Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Ensures managment security directives are fulfilled






2. Strategic - tactical and operational planning






3. Focus on service level agreements between IT dept and internal customers






4. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control






5. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers






6. Event levels available for logging in a MS DNS server






7. A weakness (software - hardware - procedural - human) that can be exploited






8. Risk mgmt method with much broader focus than IT security






9. Type of audit that checks that accounts - groups and roles are correctly assigned






10. Guide to illustrate how to protect personal health information






11. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach






12. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company






13. Corporate governance at the strategic level






14. Ensures necessary level of secrecy and prevents unauthorized disclosure






15. Controls that implement access control - password mangement - identification and authentication methods - configuration






16. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate






17. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks






18. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)






19. Used to predict changes based on trends - detect deviations - and watch events across multiple system components






20. Type of audit that checks procedures and policies for escalating issues to management






21. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost






22. Tools to ID - develop - and design security requirements for business needs






23. Percentage of an asset's value that would be lost in a single incident - (EF)






24. A log that can record outgoing requests - incoming traffic - and internet usage






25. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation






26. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards






27. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.






28. Derived from the COSO framework






29. The asset's value multiplied by the EF percentage - (SLE)






30. The tools - personnel and business processes necessary to ensure that security meets needs






31. Collection of controls an organization must have in place






32. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error






33. The likelihood of exploitation and the loss potential






34. Expected or predetermined performance level - developed from policy - performance - requirements






35. FMEA






36. OCTAVE






37. An open language from mitre.org for determining vulnerabilities and problems on computer systems






38. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond






39. Provides a cost/benefit comparision






40. Guide assist in the implemenation of information security based on risk managent approach






41. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)






42. IT governance at the operational level






43. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion






44. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)






45. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis






46. SLE x ARO - (ALE)






47. Responsible for communicating to senior mgmt organizational risks and compliance regulations






48. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________






49. Daily goals focused on productivity and task-oriented activities






50. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external