SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Guide to illustrate how to protect personal health information
operational
SP 800-30
ISO/IEC 27799
planning horizon
2. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
CobiT
ISO 17799
penetration
Information Security Management
3. Made up of ten domains - a mechanism to describe security processes
ISO 17799
corporate security officer
qualitative
technical
4. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
delayed
network mapping
AS/NZS 4360
protocol analyzer
5. OCTAVE
physical
Operationally Critical Threat - Asset - and Vulnerability Evaluation
vulnerability
SP 800-30
6. Tools to ID - develop - and design security requirements for business needs
vulnerability scanner
blueprints
AS/NZS 4360
BS7799
7. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
elcomsoft
escalation
vulnerability scanner
security program
8. A log that can record outgoing requests - incoming traffic - and internet usage
firewall
security program
john the ripper
security governanace
9. CISO
Information Security Management
CobiT
CobiT
chief information security officer
10. Ensures managment security directives are fulfilled
security governanace
vulnerability
No events - Errors only - Errors and warnings - All events
security officer
11. Expected or predetermined performance level - developed from policy - performance - requirements
Information Technology Infrastructure Library (ITIL)
performance baseline
AS/NZS 4360
privilege
12. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
COSO
vulnerability
BS7799
network mapping
13. Collection of controls an organization must have in place
security program
FMEA
availability
BS7799
14. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
COSO
annualized loss expectancy
risk
CobiT
15. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
IRM
physical
elcomsoft
mappers
16. De facto standard of best practices for IT service mgmt
performance monitor
COSO
Information Technology Infrastructure Library (ITIL)
vulnerability
17. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
ISO 17799
Committee of Sponsoring Organizations
Information Security Management
FMEA
18. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
exposure
IRM
OVAL
ISO 17799
19. Responsible for information classification and protection
usage
exposure
data owner
COSO
20. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond
annualized rate of occurrence
COSO
CobiT
vulnerability
21. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
risk catagories
usage
SP 800-30
physical
22. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
OVAL
protocol analyzer
ISO/IEC 27002
fault tree analysis
23. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
administrative
mappers
Information risk management
vulnerability scanner
24. ISM Standard
john the ripper
Information Security Management
ISO/IEC 27002
CobiT
25. SLE x ARO - (ALE)
annualized loss expectancy
vulnerability
mappers
risk mitigation
26. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
BS7799
ISO 17799
FRAP
john the ripper
27. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
john the ripper
chief information security officer
L0phtCrack
performance baseline
28. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
security officer
OCTAVE
vulnerability
SP 800-30
29. Risk mgmt method with much broader focus than IT security
vulnerability
availability
AS/NZS 4360
ITIL
30. Assurance of accurancy and reliability of information and systems
annualized loss expectancy
escalation
integrity
ISO/IEC 27799
31. Potential danger to information or systems
Information Security Management
threat
Control Objectives for Information and related Technology
OVAL
32. The likelihood of exploitation and the loss potential
strategic
ISO/IEC 27001
ISO 17799
risk
33. An open language from mitre.org for determining vulnerabilities and problems on computer systems
OVAL
SP 800-30
Committee of Sponsoring Organizations
integrity
34. __________ loss has a negative effect after a vulnerability is initially exploited
exposure
delayed
SP 800-30
protocol analyzer
35. COSO
technical
Committee of Sponsoring Organizations
OCTAVE
Information Technology Infrastructure Library (ITIL)
36. Possiblity of damage and the ramifications should it occur
risk
CobiT
Operationally Critical Threat - Asset - and Vulnerability Evaluation
Committee of Sponsoring Organizations
37. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
risk analysis
administrative
Operationally Critical Threat - Asset - and Vulnerability Evaluation
performance monitor
38. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
FMEA
port scanner
security program
risk analysis
39. FRAP
privilege
escalation
Facilitated Risk Analysis Process
risk catagories
40. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
administrative
penetration
due care
mappers
41. Focus on service level agreements between IT dept and internal customers
vulnerability
ITIL
CobiT
corporate security officer
42. Type of audit that checks that network resources - systems and software are used appropriately
usage
ISO/IEC 27799
Facilitated Risk Analysis Process
physical
43. Strategic - tactical and operational planning
administrative
protocol analyzer
planning horizon
risk
44. Guide assist in the implemenation of information security based on risk managent approach
Information Security Management
FMEA
ISO/IEC 27005
risk
45. A weakness (software - hardware - procedural - human) that can be exploited
COSO
vulnerability
risk
Information Security Management
46. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
strategic
ISO/IEC 27002
annualized rate of occurrence
ISO/IEC 27799
47. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
COSO
ISO/IEC 27002
risk
john the ripper
48. Responsible for communicating to senior mgmt organizational risks and compliance regulations
technical
CISO
delayed
due care
49. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
Committee of Sponsoring Organizations
administrative
performance monitor
COSO
50. The tools - personnel and business processes necessary to ensure that security meets needs
ISO/IEC 27001
john the ripper
security program
security governanace