生成多选题内容

Below are five rigorously designed multiple-select questions (select all that apply) that assess practical competencies in phishing identification and policy-aligned response behaviors. Each item includes correct answers and succinct rationales supported by authoritative sources.

Question 1. Email red flags in context You receive an email appearing to be from “IT Support it-support@micros0ft.com” with the subject “Immediate Action: Verify Your Account in 30 Minutes.” The message includes:

• A button labeled “Sign In” showing the visible text https://login.microsoft.com, but the hover target is https://login.microsoft.com.sso-security.help/verify
• An attachment named Invoice_1023.zip
• A corporate logo and a generic signature block

Which elements are credible indicators of phishing? Select all that apply.

• A. The sender domain “micros0ft.com” with a numeral “0” replacing the letter “o”
• B. The urgent 30-minute deadline to avoid account lockout
• C. The actual link target where the registrable domain is sso-security.help, not microsoft.com
• D. The presence of a corporate logo
• E. An unexpected ZIP attachment

Correct answers: A, B, C, E

Rationales:

• A: Lookalike domains and character substitution are common in phishing (CISA; FTC).
• B: Artificial urgency is a well-documented social engineering tactic (CISA; FTC).
• C: The effective registrable domain is sso-security.help; placing “microsoft.com” to the left does not confer legitimacy (CISA).
• E: Unexpected compressed attachments are risky and often used to deliver malware (CISA; FTC).
• D: Logos are easily copied and do not indicate legitimacy.

Question 2. Assessing a login page reached via a message Which statements reflect sound, evidence-based judgments when evaluating the safety of a login page linked from an unsolicited message? Select all that apply.

• A. A padlock icon or “https” alone does not prove the site is legitimate.
• B. Internationalized domain names (IDNs) or Punycode (e.g., xn--) can be used in homograph attacks and warrant heightened scrutiny.
• C. URL shorteners make links safer by concealing the destination.
• D. Being asked to enter your password or MFA code after following an unsolicited link is high risk.
• E. The domain shown in the browser address bar should match the organization’s registrable domain (e.g., example.com), not a lookalike or unrelated parent domain.

Correct answers: A, B, D, E

Rationales:

• A: TLS indicates encryption, not trust in the site’s operator; criminals can obtain certificates (FTC).
• B: Homograph attacks leverage confusing character sets; users should verify the true domain (CISA).
• D: Unsolicited prompts for credentials/MFA are consistent with credential harvesting (CISA; FTC).
• E: Verifying the registrable domain in the address bar is a core anti-phishing practice (CISA; FTC).
• C: URL shorteners obscure rather than validate the destination and are widely misused in phishing.

Question 3. Smishing and vishing response You receive a text message stating, “Bank Alert: Unusual activity detected. Verify now: https://bnk-alerts.co/verify.” Minutes later, someone calls claiming to be from the bank’s fraud department and asks you to read back a one-time MFA code sent to your phone. Which responses align with recommended practice? Select all that apply.

• A. Do not click the link; instead, access your account via the official app or by typing the bank’s known URL.
• B. Reply “STOP” to the text to test whether it is legitimate.
• C. Report the message to your security team and forward the SMS to 7726 (SPAM) per carrier guidance; then delete it.
• D. Provide the MFA code over the phone if the caller knows your employee ID.
• E. If you clicked, immediately report the incident, change your password, and follow containment guidance.

Correct answers: A, C, E

Rationales:

• A: Navigate using verified channels; do not engage with unsolicited links (FTC).
• C: Reporting internally and forwarding to 7726 helps carriers block abuse; do not reply directly to the sender (FTC).
• E: Prompt reporting and credential hygiene are critical to containment (NIST SP 800-61r2; FTC).
• B, D: Do not reply or divulge one-time codes; legitimate support should never request your OTP (FTC; CISA).

Question 4. Technical signals in email authentication and headers A suspicious email purporting to be from your domain shows these header snippets:

• Received-SPF: fail (domain of example.com does not designate 203.0.113.10 as permitted sender)
• DKIM-Signature: none
• Authentication-Results: dmarc=fail (p=reject)
• From: “Payroll” payroll@example.com
• Return-Path: payroll-notifications@external-mailer.co Which header-related observations most support a phishing assessment? Select all that apply.
• A. SPF “fail” for the purported sending domain
• B. DKIM not present and DMARC “fail” for the purported domain
• C. “From” domain is internal while “Return-Path” uses a mismatched external domain
• D. The message was sent outside normal business hours; therefore it is definitively malicious
• E. All authentication passing would guarantee the email is legitimate

Correct answers: A, B, C

Rationales:

• A, B: SPF/DKIM failures and DMARC fail with a policy to reject are strong indicators of spoofing or policy misalignment (CISA on DMARC/SPF/DKIM).
• C: Misalignment between visible From and envelope/return path is a known red flag (CISA).
• D: Time-of-day is not dispositive by itself.
• E: Authentication passing does not guarantee legitimacy; attackers can use authenticated infrastructure (CISA).

Question 5. Post-click incident response for possible credential compromise You clicked a link in a suspicious email and entered your corporate credentials before noticing anomalies. Which immediate actions align with incident handling best practices? Select all that apply.

• A. Reuse the same password across systems to confirm whether access is still working.
• B. Change the password for the affected account and any other accounts where the same or similar password was used; enable or re-enroll MFA if needed.
• C. Report the incident to your security team; preserve the original message and details (time, URL) and follow containment instructions.
• D. Delete the message and do not report if you have already changed your password.
• E. If any file was downloaded or executed, disconnect from networks and contact IT for forensic triage.

Correct answers: B, C, E

Rationales:

• B, C, E: Containment, eradication, and recovery require prompt reporting, credential changes, MFA reinforcement, evidence preservation, and device isolation when malware is suspected (NIST SP 800-61r2; FTC).
• A, D: Password reuse and silent self-remediation increase organizational risk and impede coordinated response.

References

• Cybersecurity and Infrastructure Security Agency (CISA). Recognize and report phishing. https://www.cisa.gov/resources-tools/resources/recognize-and-report-phishing
• Cybersecurity and Infrastructure Security Agency (CISA). Email authentication (SPF, DKIM, DMARC) resources. https://www.cisa.gov/resources-tools/resources/dmarc
• Federal Trade Commission (FTC). How to recognize and avoid phishing scams. https://consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams
• National Institute of Standards and Technology (NIST). (2012). Computer Security Incident Handling Guide (SP 800-61 Revision 2). https://doi.org/10.6028/NIST.SP.800-61r2

以下为“高中数学：函数与导数”主题的5道多选题（可多选）。每题均配有标准答案与解析，并给出学习提示以促进互动。

1. 可导性与基本求导公式的判定（可多选） 题干：对下列判断，选择所有正确的选项。 A. 函数 f(x)=√x 在 x=0 处可导，且 f'(0)=0。 B. 函数 g(x)=a^x（a>0，a≠1）的导数为 g'(x)=a^x ln a，x∈R。 C. 函数 h(x)=ln(x^2) 的导数为 h'(x)=2/x，定义域为 x≠0。 D. 函数 p(x)=|x| 在 x=0 处不可导，在 x≠0 处 p'(x)=x/|x|。 E. 函数 q(x)=x^{1/3} 的导数为 q'(x)=1/(3 x^{2/3})，且在 x=0 处导数存在并等于0。

正确选项：B，C，D 解析：

• A 错。f'(x)=1/(2√x) 仅在 x>0 有定义，x=0 处导数不存在（左右差商不收敛到有限值）。
• B 对。指数函数求导公式 g'(x)=a^x ln a 在全体实数成立。
• C 对。复合函数求导：h'(x)= (1/(x^2))·(2x)=2/x；同时 ln(x^2) 的定义域为 x≠0。
• D 对。|x| 在 x=0 处不可导；x≠0 时导数为符号函数 x/|x|。
• E 错。q'(x)=1/(3 x^{2/3}) 仅对 x≠0 成立；x→0 时差商趋于无穷大，故 0 处不可导。 学习提示：区分“函数定义域”和“导数存在的点集”。带根式和绝对值的函数在端点或尖点常不可导。

2. 单调性、极值与零点：f(x)=x^3−3x（可多选） 题干：关于函数 f(x)=x^3−3x 的下列命题，哪些正确？ A. f 在区间 (−∞,−1) 上单调递增。 B. f 在区间 (−1,1) 上单调递减。 C. f 有两个极大值点和一个极小值点。 D. 方程 f(x)=0 有三个不相等的实数根。 E. f 在 R 上严格单调递增，因此存在反函数。

正确选项：A，B，D 解析：

• f'(x)=3x^2−3=3(x−1)(x+1)。由符号可知：|x|>1 时 f'(x)>0，|x|<1 时 f'(x)<0。故 A、B 对。
• 临界点 x=−1,1。二阶导 f''(x)=6x，得 x=−1 为极大值点，x=1 为极小值点，仅两个极值点，故 C 错。
• f(x)=x(x^2−3)=0，有解 x=0, ±√3，互不相等，故 D 对。
• 全局并非单调，故 E 错。 学习提示：单调性判定以导数符号为依据；极值点须结合一阶导零点与导数变号或二阶导测试。

3. 复合函数与链式法则：F(x)=e^{sin x}·ln(1+x^2)（可多选） 题干：关于函数 F(x)=e^{sin x}·ln(1+x^2)，以下结论哪些正确？ A. F 在 R 上有定义且可导。 B. F'(0)=0。 C. F'(x)=e^{sin x}·cos x·ln(1+x^2)+e^{sin x}·(2x)/(1+x^2)。 D. F 的极值点满足 cos x·ln(1+x^2)+2x/(1+x^2)=0。 E. F 为偶函数。

正确选项：A，B，C，D 解析：

• ln(1+x^2) 在全体实数有定义；指数与三角均为处处可导，复合与乘积可导，故 A 对。
• 链式与乘法法则：F'(x)=e^{sin x}[cos x·ln(1+x^2)+2x/(1+x^2)]。代入 x=0 得 F'(0)=1·(0+0)=0，故 B、C 对。
• e^{sin x}>0，故 F'(x)=0 等价于括号内表达式为0，D 对。
• F(−x)=e^{−sin x}·ln(1+x^2)≠F(x)，故 E 错。 学习提示：对复合与乘积，先分块求导后再合并。判断奇偶性需对 F(−x) 与 F(x) 直接比较。

4. 平均值定理与凹凸性质：f(x)=ln(1+x) 在 [0,2] 上（可多选） 题干：关于 f(x)=ln(1+x) 在区间 [0,2] 上的性质，哪些正确？ A. f'(x)=1/(1+x)，x∈(0,2)。 B. 存在 c∈(0,2)，使 f'(c)=[f(2)−f(0)]/(2−0)。 C. [f(2)−f(0)]/2=ln 3 / 2。 D. f 在 [0,2] 上为凹函数，故 f(1) ≥ (f(0)+f(2))/2。 E. f''(x)=1/(1+x)^2>0，故 f 在 [0,2] 上为凸函数。

正确选项：A，B，C，D 解析：

• A 对，基本求导。
• f 在 [0,2] 上连续、(0,2) 可导，满足拉格朗日中值定理，B 对。
• f(2)=ln3，f(0)=0，故 C 对。
• f''(x)=−1/(1+x)^2<0，故为凹函数；凹函数满足弦下性，即 f(1) ≥ (f(0)+f(2))/2，D 对；E 错。 学习提示：先核验中值定理的条件（闭区间连续、开区间可导）；再用 f'' 的符号判断凹凸并推导弦线不等式。

5. 隐函数与切线：圆 x^2+y^2=1 的上半圆（可多选） 题干：在圆 x^2+y^2=1 的上半圆（取 y=√(1−x^2)，x∈(−1,1)）上，以下结论哪些正确？ A. y 对 x 可导，且 dy/dx=−x/y（y≠0）。 B. 点 (√2/2, √2/2) 处切线斜率为 −1。 C. y 在 (−1,1) 上单调递增。 D. 点 (0,1) 处切线方程为 y=1。 E. 圆上任一点的切线都与该点的半径互相垂直。

正确选项：A，B，D，E 解析：

• 隐函数求导：2x+2y·(dy/dx)=0，得 dy/dx=−x/y（y≠0），A 对。
• 代入点 (√2/2, √2/2)，斜率 −x/y=−1，B 对。
• y'(x)=−x/√(1−x^2)。在 (−1,0) 上 y'>0，在 (0,1) 上 y'<0，非整体递增，C 错。
• x=0 时 y'=0，切线过 (0,1)，故 y=1，D 对。
• 半径斜率为 y/x，切线斜率 −x/y，二者乘积为 −1（在坐标轴方向点处分别为水平或竖直，也互相垂直），E 对。 学习提示：隐函数求导常与几何性质相呼应；对圆而言，“切线垂直半径”可由代数斜率验证。

参考文献（用于支撑求导法则、单调性判定、平均值定理与凹凸性质等结论）

• 教育部. 普通高中数学课程标准（2017年版2020年修订）. 北京: 人民教育出版社.
• 人民教育出版社. 普通高中课程标准实验教科书·数学·必修4：数学（函数的应用与导数）. 北京: 人民教育出版社.
• Stewart, J. Calculus: Early Transcendentals (8th ed.). Cengage Learning.
• Thomas, G. B., Weir, M. D., & Hass, J. Thomas’ Calculus (14th ed.). Pearson.