Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
COSO
security governanace
ISO/IEC 27001
exposure

2. Potential danger to information or systems
performance monitor
ISO/IEC 27799
Information Technology Infrastructure Library (ITIL)
threat

3. IRM
network mapping
availability
Information risk management
ISO/IEC 27004

4. ISM Standard
security program
Information Security Management
CobiT
port scanner

5. Provides a cost/benefit comparision
Committee of Sponsoring Organizations
ISO 17799
risk analysis
network mapping

6. Possiblity of damage and the ramifications should it occur
security officer
risk
blueprints
due care

7. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
FMEA
corporate security officer
OCTAVE
ISO 17799

8. Responsible for information classification and protection
CISO
data owner
FMEA
ISO/IEC 27001

9. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
ITIL
countermeasure
FMEA
mappers

10. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
penetration
ISO/IEC 27002
FMEA
ITIL

11. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
integrity
vulnerability
performance baseline
network mapping

12. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
ISO/IEC 27004
privilege
data owner
CobiT

13. OCTAVE
exposure factor
Operationally Critical Threat - Asset - and Vulnerability Evaluation
john the ripper
administrative

14. Mitigates a potential risk
threat
countermeasure
ITIL
qualitative

15. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
security governanace
penetration
CobiT
administrative

16. Ensures managment security directives are fulfilled
Information risk management
security officer
risk analysis
risk analysis

17. Responsible for communicating to senior mgmt organizational risks and compliance regulations
performance monitor
Control Objectives for Information and related Technology
ISO/IEC 27001
CISO

18. Guide to illustrate how to protect personal health information
ISO/IEC 27799
exposure factor
CobiT
availability

19. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
Information Security Management
FRAP
annualized loss expectancy
threat

20. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
risk catagories
OCTAVE
risk analysis
escalation

21. IT governance at the operational level
data owner
COSO
ISO/IEC 27005
CobiT

22. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
corporate security officer
fault tree analysis
john the ripper
ITIL

23. The tools - personnel and business processes necessary to ensure that security meets needs
CobiT
security governanace
protocol analyzer
AS/NZS 4360

24. Focus on service level agreements between IT dept and internal customers
ITIL
performance monitor
tactical
risk analysis

25. Midterm goals
corporate security officer
tactical
vulnerability
mappers

26. FRAP
CobiT
ISO/IEC 27001
Facilitated Risk Analysis Process
risk catagories

27. Percentage of an asset's value that would be lost in a single incident - (EF)
exposure factor
risk analysis
risk anlysis
technical

28. Ensures necessary level of secrecy and prevents unauthorized disclosure
CobiT
exposure
OVAL
confidentiality

29. Expected or predetermined performance level - developed from policy - performance - requirements
FMEA
ISO/IEC 27004
due care
performance baseline

30. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
risk catagories
escalation
FMEA
risk analysis

31. Assurance of accurancy and reliability of information and systems
confidentiality
integrity
ITIL
delayed

32. Type of audit that checks that accounts - groups and roles are correctly assigned
tactical
ISO/IEC 27001
privilege
annualized loss expectancy

33. The likelihood of exploitation and the loss potential
data owner
qualitative
L0phtCrack
risk

34. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
ISO/IEC 27005
IRM
elcomsoft
operational

35. Guide assist in the implemenation of information security based on risk managent approach
strategic
port scanner
protocol analyzer
ISO/IEC 27005

36. Risk mgmt method with much broader focus than IT security
exposure
AS/NZS 4360
IRM
vulnerability

37. A log that can record outgoing requests - incoming traffic - and internet usage
firewall
risk analysis
CobiT
risk analysis

38. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
corporate security officer
BS7799
performance baseline
administrative

39. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
tactical
elcomsoft
risk analysis
ISO/IEC 27799

40. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
CobiT
due care
risk anlysis
ISO/IEC 27001

41. SLE x ARO - (ALE)
AS/NZS 4360
FMEA
annualized loss expectancy
risk anlysis

42. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
physical
COSO
integrity
OVAL

43. __________ loss has a negative effect after a vulnerability is initially exploited
single loss expectancy
CobiT
delayed
vulnerability

44. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
firewall
ISO 17799
CISO
administrative

45. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond
BS7799
integrity
COSO
firewall

46. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
chief information security officer
security program
Information risk management
vulnerability

47. Collection of controls an organization must have in place
performance monitor
risk anlysis
L0phtCrack
security program

48. Type of audit that checks that network resources - systems and software are used appropriately
COSO
L0phtCrack
usage
qualitative

49. FMEA
Failure Modes and Effect Analysis
FMEA
CobiT
countermeasure

50. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
exposure
Operationally Critical Threat - Asset - and Vulnerability Evaluation
risk catagories
strategic