安全框架(framework)的目的之一是根據安全要求指導控制措施(control)的選擇,以保護資訊系統。 關於安全框架,以下哪項是正確的? (Wentz QOTD) A. 框架設定了組織要遵循的標準 B. 框架應盡可能詳盡 C. 框架可能導致強制性實踐 D. 各種框架不應同時採用
One of the security framework’s purposes is to guide the selection of controls based on security requirements to secure information systems. Which of the following is correct about security frameworks? (Wentz QOTD) A. A framework sets the standard for organizations to follow B. A framework should be as exhaustive as possible C. A framework may lead to mandatory practices D. Various frameworks should not be adopted simultaneously
老師的回覆:
A. A framework sets the standard for organizations to follow => framework是範本/懶人包, 不是標準 B. A framework should be as exhaustive as possible => 應儘量簡單, 易用, 不要太繁索 C. A framework may lead to mandatory practices => framework可能最後會導致/發展出強制性的實務作法 D. Various frameworks should not be adopted simultaneously => 一個組織實際上反而都是導入多個框架, 解決不同需求.
According to Bruce Schneier, there are four general types of cryptanalytic attacks, each of which assumes that the cryptanalyst has complete knowledge of the encryption algorithm. Which of the following emphasizes that the cryptanalyst’s job is to recover the plaintext of as many messages as possible, or better yet to deduce the key (or keys) used to encrypt the messages, in order to decrypt other messages encrypted with the same keys? (Wentz QOTD) A. Ciphertext-only attack B. Known-plaintext attack C. Chosen-plaintext attack D. Chosen-ciphertext attack
根據 Bruce Schneier 的說法,有四種一般類型的密碼分析攻擊,每一種都假設破密分析者完全了解加密算法。 以下哪項強調破碼分析員的工作是盡可能多地恢復消息的明文,或者更好地推斷用於加密消息的密鑰(或多個密鑰),以便解密使用相同密鑰加密的其他消息? (Wentz QOTD) A. 只有密文攻擊 B. 已知明文攻擊 C. 選擇明文攻擊 D. 選擇密文攻擊
建議答案為A
根據密碼學大學Bruce Schneier的說法, 只有密文攻擊, 已知明文攻擊, 選擇明文攻擊, 及選擇密文攻擊等都可以用來破解Key(即deduce the key), 但有二個是比較特別的: