Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
blueprints
OCTAVE
integrity
AS/NZS 4360

2. Controls that implement access control - password mangement - identification and authentication methods - configuration
technical
COSO
network mapping
Information risk management

3. COSO
CobiT
No events - Errors only - Errors and warnings - All events
annualized rate of occurrence
Committee of Sponsoring Organizations

4. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
strategic
qualitative
vulnerability
Failure Modes and Effect Analysis

5. An open language from mitre.org for determining vulnerabilities and problems on computer systems
OVAL
security program
performance monitor
single loss expectancy

6. Provides a cost/benefit comparision
firewall
confidentiality
performance baseline
risk analysis

7. Assurance of accurancy and reliability of information and systems
delayed
BS7799
CobiT
integrity

8. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
COSO
tactical
CobiT
risk analysis

9. CSO
exposure factor
L0phtCrack
corporate security officer
due care

10. Type of audit that checks that network resources - systems and software are used appropriately
Facilitated Risk Analysis Process
usage
No events - Errors only - Errors and warnings - All events
tactical

11. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
risk
operational
risk mitigation
No events - Errors only - Errors and warnings - All events

12. Ensures managment security directives are fulfilled
performance baseline
FRAP
john the ripper
security officer

13. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
OVAL
COSO
annualized rate of occurrence
ISO/IEC 27002

14. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
ISO 17799
penetration
Operationally Critical Threat - Asset - and Vulnerability Evaluation
security governanace

15. Tools to ID - develop - and design security requirements for business needs
IRM
security officer
Control Objectives for Information and related Technology
blueprints

16. Midterm goals
administrative
tactical
due care
Information risk management

17. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
risk mitigation
fault tree analysis
penetration
network mapping

18. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
SP 800-30
usage
security program
firewall

19. De facto standard of best practices for IT service mgmt
performance baseline
L0phtCrack
Information Technology Infrastructure Library (ITIL)
strategic

20. Guide to illustrate how to protect personal health information
ISO/IEC 27799
CobiT
COSO
COSO

21. The likelihood of exploitation and the loss potential
security governanace
risk
ISO/IEC 27799
OVAL

22. FMEA
elcomsoft
performance monitor
Failure Modes and Effect Analysis
ISO 17799

23. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
qualitative
IRM
ISO 17799
port scanner

24. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
FMEA
corporate security officer
CobiT
exposure

25. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
SP 800-30
protocol analyzer
IRM
Information Security Management

26. Percentage of an asset's value that would be lost in a single incident - (EF)
penetration
exposure factor
Failure Modes and Effect Analysis
physical

27. FRAP
security governanace
confidentiality
Facilitated Risk Analysis Process
vulnerability scanner

28. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
risk catagories
risk analysis
due care
risk mitigation

29. Guide assist in the implemenation of information security based on risk managent approach
qualitative
security officer
ISO/IEC 27005
tactical

30. Responsible for information classification and protection
FMEA
data owner
qualitative
usage

31. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
risk
CISO
countermeasure
risk analysis

32. A log that can record outgoing requests - incoming traffic - and internet usage
vulnerability
ISO/IEC 27004
firewall
ISO 17799

33. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
administrative
john the ripper
ISO/IEC 27005
exposure

34. Information security managment measurements
ISO/IEC 27004
risk analysis
mappers
AS/NZS 4360

35. ISM Standard
Information Security Management
delayed
blueprints
availability

36. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
elcomsoft
usage
vulnerability scanner
delayed

37. Responsible for communicating to senior mgmt organizational risks and compliance regulations
CISO
L0phtCrack
COSO
fault tree analysis

38. Focus on service level agreements between IT dept and internal customers
AS/NZS 4360
ISO 17799
ITIL
risk catagories

39. IRM
Information risk management
delayed
annualized loss expectancy
CobiT

40. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
BS7799
security program
security governanace
administrative

41. An instance of being exposed to losses from a threat
COSO
ISO/IEC 27002
exposure
annualized rate of occurrence

42. The tools - personnel and business processes necessary to ensure that security meets needs
qualitative
vulnerability
security governanace
corporate security officer

43. Mitigates a potential risk
COSO
COSO
countermeasure
CobiT

44. Event levels available for logging in a MS DNS server
planning horizon
ISO/IEC 27001
john the ripper
No events - Errors only - Errors and warnings - All events

45. The following tools (Nessus - Qualys - Retina) are ______________ scanners
vulnerability
Committee of Sponsoring Organizations
planning horizon
FMEA

46. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
planning horizon
mappers
strategic
COSO

47. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
ISO/IEC 27001
CobiT
vulnerability
FMEA

48. NIST risk management methodology
administrative
security program
Information risk management
SP 800-30

49. Used to ID failures in a complex systems to understand underlying causes of threats
elcomsoft
data owner
exposure factor
fault tree analysis

50. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
CobiT
Control Objectives for Information and related Technology
risk analysis
network mapping