Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. COSO






2. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)






3. __________ loss has a negative effect after a vulnerability is initially exploited






4. Possiblity of damage and the ramifications should it occur






5. The following tools (Nessus - Qualys - Retina) are ______________ scanners






6. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate






7. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs






8. OCTAVE






9. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers






10. Mitigates a potential risk






11. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics






12. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental






13. Controls that implement access control - password mangement - identification and authentication methods - configuration






14. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)






15. Potential danger to information or systems






16. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks






17. Strategic - tactical and operational planning






18. Derived from the COSO framework






19. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost






20. CISO






21. Ensures reliable timely access to data/resources to authorized individuals






22. Guide assist in the implemenation of information security based on risk managent approach






23. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks






24. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis






25. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond






26. Type of audit that checks procedures and policies for escalating issues to management






27. FRAP






28. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error






29. FMEA






30. Tools to ID - develop - and design security requirements for business needs






31. Daily goals focused on productivity and task-oriented activities






32. Corporate governance at the strategic level






33. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering






34. SLE x ARO - (ALE)






35. An instance of being exposed to losses from a threat






36. Expected or predetermined performance level - developed from policy - performance - requirements






37. Used to predict changes based on trends - detect deviations - and watch events across multiple system components






38. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation






39. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards






40. Midterm goals






41. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard






42. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate






43. Information security managment measurements






44. IRM






45. NIST risk management methodology






46. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits






47. Ensures necessary level of secrecy and prevents unauthorized disclosure






48. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk






49. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company






50. Percentage of an asset's value that would be lost in a single incident - (EF)







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests