Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Ensures reliable timely access to data/resources to authorized individuals






2. De facto standard of best practices for IT service mgmt






3. NIST risk management methodology






4. Expected or predetermined performance level - developed from policy - performance - requirements






5. Corporate governance at the strategic level






6. Number of time the incident might occur annually - (ARO)






7. Strategic - tactical and operational planning






8. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers






9. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond






10. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate






11. Guide to illustrate how to protect personal health information






12. Tools to ID - develop - and design security requirements for business needs






13. Derived from the COSO framework






14. Provides a cost/benefit comparision






15. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)






16. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control






17. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk






18. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion






19. The likelihood of exploitation and the loss potential






20. Risk mgmt method with much broader focus than IT security






21. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost






22. FMEA






23. A weakness (software - hardware - procedural - human) that can be exploited






24. OCTAVE






25. Made up of ten domains - a mechanism to describe security processes






26. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits






27. SLE x ARO - (ALE)






28. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)






29. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics






30. Percentage of an asset's value that would be lost in a single incident - (EF)






31. Used to ID failures in a complex systems to understand underlying causes of threats






32. Type of audit that checks information classification and change control procedures






33. CobiT






34. Event levels available for logging in a MS DNS server






35. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks






36. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks






37. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach






38. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering






39. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment






40. Ensures managment security directives are fulfilled






41. ISM Standard






42. Type of audit that checks that network resources - systems and software are used appropriately






43. Daily goals focused on productivity and task-oriented activities






44. FRAP






45. Collection of controls an organization must have in place






46. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental






47. The following tools (Nessus - Qualys - Retina) are ______________ scanners






48. Midterm goals






49. COSO






50. __________ loss has a negative effect after a vulnerability is initially exploited