SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. COSO
Committee of Sponsoring Organizations
IRM
risk analysis
CobiT
2. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
risk
ISO/IEC 27002
network mapping
FMEA
3. __________ loss has a negative effect after a vulnerability is initially exploited
protocol analyzer
delayed
vulnerability scanner
confidentiality
4. Possiblity of damage and the ramifications should it occur
risk
Failure Modes and Effect Analysis
vulnerability
COSO
5. The following tools (Nessus - Qualys - Retina) are ______________ scanners
Information Security Management
vulnerability
threat
CISO
6. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
vulnerability
escalation
security program
performance monitor
7. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
risk
network mapping
CobiT
Failure Modes and Effect Analysis
8. OCTAVE
corporate security officer
exposure factor
Operationally Critical Threat - Asset - and Vulnerability Evaluation
risk
9. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
AS/NZS 4360
COSO
strategic
penetration
10. Mitigates a potential risk
vulnerability
CobiT
FMEA
countermeasure
11. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
data owner
Committee of Sponsoring Organizations
CISO
risk mitigation
12. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
fault tree analysis
single loss expectancy
physical
security program
13. Controls that implement access control - password mangement - identification and authentication methods - configuration
privilege
ISO/IEC 27002
port scanner
technical
14. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
port scanner
qualitative
countermeasure
risk anlysis
15. Potential danger to information or systems
confidentiality
No events - Errors only - Errors and warnings - All events
threat
COSO
16. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
COSO
ISO/IEC 27005
network mapping
ISO/IEC 27002
17. Strategic - tactical and operational planning
CobiT
vulnerability
SP 800-30
planning horizon
18. Derived from the COSO framework
planning horizon
CobiT
risk
COSO
19. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
Facilitated Risk Analysis Process
FRAP
risk anlysis
COSO
20. CISO
privilege
chief information security officer
security program
firewall
21. Ensures reliable timely access to data/resources to authorized individuals
vulnerability scanner
Failure Modes and Effect Analysis
physical
availability
22. Guide assist in the implemenation of information security based on risk managent approach
countermeasure
operational
ISO/IEC 27005
risk anlysis
23. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
administrative
network mapping
Information Security Management
elcomsoft
24. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
CISO
CobiT
COSO
FRAP
25. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond
CobiT
Information Security Management
network mapping
COSO
26. Type of audit that checks procedures and policies for escalating issues to management
network mapping
escalation
data owner
Operationally Critical Threat - Asset - and Vulnerability Evaluation
27. FRAP
chief information security officer
Facilitated Risk Analysis Process
risk anlysis
port scanner
28. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
risk catagories
corporate security officer
delayed
due care
29. FMEA
COSO
IRM
CobiT
Failure Modes and Effect Analysis
30. Tools to ID - develop - and design security requirements for business needs
blueprints
integrity
privilege
CISO
31. Daily goals focused on productivity and task-oriented activities
ISO/IEC 27002
FMEA
operational
performance monitor
32. Corporate governance at the strategic level
FRAP
COSO
Information Technology Infrastructure Library (ITIL)
technical
33. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
SP 800-30
FMEA
planning horizon
risk analysis
34. SLE x ARO - (ALE)
firewall
Operationally Critical Threat - Asset - and Vulnerability Evaluation
CobiT
annualized loss expectancy
35. An instance of being exposed to losses from a threat
risk
qualitative
exposure
OCTAVE
36. Expected or predetermined performance level - developed from policy - performance - requirements
AS/NZS 4360
performance baseline
FMEA
Information Technology Infrastructure Library (ITIL)
37. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
ITIL
performance monitor
Operationally Critical Threat - Asset - and Vulnerability Evaluation
security officer
38. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
corporate security officer
operational
security officer
ISO 17799
39. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
BS7799
tactical
risk analysis
CISO
40. Midterm goals
security governanace
usage
tactical
ISO/IEC 27799
41. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
usage
confidentiality
No events - Errors only - Errors and warnings - All events
BS7799
42. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
network mapping
risk catagories
CobiT
fault tree analysis
43. Information security managment measurements
ISO/IEC 27004
OCTAVE
penetration
delayed
44. IRM
threat
Information risk management
penetration
ISO/IEC 27799
45. NIST risk management methodology
Operationally Critical Threat - Asset - and Vulnerability Evaluation
due care
countermeasure
SP 800-30
46. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
planning horizon
performance monitor
ISO/IEC 27004
vulnerability scanner
47. Ensures necessary level of secrecy and prevents unauthorized disclosure
confidentiality
single loss expectancy
Facilitated Risk Analysis Process
port scanner
48. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
ISO/IEC 27799
risk mitigation
risk catagories
CISO
49. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
risk analysis
annualized loss expectancy
OCTAVE
IRM
50. Percentage of an asset's value that would be lost in a single incident - (EF)
performance monitor
fault tree analysis
exposure factor
network mapping
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests