SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Type of audit that checks procedures and policies for escalating issues to management
strategic
Control Objectives for Information and related Technology
escalation
mappers
2. Percentage of an asset's value that would be lost in a single incident - (EF)
risk
exposure factor
COSO
privilege
3. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
network mapping
due care
BS7799
Information Security Management
4. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
Information risk management
ISO/IEC 27001
Facilitated Risk Analysis Process
performance monitor
5. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
ITIL
OCTAVE
port scanner
delayed
6. Strategic - tactical and operational planning
security program
due care
planning horizon
ISO 17799
7. NIST risk management methodology
ISO/IEC 27005
SP 800-30
risk anlysis
FMEA
8. Type of audit that checks information classification and change control procedures
threat
risk
exposure
administrative
9. Guide assist in the implemenation of information security based on risk managent approach
ISO 17799
FRAP
operational
ISO/IEC 27005
10. The following tools (Nessus - Qualys - Retina) are ______________ scanners
technical
CobiT
elcomsoft
vulnerability
11. Assurance of accurancy and reliability of information and systems
corporate security officer
threat
ITIL
integrity
12. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
performance baseline
physical
qualitative
fault tree analysis
13. COSO
SP 800-30
risk mitigation
administrative
Committee of Sponsoring Organizations
14. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
network mapping
CobiT
risk analysis
IRM
15. CISO
CobiT
chief information security officer
FMEA
Information Technology Infrastructure Library (ITIL)
16. CSO
No events - Errors only - Errors and warnings - All events
administrative
corporate security officer
COSO
17. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
network mapping
Information Security Management
ISO 17799
Information Technology Infrastructure Library (ITIL)
18. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
due care
Facilitated Risk Analysis Process
security program
qualitative
19. Focus on service level agreements between IT dept and internal customers
Committee of Sponsoring Organizations
ITIL
ISO/IEC 27005
confidentiality
20. Responsible for information classification and protection
data owner
risk mitigation
performance monitor
exposure
21. Daily goals focused on productivity and task-oriented activities
tactical
annualized loss expectancy
COSO
operational
22. The tools - personnel and business processes necessary to ensure that security meets needs
usage
john the ripper
annualized loss expectancy
security governanace
23. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
delayed
annualized loss expectancy
FMEA
OCTAVE
24. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
fault tree analysis
CISO
CobiT
vulnerability
25. FRAP
risk analysis
vulnerability
performance baseline
Facilitated Risk Analysis Process
26. The asset's value multiplied by the EF percentage - (SLE)
delayed
single loss expectancy
threat
Control Objectives for Information and related Technology
27. Type of audit that checks that accounts - groups and roles are correctly assigned
exposure factor
confidentiality
SP 800-30
privilege
28. Responsible for communicating to senior mgmt organizational risks and compliance regulations
ISO/IEC 27005
CISO
ISO/IEC 27001
Control Objectives for Information and related Technology
29. FMEA
privilege
Information Security Management
Failure Modes and Effect Analysis
ISO/IEC 27799
30. Made up of ten domains - a mechanism to describe security processes
integrity
ISO 17799
firewall
risk anlysis
31. An open language from mitre.org for determining vulnerabilities and problems on computer systems
BS7799
integrity
OVAL
Failure Modes and Effect Analysis
32. A log that can record outgoing requests - incoming traffic - and internet usage
integrity
performance monitor
CobiT
firewall
33. Tools to ID - develop - and design security requirements for business needs
availability
risk analysis
COSO
blueprints
34. Risk mgmt method with much broader focus than IT security
Operationally Critical Threat - Asset - and Vulnerability Evaluation
risk
network mapping
AS/NZS 4360
35. Derived from the COSO framework
delayed
john the ripper
data owner
CobiT
36. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
single loss expectancy
CobiT
mappers
Control Objectives for Information and related Technology
37. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
ISO/IEC 27004
vulnerability scanner
FMEA
protocol analyzer
38. Used to ID failures in a complex systems to understand underlying causes of threats
vulnerability
vulnerability scanner
planning horizon
fault tree analysis
39. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
qualitative
performance baseline
strategic
Information risk management
40. CobiT
due care
network mapping
exposure
Control Objectives for Information and related Technology
41. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
risk anlysis
availability
Information risk management
ITIL
42. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
OCTAVE
vulnerability
Failure Modes and Effect Analysis
Operationally Critical Threat - Asset - and Vulnerability Evaluation
43. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
chief information security officer
annualized rate of occurrence
ISO/IEC 27001
vulnerability
44. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
FMEA
CISO
operational
OCTAVE
45. IRM
vulnerability
Information risk management
CobiT
port scanner
46. Midterm goals
protocol analyzer
port scanner
CISO
tactical
47. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
vulnerability
john the ripper
BS7799
escalation
48. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
ISO 17799
mappers
vulnerability scanner
Control Objectives for Information and related Technology
49. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
elcomsoft
FRAP
BS7799
risk mitigation
50. Type of audit that checks that network resources - systems and software are used appropriately
CISO
chief information security officer
usage
FMEA