2021全員信息安全考試

1、2021全員信息安全考試基本信息：矩陣文本題 *姓名：_工號(hào):_部門：_1、關(guān)于漏洞哪項(xiàng)描述是錯(cuò)誤的？Which description of the vulnerability is wrong? 單選題 *A、護(hù)網(wǎng)期間，發(fā)現(xiàn)的互聯(lián)網(wǎng)側(cè)漏洞需馬上下線后當(dāng)天修復(fù)。The vulnerabilities found by ZTE Corporation are distributed to all units through the soc system for rectification.B、各單位漏洞整改完畢即可，無需反饋并安排驗(yàn)證；After the vulnerabilities of

2、each unit are rectified, no feedback is required and verification is arranged.(正確答案)C、因業(yè)務(wù)原因無法修復(fù)的漏洞需要業(yè)務(wù)單位、開發(fā)部門、安全部門統(tǒng)一協(xié)商，共同探討解決方案Vulnerabilities that cannot be fixed due to business reasons shall be negotiated by business units, development departments, and security departments to discuss solutions to

3、gether.D、所有資產(chǎn)都可能存在漏洞，如計(jì)算機(jī)、服務(wù)器網(wǎng)站、應(yīng)用框架、數(shù)據(jù)庫等Vulnerabilities may exist in all assets, such as computers, server websites, application frameworks, and databases.2、Jack在參與信息安全事件調(diào)查期間，因擔(dān)心受到公司處罰所以歪曲事實(shí)并偽造證據(jù)。Jack的行為觸犯了公司信息安全紅線中的哪一條？During the investigation of the information security incident, Jack distorted t

4、he facts and falsified evidence for fear of being punished by the company. Which of the following information security redlines does Jack violate? 單選題 *A、有意規(guī)避、破壞公司安全管控措施 Intentionally evading or damaging the companys security control measuresB、阻擾安全事件調(diào)查 Impeding the investigation of security incident

5、s(正確答案)C、充當(dāng)內(nèi)線 Acting as insidersD、違規(guī)使用公司身份認(rèn)證信息 Making illegal use of the companys identity information3、Jack打算離職后自己創(chuàng)業(yè)，因此離職前收集了大量公司商業(yè)秘密并拷貝到個(gè)人移動(dòng)硬盤中留存。Jack的行為觸犯了公司信息安全紅線中的哪一條？Jack intends to start his own business after leaving ZTE, so he has collected a large number of business secrets and copied them

6、 to his personal mobile hard disk before leaving ZTE. Which of the following information security redlines does Jack violate? 單選題 *A、違規(guī)使用公司身份認(rèn)證信息 Making illegal use of the companys identity informationB、阻擾安全事件調(diào)查 Impeding the investigation of security incidentsC、充當(dāng)內(nèi)線 Acting as insidersD、非法占有公司商業(yè)秘密 Il

7、legally possessing ZTEs business secrets(正確答案)4、Jack協(xié)助自己部門同事，將公司招投標(biāo)文件泄露給第三方公司，將受到公司什么樣的處罰？What penalties will Jack face if he assists his colleagues in disclosing the Companys bidding documents to third party Company? 單選題 *A、通報(bào)批評(píng) CriticismB、降級(jí) DemotionC、留崗察看 ProbationD、開除，必要時(shí)追究司法責(zé)任 Be dismissed from

8、 the company, and be transferred to the judicial authority for his legal responsibilities when necessary(正確答案)5、關(guān)于公司便攜電腦信息安全策略，以下說法錯(cuò)誤的是：Which of the following is wrong about the companys laptop information security policy? 單選題 *A、因工作需要將公司便攜電腦帶出公司，需提交“電腦帶出申請(qǐng)”；If an employee needs to take a laptop out

9、 of the company due to work requirements, the employee shall submit an application.B、覺得公司電腦不好用，可以直接將私人電腦帶入公司用于辦公；If an employee thinks that his or her work computer is not satisfactory enough, the employee can directly bring his or her personal computer into the company for work.(正確答案)C、非公司電腦禁止擅自帶入公

10、司，并嚴(yán)禁用于辦公I(xiàn)t is forbidden to bring a non-company laptop into the company and use it for work.；D、接待外來訪客時(shí)，若訪客需攜帶電腦出入公司，需在訪客申請(qǐng)中備注攜帶電腦數(shù)量，經(jīng)領(lǐng)導(dǎo)審批通過后才可帶入；來訪期間，由接待人對(duì)訪客帶入便攜電腦的信息安全負(fù)責(zé)；If a visitor needs to bring computers into the company, the employee receiving the visitor shall specify the number of computers

11、in the visitor application. Only after the application is approved, can the computers be brought into the company. The employee receiving the visitor shall be responsible for the information security of the computers of the visitor.E、公司便攜電腦必須正確粘貼防拆標(biāo)簽。Laptops of ZTE must be correctly pasted with anti

12、-disassembly labels.6、以下行為符合公司信息安全要求的是？Which of the following actions didnt violate the information security requirements of the company? 單選題 *A、只要能防病毒，我可以卸載公司的防病毒軟件，自己在網(wǎng)上下載其它替代軟件One can uninstall the companys anti-virus software and download other replacements on the Internet as long as they can pr

13、event viruses.；B、人事密碼是強(qiáng)密碼就夠了，其它公司應(yīng)用系統(tǒng)密碼可以設(shè)置簡單好記的，如admin123；A strong HR password is enough. The passwords of other company application systems can be set to be simple and easy to remember, such as admin123.C、接到登記資產(chǎn)的任務(wù)，全面、準(zhǔn)確、及時(shí)完成資產(chǎn)登記，資產(chǎn)發(fā)生變更時(shí)，及時(shí)進(jìn)行更新；After receiving a task of registering assets, an empl

14、oyee shall complete asset registration in a comprehensive, accurate, and timely manner, and update the information in a timely manner when it is changed.(正確答案)D、撿到一個(gè)不明來歷的U盤，我應(yīng)該立刻插到辦公電腦上，以查看是誰丟失的。If an employee finds a USB flash drive of an unknown source, the employee should insert it into the work

15、computer immediately to find out the owner.7、以下選項(xiàng)中，哪類資產(chǎn)接入中興通訊網(wǎng)絡(luò)必須符合強(qiáng)密碼策略？Which of the following must meet the strong password policy when accessing the ZTE network? 單選題 *A、計(jì)算機(jī)；Computers;B、服務(wù)器；Servers;C、網(wǎng)絡(luò)設(shè)備；Network devices;D、應(yīng)用系統(tǒng)；Application systems;E、數(shù)據(jù)庫；Databases;F、以上都是；All of the above(正確答案)8、以下屬

16、于全員信息安全紅線有哪些：The information securiry red lines of company includes: *A、泄露公司商業(yè)秘密Disclosing ZTEs business secrets;(正確答案)B、非法占有公司商業(yè)秘密；Illegally possessing Companys business secrets;(正確答案)C、非工作需要，轉(zhuǎn)移商業(yè)秘密至公司控制范圍之外；Transfer Companys business secrets beyond control for non-work needs;(正確答案)D、擅自獲取、泄露、轉(zhuǎn)移個(gè)人數(shù)據(jù)

17、、重要數(shù)據(jù)，或?qū)е?00條以上數(shù)據(jù)安全事件；Obtaining, leaking or transferring personal data or important data without permission, or causing 500 or above data security incidents;(正確答案)E、有意規(guī)避、破壞公司安全管控措施；Intent to avoid or damage Corporation safety control measures;(正確答案)F、充當(dāng)內(nèi)線；Act as spy;(正確答案)G、未經(jīng)授權(quán)，侵入或破壞公司網(wǎng)絡(luò)、服務(wù)器或信息系統(tǒng)；I

18、ntrude or destruct the Companys networks, servers, or information systems with no authorization;(正確答案)H、違規(guī)使用公司身份認(rèn)證信息；False usage of the Company identity information;(正確答案)I、阻擾安全事件調(diào)查；Obstruct security incident investigation；(正確答案)9、我發(fā)現(xiàn)了公司商業(yè)泄密案件線索，可以通過什么途徑舉報(bào)？If I find out about an business secret disc

19、losure incident, I can report it in the following ways: *A、公司官網(wǎng)“監(jiān)督舉報(bào)”入口；Reporting it on Supervision & Reporting on (正確答案)B、發(fā)送郵件至audit；Sending a mail to audit(正確答案)C、撥打電Dialing phone number (+86正確答案)D、向信息管理部、所屬單位信息安全小組（如信息安全主管、總監(jiān)）等可靠人員舉報(bào)。Report to the information managem

20、ent department and the information security team of the subordinate unit (such as information security supervisor and director) and other reliable personnel(正確答案)10、以下哪些行為不符合公司信息安全規(guī)定？Which of the following actions violate the information security regulations of the company? *A、下班后還有工作需要回家處理，可以直接將公司文

21、檔發(fā)送到自己的私人郵箱；If you need to go home after work, you can send your company documents to your personal mailbox.(正確答案)B、員工工作崗位已經(jīng)調(diào)動(dòng)，原單位工作群組、系統(tǒng)權(quán)限未同步刪除。The working group and system permissions of the original unit are not deleted at the same time.(正確答案)C、打印涉密文檔時(shí)等候在打印機(jī)旁，打印完畢及時(shí)取走；Retrieving the printed or ph

22、oto-copied confidential documents immediately once they are printed completely.D、參加公司內(nèi)部培訓(xùn)時(shí)，覺得培訓(xùn)PPT內(nèi)容不錯(cuò)，于是使用手機(jī)直接拍照記錄下來；When participating in the internal training of the company, I found that the training PPT content was good. I can take photos directly with mobile phones and recorded it.(正確答案)11、以下哪

23、些屬于強(qiáng)密碼？（【】內(nèi)部分）Which of the following passwords are strong passwords? (part between 【】 symbols) *A、【qwert123?】B、【E78.Rs】C、【Zvd75134.】(正確答案)D、【yangyang0120】E、【zmwmQE83】(正確答案)12、以下哪些可能屬于惡意郵件，需立即刪除或舉報(bào)：Which of the following must be deleted or reported immediately, as they may be malicious emails: *A、收到同

24、事郵件，地址后綴是2；An email from a colleague with the address suffix as 2.(正確答案)B、收到領(lǐng)導(dǎo)私人郵箱發(fā)來的郵件，要求我立刻提供某項(xiàng)目人員信息清單；An email from the leaders personal mailbox, requesting me to immediately offer a list of project personnel.(正確答案)C、收到IT的郵件，要求我在線填寫人事賬號(hào)密碼以便處理故障；An email from the IT Dept., requesting me to enter m

25、y HR account and password online for troubleshooting purposes.(正確答案)D、收到黑客的郵件，以獲取了我的隱私信息為由進(jìn)行勒索；A blackmail email from a hacker, claiming to have obtained my private information.(正確答案)E、收到外部“客戶”發(fā)來的需求說明文檔，文件后綴為“.exe”。An email describing requirements from an external customer, with an attachment suffix

26、ed with .exe.(正確答案)13、收到外部郵件，以下做法正確的是：Which of the following are correct when one receives an external email? *A、仔細(xì)核實(shí)發(fā)件人信息：是否是常用聯(lián)系人、是否有偽造內(nèi)部郵件的嫌疑；Carefully check the senders information: Whether the sender is a common contact person and whether the email may be a forged internal mail.(正確答案)B、謹(jǐn)慎核對(duì)郵件中攜

27、帶鏈接的域名，堅(jiān)決不填寫公司涉密信息、賬號(hào)密碼等敏感信息；Be cautious to check the domain name of an email address. Never fill in sensitive information such as the companys confidential information and account password.(正確答案)C、收到熟悉的朋友或同事郵件，但內(nèi)容可疑，應(yīng)打電話向其本人核實(shí)；After receiving a suspicious email from a familiar friend or colleague,

28、call him/her to make confirmation.(正確答案)D、如果不小心運(yùn)行了來路不明的郵件附件，立即斷網(wǎng)關(guān)機(jī)并舉報(bào)。If an employee accidentally runs an unknown email attachment, the employee disconnects from the network, shuts down his or her computer immediately, and files a report.(正確答案)14、以下做法正確的是：Which of the following are correct? *A、辦公區(qū)域發(fā)

29、現(xiàn)未佩戴工卡的陌生人員，主動(dòng)向前詢問核實(shí)身份，或直接向信息安全接口人/保安舉報(bào)；When finding a stranger in the office area who does not wear a work card, one proactively asks him/her to provide his/her identity, or directly reports the situation to the information security contact person/security guard.(正確答案)B、發(fā)現(xiàn)辦公區(qū)域附近有無人機(jī)設(shè)備盤旋，一定是在拍宣傳片，主動(dòng)

30、入鏡打招呼；When finding a UAV hovering near the office area, one deems that the UAV is filming a promotional scene and proactively waves to the camera of the UAV.C、辦公室網(wǎng)絡(luò)信號(hào)不好，可以使用萬能wifi隨意連接附近的可用無線網(wǎng)絡(luò)；When the network signal in the office is not good enough, an employee randomly searches for and connects to

31、 a Wi-Fi network nearby.D、在公司核心涉密區(qū)域發(fā)現(xiàn)陌生“同事”，即使TA佩戴了工卡，也應(yīng)通過查看公司通訊錄、找人事部門等方式進(jìn)一步核實(shí)。If an unfamiliar colleague is found in the companys core secret-related area, even if the TA is wearing an employee ID card, further check it by checking the companys contact list and contacting the personnel department.

32、(正確答案)15、我發(fā)現(xiàn)了公司網(wǎng)絡(luò)/物理安全異常情況，可以通過什么途徑舉報(bào)？I have discovered an abnormal network/physical security situation in the company. How should I report it? *A、物理安全異常：視實(shí)際情況，第一時(shí)間就近尋求安保人員協(xié)助；Abnormal physical security: Seek assistance from security personnel as soon as possible.(正確答案)B、撿到可疑設(shè)備：上交相關(guān)設(shè)備給信息安全主管/接口人；Suspicious device: Hand it over to the information security supervisor or contact person.(正確答案)C、惡意郵件