Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
Facilitated Risk Analysis Process
john the ripper
COSO
fault tree analysis

2. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
risk analysis
CobiT
FMEA
technical

3. Ensures managment security directives are fulfilled
Failure Modes and Effect Analysis
security program
security officer
OVAL

4. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
risk analysis
BS7799
penetration
risk

5. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
vulnerability
tactical
escalation
ISO/IEC 27002

6. Event levels available for logging in a MS DNS server
security program
No events - Errors only - Errors and warnings - All events
network mapping
ISO/IEC 27005

7. Type of audit that checks that accounts - groups and roles are correctly assigned
ISO 17799
annualized rate of occurrence
physical
privilege

8. Controls that implement access control - password mangement - identification and authentication methods - configuration
threat
delayed
technical
vulnerability

9. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
COSO
annualized rate of occurrence
technical
CobiT

10. An open language from mitre.org for determining vulnerabilities and problems on computer systems
OVAL
ISO/IEC 27001
annualized rate of occurrence
qualitative

11. IRM
SP 800-30
BS7799
protocol analyzer
Information risk management

12. Potential danger to information or systems
threat
annualized loss expectancy
security program
FRAP

13. IT governance at the operational level
CobiT
Operationally Critical Threat - Asset - and Vulnerability Evaluation
annualized loss expectancy
FMEA

14. FRAP
administrative
IRM
OVAL
Facilitated Risk Analysis Process

15. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
performance baseline
threat
ISO 17799
network mapping

16. CSO
corporate security officer
single loss expectancy
network mapping
operational

17. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
network mapping
risk mitigation
ISO/IEC 27002
ISO/IEC 27799

18. __________ loss has a negative effect after a vulnerability is initially exploited
COSO
tactical
administrative
delayed

19. Used to ID failures in a complex systems to understand underlying causes of threats
Control Objectives for Information and related Technology
FMEA
exposure factor
fault tree analysis

20. Ensures reliable timely access to data/resources to authorized individuals
network mapping
protocol analyzer
availability
Committee of Sponsoring Organizations

21. Tools to ID - develop - and design security requirements for business needs
single loss expectancy
security governanace
blueprints
CobiT

22. A log that can record outgoing requests - incoming traffic - and internet usage
risk analysis
firewall
operational
integrity

23. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
fault tree analysis
security program
annualized rate of occurrence
chief information security officer

24. Information security managment measurements
ISO/IEC 27001
ISO/IEC 27004
vulnerability
performance baseline

25. A weakness (software - hardware - procedural - human) that can be exploited
privilege
countermeasure
vulnerability
escalation

26. Risk mgmt method with much broader focus than IT security
ISO 17799
availability
AS/NZS 4360
firewall

27. Made up of ten domains - a mechanism to describe security processes
Operationally Critical Threat - Asset - and Vulnerability Evaluation
ISO 17799
qualitative
escalation

28. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
operational
Operationally Critical Threat - Asset - and Vulnerability Evaluation
port scanner
usage

29. Focus on service level agreements between IT dept and internal customers
administrative
chief information security officer
Control Objectives for Information and related Technology
ITIL

30. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
IRM
due care
CISO
availability

31. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
CobiT
AS/NZS 4360
vulnerability scanner
risk analysis

32. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
risk anlysis
ISO/IEC 27002
risk analysis
blueprints

33. The asset's value multiplied by the EF percentage - (SLE)
risk analysis
single loss expectancy
OVAL
FMEA

34. CobiT
Control Objectives for Information and related Technology
CobiT
security governanace
ISO/IEC 27799

35. Strategic - tactical and operational planning
integrity
planning horizon
risk catagories
CobiT

36. Collection of controls an organization must have in place
security program
CISO
performance monitor
tactical

37. Possiblity of damage and the ramifications should it occur
due care
security program
risk
planning horizon

38. Percentage of an asset's value that would be lost in a single incident - (EF)
COSO
risk analysis
single loss expectancy
exposure factor

39. ISM Standard
Information Security Management
L0phtCrack
ISO/IEC 27001
risk

40. FMEA
risk analysis
CobiT
elcomsoft
Failure Modes and Effect Analysis

41. Responsible for communicating to senior mgmt organizational risks and compliance regulations
L0phtCrack
COSO
CISO
operational

42. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
operational
strategic
tactical
IRM

43. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
CISO
penetration
OVAL
risk catagories

44. Assurance of accurancy and reliability of information and systems
penetration
risk anlysis
integrity
risk

45. Guide assist in the implemenation of information security based on risk managent approach
ISO 17799
ISO/IEC 27005
risk analysis
ISO 17799

46. Mitigates a potential risk
annualized loss expectancy
Information Technology Infrastructure Library (ITIL)
delayed
countermeasure

47. De facto standard of best practices for IT service mgmt
Control Objectives for Information and related Technology
CobiT
network mapping
Information Technology Infrastructure Library (ITIL)

48. An instance of being exposed to losses from a threat
security governanace
elcomsoft
exposure
planning horizon

49. Type of audit that checks information classification and change control procedures
administrative
exposure
vulnerability scanner
mappers

50. Number of time the incident might occur annually - (ARO)
annualized rate of occurrence
risk anlysis
usage
Failure Modes and Effect Analysis