摘要：对于【信息安全工程师】软考考试而言，试题无疑是最重要的学习资料之一。在软考备考过程中，吃透试题、掌握试题所考知识点、熟悉试题的出题思路，对我们提升分数的效果是最明显的，通过对试题的反复练习，还可以查漏补缺。今天，给大家带来【2022年11月信息安全工程师 上午试卷】部分试题的详解，一起来看看吧~



1、网络设备的常见漏洞包括拒绝服务漏洞、旁路、代码执行、溢出、内存破坏等。CVE-2000-0945漏洞显示思科Catalyst 3500 XL交换机的Web配置接口允许远程攻击者不需要认证就执行命令，该漏洞属于(70)。
A、拒绝服务漏洞
B、旁路
C、代码执行
D、内存破坏

答案:C
答题解析:

拒绝服务漏洞。拒绝服务漏洞将导致网络设备停止服务，危害网络服务可用性。例如，思科Catalyst交换机的HTTP服务器不当处理TCP Socket，允许远程攻击者通过将恶意数据包发送到80或443端口导致拒绝服务。

旁路(Bypass something)。旁路漏洞绕过网络设备的安全机制，使得安全措施没有效果。

代码执行(Code Execution)。该类漏洞使得攻击者可以控制网络设备，导致网络系统失去控制，危害性极大。CVE-2000-0945信息显示思科Catalyst3500XL交换机的Web配置接口允许远程攻击者不需要认证就执行任意命令。

内存破坏(Memory Corruption)。内存破坏漏洞利用常会对路由器形成拒绝服务攻击。

2、Perhaps the most obvious difference between private-key and public-key encryption is that the former assumes complete secrecy of all cryptographic keys，whereas the latter requires secrecy for only the private key.Although this may seem like a minor distinction，the ramifications are huge：in the private-key setting the communicating parties must somehow be able to share the (71) key without allowing any third party to learn it，whereas in the public-key setting the (72) key can be sent from one party to the other over a public channel without compromising security.For parties shouting across a room or，more realistically，communicating over a public network like a phone line or the Internet，public-key encryption is the only option.Another important distinction is that private-key encryption schemes use the (73) key for both encryption and decryption，whereas public-key encryption schemes use (74) keys for each operation.That is，public-key encryption is inherently asymmetric.This asymmetry in the public-key setting means that the roles of sender and receiver are not interchangeable as they are in the private-key setting；a single key-pair allows communication in one direction only.(Bidirectional communication can be achieved in a number of ways；the point is that a single invocation of a public-key encryption scheme forces a distinction between one user who acts as a receiver and other users who act as senders.)In addition，a single instance of a (75) encryption scheme enables multiple senders to communicate privately with a single receiver，in contrast to the private-key case where a secret key shared between two parties enables private communication only between those two parties.
A、main
B、same
C、public
D、secret

答案:D
答题解析:

也许私钥加密和公钥加密之间最明显的区别在于前者设定所有加密密钥完全保密，而后者只要求对私钥保密。虽然这看起来像一个小的区别，后果是巨大的：在私钥设置中，通信方必须以某种方式能够共享密钥不允许任何第三方学习，而在公钥设置中，公钥可以从一方发送到另一个公共渠道不涉及到安全问题。对于那些在房间里大喊大叫，更实际地说，通过类似于电话线或互联网等公共网络进行交流来说，公钥加密是唯一的选择。

另一个重要的区别是，私钥加密体制同时使用相同的密钥进行加密和解密，而公钥加密方案都使用不同的密钥。也就是说，公钥加密本质上是不对称的。在公钥设置中，这种不对称性意味着发送方和接收方的角色不能像在私钥设置中那样可以互换；一个密钥对只允许在一个方向上的通信。（双向通信可以通过多种方式实现；关键点在于，公钥加密方案的一次调用可以强制区分作为接收器的一个用户和充当发件人的其他用户。）此外，公钥加密体制的单个实例使得多个发送者能够与单个接收者进行私有通信，而在私钥的情况下，双方之间共享的密钥只能在双方之间进行私有通信。

3、Perhaps the most obvious difference between private-key and public-key encryption is that the former assumes complete secrecy of all cryptographic keys，whereas the latter requires secrecy for only the private key.Although this may seem like a minor distinction，the ramifications are huge：in the private-key setting the communicating parties must somehow be able to share the (71) key without allowing any third party to learn it，whereas in the public-key setting the (72) key can be sent from one party to the other over a public channel without compromising security.For parties shouting across a room or，more realistically，communicating over a public network like a phone line or the Internet，public-key encryption is the only option.Another important distinction is that private-key encryption schemes use the (73) key for both encryption and decryption，whereas public-key encryption schemes use (74) keys for each operation.That is，public-key encryption is inherently asymmetric.This asymmetry in the public-key setting means that the roles of sender and receiver are not interchangeable as they are in the private-key setting；a single key-pair allows communication in one direction only.(Bidirectional communication can be achieved in a number of ways；the point is that a single invocation of a public-key encryption scheme forces a distinction between one user who acts as a receiver and other users who act as senders.)In addition，a single instance of a (75) encryption scheme enables multiple senders to communicate privately with a single receiver，in contrast to the private-key case where a secret key shared between two parties enables private communication only between those two parties.
A、stream
B、different
C、public
D、secret

答案:C
答题解析:

也许私钥加密和公钥加密之间最明显的区别在于前者设定所有加密密钥完全保密，而后者只要求对私钥保密。虽然这看起来像一个小的区别，后果是巨大的：在私钥设置中，通信方必须以某种方式能够共享密钥不允许任何第三方学习，而在公钥设置中，公钥可以从一方发送到另一个公共渠道不涉及到安全问题。对于那些在房间里大喊大叫，更实际地说，通过类似于电话线或互联网等公共网络进行交流来说，公钥加密是唯一的选择。

另一个重要的区别是，私钥加密体制同时使用相同的密钥进行加密和解密，而公钥加密方案都使用不同的密钥。也就是说，公钥加密本质上是不对称的。在公钥设置中，这种不对称性意味着发送方和接收方的角色不能像在私钥设置中那样可以互换；一个密钥对只允许在一个方向上的通信。（双向通信可以通过多种方式实现；关键点在于，公钥加密方案的一次调用可以强制区分作为接收器的一个用户和充当发件人的其他用户。）此外，公钥加密体制的单个实例使得多个发送者能够与单个接收者进行私有通信，而在私钥的情况下，双方之间共享的密钥只能在双方之间进行私有通信。

查看完整试题>>>