將電腦系統所有檔案(包括:資料、應用系統程式、作業系統及系統程式等),不論這些檔案是否有被標記「已備份」,均要完整地複製至儲存媒體上」,以上敘述是指哪一種備份?The above description refers to a type of backup known as a "full backup," where all files on the computer system, regardless of whether they are marked as "backed up," are completely copied to storage media.
A.完整備份(Completely backup)
B.選擇式備份(Selective Backup)
C.增量備份(Incremental Backup)
D.差異備份(Differential Backup)
|||| D ||||13.哪一項要素非電腦機房環境需注意的?Which element needs attention outside of the computer room environment?
A.溫度Temperature
B.溼度Humidity
C.落塵Dust accumulation
D.皆需注意。All of the above need attention.
||||C||||14.機房位置規劃,哪個說明不正確?Which description is incorrect regarding data center location planning?
A.電腦機房位置要遠離會受電磁場干擾的地方,周圍環境不應該有如電視台、行動基地台、廣播電台、及電力公司之變電所等具高電磁波場所。 The computer room should be located far from places prone to electromagnetic interference, such as television stations, mobile base stations, broadcasting stations, and electrical substations.
B.將資訊中心建於高於地面(三樓以上)可解決洪水導致的水位上升問題。Constructing the data center above ground level (three floors or more) can solve the problem of rising water levels caused by floods.
C.機房內應該鋪設地毯,有利電腦正常之作業。Carpeting should be laid in the computer room to facilitate normal computer operations.
D.網路線或數據線絕對要避免與電源線並列或置放在同一管線內,電源線通電後會產生電磁場,將干擾傳送0與1數位資料之網路線或數據線信號。Network cables or data lines must absolutely avoid running parallel to or being placed in the same conduit as power lines. When power lines are energized, they generate electromagnetic fields that can interfere with the transmission of digital data signals through network cables or data lines.
|||| B ||||15.想要測試電腦主機間的網路品質,使用何項指令進行?To test the network quality between computer hosts, which command should you use?
A.ipconfig
B.ping
C.net view
D.net user
|||| A ||||16.資訊安全行政管理方面,何者正確?Which statement is correct regarding administrative management of information security?
A.異地存放與同步傳輸Remote storage and synchronous transmission
B.異地存放與非同步傳輸Remote storage and asynchronous transmission
C.同地存放與非同步傳輸Local storage and asynchronous transmission
D.同地存放與同步傳輸 Local storage and synchronous transmission
|||| D ||||17.若進行電腦主機間的網路品質測試得到「Request timed out」結果,有可能是因為?If the network quality test between computer hosts returns "Request timed out," it may be due to?
A.網站間的路徑或網站,目前處於堵塞或故障狀況The path or website between the hosts is currently congested or experiencing a failure.
B.對方網站目前是關機或故障狀況 The destination website is currently shut down or experiencing a malfunction.
C.對方網站目前忙碌 The destination website is currently busy.
D.以上皆是 All of the above
|||| A ||||18.若對此網址「www.nchu.com.jp」進行網路品質測試,而測試之網路位址不存在時,系統回應之錯誤訊息為?If you perform a network quality test on the website "www.nchu.com.jp" and the network address being tested does not exist, the error message the system may respond with is "Host not found."
A.Bad IP address www.nchu.com.jp
B.No IP address www.nchu.com.jp
C.Not IP address www.nchu.com.jp
D.Poor IP address www.nchu.com.jp
|||| C ||||19.電腦操作及資料安全方面,何者敘述不正確?Which statement is incorrect regarding computer operations and data security?
A.應定期進行電腦設備操作訓練及資訊安全相關課程Regular computer equipment operation training and information security-related courses should be conducted.
B.電腦設備操作程序應具備說明文件Documentation on computer equipment operation procedures should be available.
C.操作人員、值班人員的安排方式不用特別注意The arrangement of operators and on-duty personnel does not require special attention.
D.使用之資源資訊應進行級別分類Resource information used should undergo classification by levels.
|||| B ||||20.資訊安全行政管理方面,何者正確?Which statement is correct regarding administrative management of information security?
A.不需準備相關的系統維護之措施No need to prepare relevant system maintenance measures.
B.應對於superuser密碼持有人進行適當的管理Proper management should be conducted for superuser password holders.
C.資訊中心成員離職時不需有特別的處理程序There is no need for special handling procedures when members of the information center leave their positions.
D.任何人隨時都可以進出主機房,不需進行特別管制 Anyone can enter and exit the data center at any time without special controls.
# 0318測驗
|||| A ||||21.使用者身分識別中的「識別身分(Personal Identification)」是指?
A.系統必須能夠唯一識別每一位合法使用者
B.系統必須不含糊地驗證使用者所宣稱之身分
C.系統必須能夠唯一識別每一位不合法使用者
D.系統必須含糊地驗證使用者所宣稱之身分
|||| B ||||22.使用者身分識別中的「鑑別身分 (Authentication)」是指?
A.系統必須能夠唯一識別每一位合法使用者
B.系統必須不含糊地驗證使用者所宣稱之身分
C.系統必須能夠唯一識別每一位不合法使用者
D.系統必須含糊地驗證使用者所宣稱之身分
|||| A ||||23.「以字典中之單字來測試使用者之通行密碼」,是指哪個常見的密碼攻繫手法?
A.字典攻擊法(Dictionary Attack)
B.猜測攻擊法(Guessing Attack)
C.窮舉攻擊法或暴力攻擊法(Brute-Force Attack)
D.行騙法(Spoofing)
|||| C ||||24.「將所有可能之通行密碼一一測試,因此若使用者所選之通行密碼過短,很快就會被測出」,是指哪個常見的密碼攻繫手法?
A.字典攻擊法(Dictionary Attack)
B.猜測攻擊法(Guessing Attack)
C.窮舉攻擊法或暴力攻擊法(Brute-Force Attack)
D.行騙法(Spoofing)
|||| B ||||25.通行密碼選擇的原則和注意事項,何者有誤?
A.避免多台主機系統共用相同通行密碼
B.以鍵盤排列設定,容易記憶,也不易被有心人猜中
C.合理長度為8至12個字母
D.每次登錄時,先檢查系統給你的訊息
|||| B ||||26.通行密碼選擇的原則和注意事項,何者正確?
A.如果設定非常複雜的密碼就不需要定期更改
B.因臨時性任務申請之通行密碼,任務結束後使用者帳號應予刪除
C.離職員工之帳號不需刪除
D.將所有密碼設定一致,不易忘記且安全
|||| B ||||27.設計通行密碼的注意事項中,何者說明有誤?
A.同時有二人Login時應進行警告
B.所有Login動作若沒有特別疑慮,不需記錄
C.系統要有強迫使用者定期更改通行密碼功能
D.系統應訂定輸入錯誤次數
|||| D ||||28.透過人的生理結構進行身份驗證是屬於哪一種驗證方式?
A.證件驗證
B.通行密碼驗證
C.行為差異性
D.生物特性
|||| D ||||29.生物特徵驗證設備的選購評估,何者錯誤?
A.活體驗證功能(Live & Die Verify)
B.錯誤拒絕率(False Reject Rate)
C.錯誤接受率(False Accept Rate)
D.性價比(Cost-effectiveness)
|||| D ||||30.一維條碼與二維條碼的敘述何者有誤? 回答錯誤
A.一維條碼是由線條的空間單位組成數字, 編碼方式較簡單, 肉眼較易辨識
B.二維條碼的編碼方式特殊, 且較微小, 肉眼不易辨識, 在編碼或解碼時可以加上密碼
C.兩者可儲存的資料量一樣
D.一維條碼又稱全條碼
# 0325測驗
|||| A ||||31.*****指傳送方與接收方在加解密數據時,皆使用同一把密鑰。***** means that both the sender and the receiver use the same key when encrypting and decrypting data.
A.對稱式加密( Symmetric Encryption )
B.非對稱式加密( Asymmetric Encryption )
C.雜湊函數( Hash Function )
|||| B ||||32.******指每個使用者都擁有一對金鑰,包括:公開金鑰( Public key )及私密金鑰( Private key )****** means that each user has a pair of keys, including: public key and private key
A.對稱式加密( Symmetric Encryption )
B.非對稱式加密( Asymmetric Encryption )
C.雜湊函數( Hash Function )
|||| C ||||33.*****把任意長度的輸入數據經過算法壓縮,輸出一個尺寸小了很多的固定長度的數據,進行加密
A.對稱式加密( Symmetric Encryption )
B.非對稱式加密( Asymmetric Encryption )
C.雜湊函數( Hash Function )
|||| C ||||34.若以雜湊函數( Hash Function )中常見的mod計算方式,當數值為「52」,mod數為5的時候,數值計算後將會被放到陣列中的哪個位置?If we use the common mod calculation method in hash function, when the value is "52" and the mod number is 5, where will the value be placed in the array after calculation?
A.5
B.6
C.2
D.3
|||| A ||||35.若以雜湊函數( Hash Function )中常見的移動折疊法 (Shift)計算方式,區段拆解以3個數值為一個區塊,那麼請問當數值為「874512234」時,計算過後儲存的值是?If the shift and fold method (Shift) calculation method commonly used in hash functions is used, and the segment is disassembled into 3 values into one block, then when the value is "874012234", what is the value stored after calculation?
A.1620
B.1422
C.1323
D.1610
|||| C ||||36.若以雜湊函數( Hash Function )中常見的邊界折疊法 (Boundary)計算方式,區段拆解以3個數值為一個區塊,那麼請問當數值為「874512234」時,計算過後儲存的值是(奇數段區塊以順向計算,偶數區塊以反向計算)?If the boundary folding method calculation method common in hash function is used, the segment is disassembled into 3 values as one block, then when the value is "874512234", the value stored after calculation is ( Odd-numbered blocks are calculated in forward direction, and even-numbered blocks are calculated in reverse direction)?
A.1620
B.1422
C.1323
D.1610
|||| C ||||37.若以凱薩密碼(Caesar’s cipher)的方式進行加密,請問「ABCDEFG」將如何被儲存(請以向右偏移3位數計算)?If it is encrypted using Caesar’s cipher, how will “ABCDEFG” be stored (please calculate by 3 digits offset to the right)?
A.BCDEFGA
B.CDEFGAB
C.DEFGABC
D.EFGABCD
|||| B ||||38.若以替換加秘法(substitution cipher)加密,若「I am a cat.」將被如何記錄?替換對照 a-->c, c-->d, m-->a, i-->p, t-->y。If encrypted with substitution cipher, how will "I am a cat." be recorded? Replacement control a-->c, c-->d, m-->a, i-->p, t-->y
A.cacdcyp
B.pcacdcy
C.cpacdcy
D.cpacdcd
|||| A ||||39.****是指對特定的數據列進行加密,只有具有適當權限的用戶才能解密並訪問數據。**** refers to encrypting specific data columns so that only users with appropriate permissions can decrypt and access the data
A.列級加密
B.表級加密
C.文件級加密
|||| C ||||40.****對整個數據庫文件進行加密,包括數據和元數據。****Encrypt the entire database file, including data and metadata.
A.列級加密
B.表級加密
C.文件級加密
Sign in with Wallet
Connect another wallet