SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Expected or predetermined performance level - developed from policy - performance - requirements
CobiT
Information Technology Infrastructure Library (ITIL)
performance baseline
confidentiality
2. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
ISO 17799
CISO
qualitative
john the ripper
3. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
data owner
strategic
vulnerability scanner
physical
4. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
security program
CISO
vulnerability
CobiT
5. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
chief information security officer
ISO/IEC 27799
mappers
due care
6. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
blueprints
risk analysis
OVAL
tactical
7. Focus on service level agreements between IT dept and internal customers
operational
ITIL
performance baseline
FRAP
8. FRAP
security officer
Facilitated Risk Analysis Process
Failure Modes and Effect Analysis
Information risk management
9. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
elcomsoft
technical
annualized rate of occurrence
administrative
10. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
security officer
john the ripper
performance monitor
No events - Errors only - Errors and warnings - All events
11. Responsible for communicating to senior mgmt organizational risks and compliance regulations
FMEA
CISO
technical
elcomsoft
12. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
performance monitor
risk
CobiT
administrative
13. Potential danger to information or systems
threat
john the ripper
BS7799
risk anlysis
14. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
SP 800-30
threat
CISO
planning horizon
15. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
security governanace
FMEA
annualized loss expectancy
security officer
16. The asset's value multiplied by the EF percentage - (SLE)
security governanace
CobiT
single loss expectancy
blueprints
17. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond
annualized rate of occurrence
due care
elcomsoft
COSO
18. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
COSO
blueprints
CobiT
FRAP
19. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
administrative
No events - Errors only - Errors and warnings - All events
risk anlysis
john the ripper
20. Ensures reliable timely access to data/resources to authorized individuals
Information Technology Infrastructure Library (ITIL)
protocol analyzer
ISO 17799
availability
21. Assurance of accurancy and reliability of information and systems
security officer
fault tree analysis
integrity
risk analysis
22. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
CobiT
vulnerability
ISO/IEC 27002
Operationally Critical Threat - Asset - and Vulnerability Evaluation
23. Used to ID failures in a complex systems to understand underlying causes of threats
port scanner
fault tree analysis
tactical
CobiT
24. Information security managment measurements
due care
ISO/IEC 27004
CISO
ISO/IEC 27002
25. Type of audit that checks that accounts - groups and roles are correctly assigned
administrative
fault tree analysis
annualized loss expectancy
privilege
26. NIST risk management methodology
operational
penetration
SP 800-30
Information Security Management
27. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
No events - Errors only - Errors and warnings - All events
physical
exposure factor
Control Objectives for Information and related Technology
28. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
risk analysis
security program
ISO/IEC 27799
CobiT
29. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
protocol analyzer
availability
Information risk management
ITIL
30. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
physical
security program
COSO
risk analysis
31. SLE x ARO - (ALE)
annualized loss expectancy
SP 800-30
fault tree analysis
risk
32. Strategic - tactical and operational planning
planning horizon
COSO
CobiT
risk catagories
33. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
FMEA
No events - Errors only - Errors and warnings - All events
OCTAVE
operational
34. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
due care
risk catagories
CobiT
Operationally Critical Threat - Asset - and Vulnerability Evaluation
35. Daily goals focused on productivity and task-oriented activities
BS7799
ISO/IEC 27004
annualized loss expectancy
operational
36. Number of time the incident might occur annually - (ARO)
annualized rate of occurrence
risk catagories
administrative
CobiT
37. Controls that implement access control - password mangement - identification and authentication methods - configuration
security program
data owner
fault tree analysis
technical
38. Mitigates a potential risk
countermeasure
technical
privilege
Information Technology Infrastructure Library (ITIL)
39. De facto standard of best practices for IT service mgmt
CobiT
Failure Modes and Effect Analysis
security officer
Information Technology Infrastructure Library (ITIL)
40. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
IRM
ITIL
FMEA
fault tree analysis
41. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
Information Technology Infrastructure Library (ITIL)
penetration
data owner
vulnerability
42. Corporate governance at the strategic level
COSO
administrative
vulnerability
vulnerability
43. An open language from mitre.org for determining vulnerabilities and problems on computer systems
OVAL
ISO/IEC 27001
ISO/IEC 27004
BS7799
44. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
network mapping
annualized loss expectancy
COSO
vulnerability
45. Tools to ID - develop - and design security requirements for business needs
ITIL
port scanner
blueprints
vulnerability
46. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
annualized loss expectancy
security program
Operationally Critical Threat - Asset - and Vulnerability Evaluation
john the ripper
47. Percentage of an asset's value that would be lost in a single incident - (EF)
john the ripper
ISO 17799
exposure factor
Information risk management
48. OCTAVE
risk
availability
IRM
Operationally Critical Threat - Asset - and Vulnerability Evaluation
49. CobiT
network mapping
Control Objectives for Information and related Technology
No events - Errors only - Errors and warnings - All events
CobiT
50. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
qualitative
IRM
security officer
COSO