5. [Past paper 2008 CIT]
王小姐利用某咖啡店內的電腦使用網上銀行服務。
Ms Wong uses a computer in a coffee shop to access online banking services.
這項網上銀行服務登入網頁的設計如下所示。
The design of the login page of the online banking services is shown below.
用戶名稱 Username
1 2 3
2002189
4 5 6
密碼 Password 7 8 9
****** 0
* 請利用滑鼠按下右邊的按 * Please use a mouse to click the buttons on the
鈕,輸入用戶名稱及密碼。 right to enter the user name and password.
(i) 試舉出此設計的一項優點,並簡略說明。
Give one advantage of this design. Explain your answer briefly.
Page 5
6. 1.1.4 間諜軟件和廣告軟件
間諜軟件(Spyware)會隱藏起來,並暗中取得用戶資料作非法用途。有些間諜軟件甚至會控制
受感染的電腦並進以下的工作:
變更瀏覽器的預設首頁
Changing the default homepage of the web browser
自動引導瀏覽器到特定的網站
Redirecting the web browser to specific web sites automatically
限制或停用網頁瀏覽器的控制設定
Restricting or disabling control settings of the web browser
安裝其他有害的間諜軟件或惡意軟件
Install other harmful spyware or malware
間諜軟件會盜取用戶的甚麼資料?
[Past paper 2007 CA]
瑪莉使用家中電腦進行問卷調查分析。瑪莉懷疑她的電腦感染了某些間諜軟件。試提
出兩個不尋常的事項,使她注意到可能有這種感染。
Mary uses her desktop computer at home to analyze a survey. Mary suspects that her
computer is infected by certain spyware. Give two unusual events that may alert her to this
possible infection.
Page 6
7. 間諜軟件可經以下途徑感染電腦:
木馬程序可在未經用戶同意或察覺的情況下,安裝間諜軟件到系統內。
Spyware can be installed by a Trojan horse without user’s permission or awareness.
當用戶瀏覽互動網頁(例如附有 ActiveX 控制項的網頁)時,電腦便有可能受到感染。
A computer can be infected when the user visits dynamic web pages, such as pages with
ActiveX controls.
安裝從可疑網站下載得來的共享軟件或免費軟件。
Install shareware or freeware which is downloaded from suspicious web sites.
廣告軟件(Adware)是一種記錄用戶活動及展示相關廣告的軟件。有些廣告軟件也會被歸類為
間諜軟件,因為它可能包含一些程序碼,在未經用戶授權的情況下把用戶的個人資料傳送給
第三者。
廣告
Page 7
8. [Past paper 2011 CA]
一套安裝在電腦的網絡保安系統產生以下的記錄檔。
網絡交通:Network traffic:
開始傳輸 Transmission begins
已接收 1024 個數據包 1024 packets received
結束傳輸 Transmission ends
惡意軟件:Malicious software:
受感染檔案 保安威脅類別 描述
File infected Type of security threat Description
abc.exe 木馬程式 這惡意程式隱藏於或假裝作一個正當程式。
Trojan hourse This malicious program hides within, or pretends
program to be a legitimate program.
xx.exe X 這惡意程式大量自我複製,令你的電腦緩慢。
This malicious program replicates itself in large
volume and slows down your computer.
yy.exe Y 這惡意程式在未知會你的情況下,收集你的資
料。
This malicious program collects your
information without your knowledge
寫出上表內 X 及 Y 的保安威脅類別。
Name the types of security threats X and Y in the above table.
Page 8
9. [Past paper 2008 CIT]
王小姐利用某咖啡店內的電腦使用網上銀行服務。她無意中執行一個不知名的程式,這可
能對網上銀行服務帶來保安上的問題。
Ms Wong uses a computer in a coffee shop to access online banking services. She accidentally
executes an unknown program which may pose a threat to the security of the services.
(i) 她執行了什麼類型的程式?What kind of program has she executed?
(ii) 試為王小姐建議兩個方法,以減低這項服務在保安方面的風險。
Suggest two ways for Ms Wong to reduce the threat to the security ofthe services.
Page 9
11. [Past paper 2009 CIT]
下列哪一項互聯網活動是最大機會感染電腦病毒的?
Which of the following Internet activities has the highest risk of infection from computer
viruses?
A. 透過點對點檔案分享軟件來下載一些不名來歷的檔案。
Download anonymous files through peer-to-peer file sharing software.
B. 更新操作系統的服務包。
Update the service pack of the operating system.
C. 向朋友傳送附有執行程式的電子郵件。
Send email with executable files to friends.
D. 進行視像會議。
Conduct video-conferencing
Page 11
12. 1.3 對抗惡意軟件
要防止惡意軟件破壞電腦系統,或盜取我們的資料,我們可以安裝適當的軟件。
1.3.1 抗電腦病毒軟件
抗電腦病毒軟件(Anti-virus Software)是保護電腦的必要工具。當它檢查磁碟內或來自互聯網
的檔案時,如發現檔案受到感染,可即時把電腦病毒除去。
抗電腦病毒軟件記錄了許多病毒識別碼(Virus signature,亦稱為病毒定義 Virus Definition),
用來鑑別已知的電腦病毒。抗電腦病毒軟件在掃描檔案時, 會利用病毒識別碼檢查檔案是否
受到感染;一旦發現受感染檔案,便會即時向用戶報告。抗電腦病毒軟件會嘗試移除電腦病
毒程序碼,並修復受感染檔案。若受感染的檔案未能被成功修復,則可隔離或刪除該檔案。
電腦用戶亦應遵守以下使用電腦的安全守則,以減低電腦系統感染病毒的機會:
定期更新病毒識別碼。
Update virus signitures regularly.
在電腦系統運作時,同時啟動抗電腦病毒軟件。
Start the anti-virus program once the computer system is running.
定期掃描電腦系統,以確保沒有受到病毒感染。
Check the computer regularly to ensure that it is free of viruses.
檢查所有收到的檔案,確保沒有受到感染才使用。
Scan all incoming files before using them.
[Past paper 2005 CIT]
下列哪些行動可減少感染病毒的機會?
Which of following actions can minimize the chance of virus infection?
(1) 保存每個檔案的備份。
Maintain a backup copy of every file.
(2) 下載及安裝更新修補程序,以改正操作系統的錯誤。
Download and install the update patches to fix the bugs of the operating system.
(3) 不要開啟不明來歷電郵的附件。
Do not open email attachments from unknown users.
(4) 同一時間只開啟一個應用程序。
Open only one application program at a time.
A. 只有(1)和(2) C. 只有(3)和(4)
B. 只有(2)和(3) D. 只有(1)、(2)和(4)
Page 12
13. [Past paper 2005 CA]
小明買了一套抗電腦病毒軟件,並安裝於他的電腦內。在使用過一段時間後,他覺得該軟件
非常有效。他將此推薦給小麗,而小麗亦買了此軟件,安裝於她的電腦內。
John buys and installs antivirus software on his computer. After using the software for a period of
time, he finds that it is very effective. He recommends it to Mary and then she buys and installs the
software on her computer.
(a) 稍後,他們各自於自己的電腦內,開啟己感染相同病毒的同一個文件檔,小明的電腦感
染了此病毒,但小麗的電腦卻可避免。試舉出兩個可能的原因。
Later on, they open the same document file infected by the same virus in their own
computers. John’s computer is infected but Mary's computer is free from infection. Give two
possible reasons.
(b) 試舉出兩種抗病毒軟件可採用的辨認方法,便能將電腦病毒偵察出來。
Give two identification methods that anti-virus software may use to detect computer viruses.
Page 13
15. [Past paper 2005 CA]
某公司提供網頁設計及網頁寄存服務,其辦公室位於某商業大廈內兩層樓面。公司的網絡結
構如下展示:
A company provides web page design and web hosting services and its office is located on two
different floors of a commercial building. Its network infrastructure is shown below:
上司 彼得
二樓
集線器
集線器 萬維網伺服器 互聯網
…
設備 B 約翰 瑪莉 一樓
…
集線器
設備 A
集線器
檔案伺服器
彼得決定 Peter decides to
(1) 加設一項設備以加強網絡保安,及
add a device for better network security, and
(2) 取代某些設備以改善網絡流量調配。
replace certain devices for better network traffic arrangement.
然而,他的上司希望保存及使用現有的網絡電線,他也不想改動任何電腦使用者及工作台的
位置。試為彼得繪畫一幅簡單的新網絡結構圖。
However, his boss wants to keep and use the current network cabling and he does not want to move
any user or workstation. Draw a simple diagram of the new network infrastructure for Peter.
防火牆使用了以下的技術:
封包過濾(Packet Filtering):防火牆保存一個 IP 位址的黑名單,並檢查任何進出的封包,
以確定其來源或目的地,阻止有問題的封包通過。
網址端轉換(Network Address Translation, NAT):將 LAN 內部電腦的 IP 位址隱藏起來,
這可以阻止外部電腦直接存取網絡內的電腦。
Page 15
19. [Past paper 2010 CA]
某中學為學生提供包括網誌、視像/語音聊天室及影像共享的網站服務。該學校電腦網絡
的連接如下圖所示。
A secondary school provides web services to students, including blogging, video/voice chat and
video sharing. The network connections of the computers in school are shown in the diagram
below.
伺服器 儲存系統 辦公室子網絡
Server Storage System Office subnet
互聯網 路由器
Internet Router
交換器 小希的電腦 學生子網絡
Switch Mary’s computer Students’ subnet
考慮辦公室子網絡內的儲存系統。現建議每日使用遞增式備份或完全備份。試指出每種建
議的一項缺點。
Consider the storage system in the office subnet. It is suggested to use either incremental backup
or full backup daily. Give one disadvantage of each of them.
Page 19
22. 然而,不當地使用這些技術亦可為電腦系統帶來嚴重的問題:
從互聯網下載並顯示大量跳出式廣告視窗。
Download and display large numbers of pop-up advertisement windows from the Internet.
惡意手稿程序更可耗用大量電腦系統資源,從而令整個系統癱瘓。
Malicious scripts can exhaust system resources and eventually bring down the whole system.
網頁瀏覽器也有程序錯誤。駭客可利用網頁瀏覽器的漏洞,控制他人的電腦以作非法用途。
因此,我們應定期更新網頁瀏覽器和操作系統,以避免受到惡意網站和駭客的攻擊。
Page 22
25. 以下為駭客入侵他人電腦的常見意圖:
為好奇而瀏覽他人電腦系統內的資料
Browse information in computer systems for curiosity and fun
毀壞他人的電腦內的數據和檔案
Damage computer data and files
變更他人網站的內容,例如在網站上塗鴉
Change the content of other’s web site, e.g. deface a web site
對網站或網絡發動「拒絕服務(DoS)」襲擊,令服務癱瘓
Launch denial of service (DoS) attack on a web site or a network
偷取他人重要和敏感的資料,例如個人資料、密碼和帳戶資料
Steal sensitive information from computer networks, e.g. personal data, passwords and account
information
[Past paper 2005 CIT]
下列哪句有關駭客活動的陳述是不正確的?
Which of the following statements about hacking is not correct?
A. 駭客可能會進行未經授權存取。Hackers may perform unauthorized access.
B. 駭客侵入一部電腦,並只留下一段訊息,不算觸犯電腦罪行。
Hackers who break into a computer and just leave a message do not commit a computer
crime.
C. 駭客可能會利用電腦病毒來接達網絡。
Hackers may use a computer virus to access a network.
D. 安裝個人防火牆是其中一個防止駭客的有效方法。
Installing a personal firewall is one of the effective ways to protect agaist hacking.
Page 25
26. [Past paper 2006 CIT]
吳小姐現正為運輸署開發電腦控制系統。行人過路燈會收到一個控制信號,隨後開啟紅燈
(RED)或綠燈(GREEN)128 秒以下。下列為控制信號的例子:
Ms Ng is developing a computer control system for the Transport Department. A pedestrian light
will receivve a control signal to subsequently turn on either RED or GREEN light for less than 128
seconds. An example ofthe control signal is shown below:
GREEN 112
燈的顏色 秒鐘的數量
The colour of light The number of seconds
此系統連接至某網絡,只讓運輸署員工使用。吳小姐擔心可能會有駭客入侵。
The system is connected to a network only for the staff of the Transport Department. Ms Ng
worries about the possibility of hacking.
(i) 她決定使用專用網絡,可是她還希望安裝防火牆。為什麼?
She decides to use a private network. However, she still wants to install a firewall. Why?
入侵 Hacking 和破解 Cracking 的分別
入侵是指擅自存取他人資料,駭客一般不是因商業理由而進行入侵活動。這些駭客只為挑
戰電腦網絡的保安漏洞而已。相反,破解者利用入侵技術進行破解,以盜取有關資料進行
非法活動。
Page 26
27. [Past paper 2010 CA]
某中學為學生提供包括網誌、視像/語音聊天室及影像共享的網站服務。該學校電腦網絡
的連接如下圖所示。
A secondary school provides web services to students, including blogging, video/voice chat and
video sharing. The network connections of the computers in school are shown in the diagram
below.
伺服器 儲存系統 辦公室子網絡
Server Storage System Office subnet
互聯網 路由器
Internet Router
交換器 小希的電腦 學生子網絡
Switch Mary’s computer Students’ subnet
某駭客入侵了小希的帳戶,並在學校的網站上張貼了一些淫穢的相片。學校將此事通知了
警方。警方可如何根據網絡的日誌檔追查該駭客?
A hacker breaks into Mary’s account and posts some obscene photos onto the school’s web site.
The school reports the incident to the police. How can the police trace the hacker using the
network log file?
Page 27
29. 我們可以更改瀏覽器的設定,決定是否要保存網站的 Cookie:
[Past paper 2005 CA]
小強預備編寫網上遊戲軟件。他希望設計一個可透過瀏覽器玩耍的遊戲。有什麼應考慮的
瀏覽器設定?試舉出兩類。
Peter is going to write online game software. He wants to design a game that can be played
through a browser. Give two kinds of browser settings that should be considered.
Page 29
30. 駭客可以利用惡意程式,盜取瀏覽器內的 cookie 檔案。
[Past paper 2008 CIT]
下列哪一項(些)可能違反了數據私隱?
Which of the following may cause an infringement of data privacy?
(1) 間諜軟件攻擊網站。 Spyware attacks web sites
(2) 黑客竊取互聯網用戶的小甜餅(cookie)。 Hackers steal the cookies of Internet users.
(3) 互聯網用戶接收很多垃圾郵件。 Internet users receive many Spam mails.
A. 只有(1) C. 只有(1)和(2)
B. 只有(3) D. 只有(2)和(3)
Page 30
31. 2.3.3 仿冒詐騙
仿冒詐騙(phishing)是指騙徒通過向可信的機構(如銀行)的用戶發出仿冒該機構的電郵訊息,
企圖取得他們的機密資料。仿冒電郵內一般包含仿冒官方網站的超連結,將用戶誘騙至偽造
的網站去。這些網站在內容和網址上都與官方網站相似,容易令用戶上當,並應偽造網站的
要求輸入個人資料。
為免誤墮仿冒詐騙網站的陷阱,我們應遵循下列的指引:
切勿開敢來源不明的電郵,亦不應點擊這些電郵內的超連結。
Do not open hyperlinks stated in suspicious sources such as e-mails from an unknown sender
提高警覺,切勿隨便向任何網站提供個人資料或敏感資料。
Be alert when a web site asks you to supply personal information and sensitive information
若發現網站有異,應先與網站管理員聯絡,以檢查網上服務的程序是否有變更。
If a web site behaves differently, check with the administrator of the web site whether there has
been a change in the handling procedures of its online services
點擊超連結前應先檢查清楚該網址,到底是否屬於真正的官方網站。
You should be cautions when the URL of the target web site differs slightly. In addition, the
URL of a phishing web site may differ completely from the URL of the genuine web site
[Past paper 2008 CIT]
下列展示一個仿冒詐騙電郵的例子。The following email shows an example of phishing.
親愛的客戶: Dear Customers,
請瀏覽 http://www.hkbank.co.uk,並登入你 Please visit http://www.hkbank.co.uk and log
的戶口,更新你的個人資料。 on to your account to update your personal
陳經理 information.
HK 銀行 Mr Chan
Manager, HK Bank
下列哪一項(些)行動可減少此類仿冒詐騙電郵的攻擊?
Which of the following actions can minimize this kind of phishing attempt?
(1) 於電腦內安裝防火牆。Install a firewall in your computer.
(2) 利用垃圾郵件過濾軟件阻隔潛在的垃圾電郵。
Use Spam filters to isolate potential Spam mail.
(3) 銀行應不要在電郵中要求客戶提供機密資料。
Banks should never ask customers for confidential information in their emails.
A. 只有(1) C. 只有(1)和(2)
B. 只有(3) D. 只有(2)和(3)
Page 31
32. [Past paper 2010 CIT]
志強收到了下列電郵,他知道這是一個偽冒電子郵件。
Peter receives the following email and knows that it is a phishing scam.
主旨:少報收入通知書 Title: Notice of Underreported Income
請從稅務局的主頁中檢視有關閣下的薪俸稅資 Please review your income tax statement on the
料(請按以下的連結) Inland Revenue Department website (click the link
檢視稅項資料 納稅人編號:00-1-00232-984 below).
Review Tax Statement for taxpayer id:
00-1-00232-984
他應如何處理?What should he do?
(1) 按下該連結,以便查明這網站是什麼。
Click the link to find out what the website is.
(2) 立即刪除此電郵。 Delete the email immediately.
(3) 回覆通知發信人,表示他不希望再收到類同的電郵。
Reply informing the sender that he does not want to receive this kind of email again.
A. 只有(1) C. 只有(1)和(3)
B. 只有(2) D. 只有(2)和(3)
Page 32
33. 2.4 防止私隱外洩
要在互聯網上保護私隱,我們應盡可能在網上保持匿名的身份。
We should remain anonymous as far as possible
要保護自己的帳戶及密碼
Safeguard our accounts and passwords
要在網上保持匿名身份,可以在用戶與互聯網之間加裝一部或者更多的電腦(通常是代理伺
服器),以增長數據封包的傳輸路線,從而增加追查用戶位置的難度。
代理伺服器(Proxy Server)有以下的作用:
負責將用戶的要求解譯並傳送到目的網伺服器去
於磁碟空間儲存進入系統的網頁檔案,以提供快取(Cache)
過濾網頁
若透過代理伺服器瀏覽網頁,由代理伺服器傳送到網伺服器的數據封包中只包含代理伺服器
的 IP 位址及網伺服器的 IP 位址。因此,網伺服器並不會接收到用戶電腦的 IP 位址。
新版本的瀏覽器有私隱模式,可以阻止網站把 cookies 等私隱資料永久儲存在硬碟中:
Internet Explorer 中按[Ctrl]+[Shift]+[P]進入私隱模式
Page 33
34. 以下是設定密碼的幾個要點:
使用不易被猜中的密碼
Choose a password that is difficult to guess or hack
密碼應以數字、符號和大小寫英文字母混合組成,長度亦應最少有 6 個字符
A strong password should be a combination of digits, symbols and letters, both capital and
small. A password should have 6 or more characters
不要使用字典的單字作為密碼
Do not use dictionary words as password
不要抄下密碼
Do not write down your passwords on paper or record them in any media or equpment such as
PDA/mobile phone
不要與他人共用密碼
Do not share passwords with others
定期更改密碼,建議一般最少每三個月便更改密碼一次
Change password regularly, you are advised to change your password for every three months
or less
不要在不同系統主使用同一組密碼
Use different passwords on different systems
[Past paper CA 2009]
志明登記某網站的免費戶口,如下所示:
Peter registers for a free account on a web site, as shown below:
登入名稱(電郵地址):
Login name (email address):
(ii) 志明考慮以 wrgkeran 或 ae5Rln 作為密碼。從保安角度而言,他應該選用哪一個呢?
試加說明。
Peter wants to use either wrgkeran or ae5Rln as his password. Which one should he use
in terms of security? Justify your answer.
Page 34
35. [Past paper 2010 CA]
某中學為學生提供包括網誌、視像/語音聊天室及影像共享的網站服務。該學校電腦網絡
的連接如下圖所示。
A secondary school provides web services to students, including blogging, video/voice chat and
video sharing. The network connections of the computers in school are shown in the diagram
below.
伺服器 儲存系統 辦公室子網絡
Server Storage System Office subnet
互聯網 路由器
Internet Router
交換器 小希的電腦 學生子網絡
Switch Mary’s computer Students’ subnet
試為小希的帳戶選取更為安全的登入密碼提出兩個建議。
Give two suggestions to Mary for choosing a more secure login password for her account.
Page 35
36. 在互聯網上,還可以用以下的方法保障私隱:
掃描所有接收的電郵。不要回覆任何垃圾郵件。
Scan all incoming emails. Never reply any junk emails.
刪除所有在瀏覽互聯網時用作儲存網上活動資訊的暫存檔案和 Cookies 檔案。謹記在公
眾地方(如網吧或互聯網資訊站)完成瀏覽後,刪除相關的檔案,並在離開前清空資源
回收筒。
Delete all files storing the information related to your Internet activities while you are surfing.
These files can be in the form of cookies and temporary files. This is especially important
when you have finished browsing in public areas such as a cyber café or an Internet kiosk.
Empty the recycle bin before leaving.
當連接到互聯網時,應停止電腦的檔案分享功能。
Stop file sharing in your computer while connected to the Internet.
掃描所有從互聯網下載的檔案;切勿安裝任何從可疑網站下載的程序。
Scan all files downloaded from the Internet and do not install any programs from suspicious
websites.
定期為操作系統和瀏覽器安裝軟件修補程序,以修補任何保安漏洞。
Install software patches for your operating system and web browser regularly to fix known
security loopholes.
若使用流動裝置上網,要以可信的無線網絡連線。
Connect your mobile devices only to trusted wireless Internet connections.
Page 36
37. [Past paper 2008 CIT]
王小姐利用某咖啡店內的電腦使用網上銀行服務。
Ms Wong uses a computer in a coffee shop to access online banking services.
這項網上銀行服務登入網頁的設計如下所示。
The design of the login page of the online banking services is shown below.
用戶名稱 Username
1 2 3
2002189
4 5 6
密碼 Password 7 8 9
****** 0
* 請利用滑鼠按下右邊的按 * Please use a mouse to click the buttons on the
鈕,輸入用戶名稱及密碼。 right to enter the user name and password.
(ii) 試建議兩項改善其保安的網頁設計,並簡略說明。
Give two suggestions for improving the design in terms of security. Explain your answer
briefly.
Page 37
38. 2.5 垃圾郵件
垃圾郵件(Spam, Junk mail)是指一般人認為多餘或沒有用的新聞組貼子或郵件,它們通常是
商品或服務的商業廣告。
垃圾郵件所產生的問題:
垃圾郵件不單佔用用戶的電子郵箱的空間,更浪費他們的時間檢查和刪除這些多餘的電
郵。
Spam not only occupies storage space in our email boxes, but also takes time to check and
remove them
大量的垃圾郵件充斥網內,會減慢互聯網的數據存取速度。
The Internet traffic will slow down if it is flooded with junk mail
有些垃圾郵件帶有色情、暴力、盜版物品等不良資訊。
Some spams contain undesirable information such as pornographic, violent or pirate articles.
張貼不相關的新聞組內容,使新聞組失去原本的功能。
Irrelevant newsgroup posting change the original purpose of the newsgroup and even stop
normal operations.
Page 38
39. 垃圾郵件製造者如何取得電郵地址?
從互聯網購買的電郵地址清單。
Email address lists can be brought form the Internet.
垃圾郵件製造者可利用軟件產生電郵地址,然後傳送測試信息來確認它們的存在。
Spammers can use software to generate e-mail addresses and then send test messages to
confirm their existence.
從互聯網獲取電郵地址,例如從新聞群組、白頁及黃頁、郵寄清單和網頁。
Harvest email addresses from the Internet, e.g. from newsgroup, white & yellow pages,
mailing lists and web pages.
預防垃圾郵件的方法:
我們不應回應這些垃圾郵件,以免造成麻煩。
You should never reply to any junk e-mail.
使用垃圾郵件過濾軟件,用以檢查和選擇地攔截垃圾郵件。
Use spam-filtering software to identify span and block the unsolicited mail.
[Past paper 2007 CIT]
有些網站向互聯網用戶發出電子郵件,以嘗試吸引用戶瀏覽它們的網站。
Some web sites send e-mails to Internet users to try to attract them to visit their web sites.
(i) 這類活動稱為什麼?
What is this kind of activity called?
(ii) 這類網站如何收集這些電郵地址?
How do these web sites collect the e-mail addresses?
(iii) 試舉出這類活動對社會帶來的兩種影響。
Give two ways in which society is affected by this activity.
Page 39
40. [Past paper 2005 CIT]
病毒惡作劇(Virus hoax)是一個虛假的病毒警告電郵。當你收到一個如下病毒惡作刻,有什
麼適當的行動?
A virus hoax is an untrue warning email. When you receive a virus hoax such as the one below,
what is the appropriate action?
主旨:警告! Title: Warning
在你的電腦內檢測到一種新病毒。請立即格 A new Virus has been detected in your
式化你的硬碟,並重新安裝所有程序。 computer. Format your harddisk and re-install
all the program immediately.
A. 不理會此電郵。 Ignore this email.
B. 回覆寄此電郵的人。 Reply to the sender
C. 轉寄些電郵給朋友。 Forward this email to your friends.
D. 立即格式化你的硬碟,並重新安裝所有程序。
Format your harddisk and re-install all programs immediately.
[Past paper 2006 CIT]
下列哪些能有效減少接收濫發的電子郵件?
Which of the following can effectively help reduce incoming Spam mails?
(1) 不給予不知名人士電子郵件地址。
Do not give email addresses to unknown people.
(2) 向警方求助。
Call police for help.
(3) 架設郵件過濾,將有關郵件隔離。
Set filters to isolate Spam mails.
(4) 刪除濫發的電子郵件。
Delete Spam mails.
A. 只有(1)和(3) C. 只有(1)和(4)
B. 只有(2)和(3) D. 只有(2)和(4)
Page 40
41. [Past paper 2007 CIT]
有些用作宣傳的垃圾電郵只包含一個圖形檔為附件,而此圖形檔卻是一些文字的影像,這
是因為
Some Spam mail for advertising only contains a graphics file as an attachment, but the graphics
file is an image of some text. This is because
A. 這是一種宣傳的好方法。 It is a good way to advertise.
B. 這樣可能繞過郵件伺服器的郵件過濾。 It may bypass mail filtering at the mail server.
C. 此電子郵件容量較小。 The email size is smaller.
D. 電郵收件者不能輕易地修改此檔案,可保障擁有者的版權。
Email receivers cannot change the file easily, which protect its copyright.
在網上討論區中,若我們想發出或回應貼文時,可能要輸入認證碼:
驗證碼 CAPTCHA 的全名為「全自動區分電腦和人類的圖靈測試」(Completely Automated
Public Turing test to tell Computers and Humans Apart),用於確認使用者是人類,以防有人用
程式在討論區發出大量的垃圾信息,或註冊大量的戶口。
Page 41
42. [Past paper CA 2009]
志明登記某網站的免費戶口,如下所示:
Peter registers for a free account on a web site, as shown below:
登入名稱(電郵地址):
志明需要根據以下圖像,輸入有關字符,以完成免費戶口登記。
In order to complete the registration of the free account, Peter needs to input certain characters
based on the following image.
輸入驗證碼:
Input verification code:
(i) 這項輸入的目的是什麼?
What is the purpose of this input?
(ii) 為什麼圖像中字符背後會畫有線條?
Why there is a line on the background of the characters?
Page 42
45. [Past paper 2007 CA]
小芬和家強利用公鑰及私鑰加密傳送電子郵件。家強可採用下列兩種方法寄出電子郵件給
小芬。
Mary and Peter send e-mail using public and private key encryption. Peter can send e-mail to
Mary by using the following two methods:
(1) 家強以小芬的公鑰加密電子郵件,小芬以自己的私鑰將這電子郵件解密。
Peter encrypts an e-mail with Mary’s public key and Mary decrypts it with her own
private key.
(2) 家強以自己的私鑰加密電子郵件,小芬以家強的公鑰將這電子郵件解密。
Peter encrypts an e-mail with his own private key and Mary decrypts it with Peter’s
public key.
(a) 試寫出方法(1)的一項優點。Give an advantage of using method (1).
(b) 事實上,任何人也能取得家強的公鑰,並透過方法(2)閱讀家強寄出的電子郵件。為何
家強仍希望使用方法(2)?
In fact, anyone can have Peter’s public key and hence can read the email sent out by Peter
through method (2). Why might Peter still want to use method (2)?
(c) 試建議及描述一個比方法(1)和(2)較佳的方法,以公鑰及私鑰加密讓家強傳送電子郵件
給小芬閱讀。
Suggest and describe a method of using public and private key encryption which would be
better than methd (1) and (2), for allowing Mary to read email sent by Peter.
Page 45
46. 2.6.3 保密插口層
保密插口層(Secure Sockets Layers, SSL)通常用於網站,透過 PKI,保障網站和客戶之間數據
傳輸的完整性和機密。支援 SSL 的網站會將其公開密碼匙傳送到客戶瀏覽器,從客戶傳送的
數據可以利用網站的公開密碼匙加密。
SSL 有以下的用途:
防止他人截取和翻譯傳輸途中的數據封包;
Prevent eavesdroppers intercepting and interpreting the data packet during transmission.
確保數據在伺服器發出的途中不經他人修改;
Ensure the data sent from the server is not modified.
確認伺服器的身份。
Verify the identity of the server.
瀏覽器狀態欄的閉鎖圖像或網址上有 https 字首表示網站使用 SSL 加密。
[Past paper 2007 CIT]
當用戶登入某網站時,瀏覽器的右下角會顯示一個如一把鎖的圖示,代表某類保安措施。
這是什麼保安措施?
When a user logs on to a web site, an icon of a lock is displayed in the bottom right corner of the
browser indicating a kind of security measure. What is the security measure?
A. 此網站提供安全數據儲存服務。 The web site provides secure data storage service.
B. 此戶口已上鎖,直至用戶登出。 The account is locked until the user logs out.
C. 傳送至此網站的數據均已被加密。 Data sent to the web site are encrypted.
D. 此網站為內聯網,並不會開放給公眾人士使用。
The web site is an Intranet and is not open to the public.
Page 46
47. 2.6.4 數碼證書
數碼證書(Digital Certificate)是一份包含持有者名字及其公開密碼匙的數碼文件,用於識別證
書持有者在互聯網上的身份。我們可向核證機關(Certificate Authority, CA)申請數碼證書。
香港郵政署是香港的數碼證書的核證機關。詳情可參考以下網址:
http://www.hongkongpost.gov.hk/support/faq/index_c.html
[Past paper 2005 CIT]
數碼證書是 A digital certificate
A. 一個戶口用來繳付費用的,例如繳付電費單。
is an account for payment such as electricity bills.
B. 用來辨認某人在互聯網內的身分。 identifies a persion on the Internet.
C. 香港身分證的數碼格式。 is a digital form of the Hong Kong Identity Card.
D. 每部電腦獨特的身分。 is a unique identification for each computer.
[Past paper 2006 CIT]
下列哪項關於香港的電子證書是不正確的?
Which of the following statements about digital certification in Hong Kong is not correct?
A. 電子證書在法律上獲承認為個人簽名。
Digital certificates can be legally accepted as a personal signature.
B. 電子證書可加強網上交易的安全。
Digital certificates can enhance the security of online transactions.
C. 智能身分證內的電子證書可配合護照進入外國。
Digital certificates in Smart ID Cards can be incorporated into passports for entering foreign
countries.
D. 香港郵政簽發給予不同組織團體認可的電子證書。
Hong Kong Post issues recognised digital certificates for different organisations.
[Past paper 2007 CIT]
數碼證書適用於下列哪項(些)互聯網活動?
In which of the following Internet activities is the use of a digital certificate appropriate?
(1) 登入一個銀行系統。 Log on a banking system.
(2) 寄出含保密資料的電子郵件。 Send an email with confidential information.
(3) 利用搜尋器尋找數碼證書的資料。
Use a search engine to search for information about the digital certificate.
A. 只有(1) C. 只有(2)和(3)
B. 只有(1)和(2) D. 只有(3)
Page 47
50. [Past paper 2006 CIT]
吳小姐現正為運輸署開發電腦控制系統。行人過路燈會收到一個控制信號,隨後開啟紅燈
(RED)或綠燈(GREEN)128 秒以下。下列為控制信號的例子:
Ms Ng is developing a computer control system for the Transport Department. A pedestrian light
will receivve a control signal to subsequently turn on either RED or GREEN light for less than 128
seconds. An example ofthe control signal is shown below:
GREEN 112
燈的顏色 秒鐘的數量
The colour of light The number of seconds
此系統連接至某網絡,只讓運輸署員工使用。吳小姐擔心可能會有駭客入侵。
The system is connected to a network only for the staff of the Transport Department. Ms Ng
worries about the possibility of hacking.
(ii) 某員工可能偷取吳小姐的密碼,登入此系統。除了檢測用戶 ID 和密碼,建議兩個可加
強系統保安的方法。
A colleague rnay steal Ms Ng’s password to log on to the system. Besides checking the user
ID and password, suggest two methods of enhancing system security.
[Past paper CA 2009]
志明登記某網站的免費戶口,如下所示:
Peter registers for a free account on a web site, as shown below:
登入名稱(電郵地址):
Login name (email address):
(i) 採用電郵地址作為登入名稱有什麼好處?
What is the benefit of using an email address as login name?
Page 50
51. 2.7 無線網絡的保安
早期用來保護 IEEE 802.11 無線網絡的保安技術是有線等效加密(Wired equivalent privacy,
WEP)協定,這種技術利用媒介接達控制(MAC)地址來辨別授權的無線存取。然而,MAC 地
址有機會被駭客截取,而且用作加密的算法亦不安全。
2003 年,業界推出了無線相容認證保護存取(Wi-Fi Protected Access, WPA)協定。WPA 使用更
先進的加密和認證技術,以取代以往的 WEP。
下列是使用無線上網時的相關指引:
使用用戶名稱及密碼保護自己的無線網絡。
Protect your wireless connection with a username and a password.
不使用無線上網時,關閉連線。
Disable the wireless connection when not in use.
定期更新無線網絡界面卡的驅動程序。
Update your wireless network interface card drivers regularly.
停用無線網絡界面卡的資源共享協定。
Disable resource sharing protocols for your wireless interface card.
不要同時使用無線及有線網絡界面卡。
Do not enable both wireless and wired network interface cards simutaneously.
切勿使用公眾無線網絡傳送個人資料或敏感資料。
Do not send sensitive / personal information over a public wireless connection.
Page 51
53. [Past paper 2011 CA]
下圖展示了智仁家中無線路由器的背板。
The diagram below shows the rear panel of a wireless router at Frank’s home.
埠 Port
1 2 3 4 5
預設 IP 地址:
192.168.11.1
Default IP Address:
區域網絡 LAN 廣域網絡
WAN
此路由器部份的配置頁如下展示:
Part of the configuration page of the router is shown below.
無線設定 WIRELESS SETTINGS
加密 Encryption: WEP-64 WEP-128
通道 Channel: Channel 1
最多連接數量:
8
Maximum number of connections:
網域名稱伺服器 IP 地址:
8.8.8.8
Domain Name Server IP Address:
相對 WEP-128,試舉出選用 WEP-64 加密的一個缺點。
Give one disadvantage of choosing WEP-64 for encryption with respect to WEP-128.
Page 53