Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Ensures managment security directives are fulfilled
AS/NZS 4360
security officer
security program
IRM

2. A weakness (software - hardware - procedural - human) that can be exploited
physical
vulnerability
CobiT
ISO/IEC 27799

3. Tools to ID - develop - and design security requirements for business needs
security program
integrity
vulnerability scanner
blueprints

4. Strategic - tactical and operational planning
blueprints
planning horizon
risk catagories
ITIL

5. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
vulnerability
escalation
CobiT
firewall

6. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
security program
COSO
risk analysis
physical

7. Daily goals focused on productivity and task-oriented activities
CISO
single loss expectancy
operational
network mapping

8. __________ loss has a negative effect after a vulnerability is initially exploited
ISO 17799
administrative
delayed
CobiT

9. Guide to illustrate how to protect personal health information
due care
ISO/IEC 27799
single loss expectancy
strategic

10. Type of audit that checks that network resources - systems and software are used appropriately
exposure factor
ISO/IEC 27799
usage
CISO

11. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
risk anlysis
single loss expectancy
security program
exposure factor

12. COSO
Information Security Management
qualitative
Committee of Sponsoring Organizations
countermeasure

13. Event levels available for logging in a MS DNS server
ISO/IEC 27799
FRAP
No events - Errors only - Errors and warnings - All events
BS7799

14. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
network mapping
ISO 17799
COSO
OCTAVE

15. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
Control Objectives for Information and related Technology
security officer
CobiT
risk

16. De facto standard of best practices for IT service mgmt
annualized loss expectancy
chief information security officer
Information Technology Infrastructure Library (ITIL)
operational

17. Collection of controls an organization must have in place
threat
security program
CISO
operational

18. IT governance at the operational level
usage
CobiT
vulnerability
planning horizon

19. OCTAVE
ISO/IEC 27004
vulnerability
Failure Modes and Effect Analysis
Operationally Critical Threat - Asset - and Vulnerability Evaluation

20. Risk mgmt method with much broader focus than IT security
ISO/IEC 27001
due care
performance baseline
AS/NZS 4360

21. NIST risk management methodology
Information Technology Infrastructure Library (ITIL)
SP 800-30
ISO 17799
ISO 17799

22. Possiblity of damage and the ramifications should it occur
security program
risk
Information Security Management
security governanace

23. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
port scanner
corporate security officer
COSO
OCTAVE

24. SLE x ARO - (ALE)
annualized loss expectancy
Information Technology Infrastructure Library (ITIL)
SP 800-30
OVAL

25. Type of audit that checks information classification and change control procedures
administrative
countermeasure
COSO
CobiT

26. Assurance of accurancy and reliability of information and systems
Control Objectives for Information and related Technology
integrity
AS/NZS 4360
mappers

27. The tools - personnel and business processes necessary to ensure that security meets needs
security governanace
elcomsoft
Committee of Sponsoring Organizations
physical

28. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
vulnerability
Information Technology Infrastructure Library (ITIL)
security program
john the ripper

29. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
network mapping
fault tree analysis
ISO 17799
exposure factor

30. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
vulnerability scanner
risk catagories
firewall
FMEA

31. The following tools (Nessus - Qualys - Retina) are ______________ scanners
L0phtCrack
protocol analyzer
penetration
vulnerability

32. The asset's value multiplied by the EF percentage - (SLE)
ISO/IEC 27002
tactical
single loss expectancy
Operationally Critical Threat - Asset - and Vulnerability Evaluation

33. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
ISO/IEC 27002
OCTAVE
corporate security officer
L0phtCrack

34. An open language from mitre.org for determining vulnerabilities and problems on computer systems
firewall
OVAL
risk mitigation
CISO

35. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
chief information security officer
Information Technology Infrastructure Library (ITIL)
elcomsoft
BS7799

36. Mitigates a potential risk
vulnerability
countermeasure
risk catagories
escalation

37. Focus on service level agreements between IT dept and internal customers
vulnerability scanner
risk analysis
single loss expectancy
ITIL

38. CSO
ISO/IEC 27005
penetration
exposure
corporate security officer

39. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
annualized rate of occurrence
security program
SP 800-30
COSO

40. Midterm goals
ISO 17799
tactical
vulnerability
security program

41. Corporate governance at the strategic level
COSO
security officer
risk
penetration

42. CobiT
risk analysis
ISO/IEC 27004
Failure Modes and Effect Analysis
Control Objectives for Information and related Technology

43. Responsible for information classification and protection
Information risk management
CobiT
data owner
delayed

44. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
risk
tactical
BS7799
CobiT

45. The likelihood of exploitation and the loss potential
CISO
availability
risk
ISO/IEC 27799

46. A log that can record outgoing requests - incoming traffic - and internet usage
risk mitigation
firewall
risk analysis
FMEA

47. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
FMEA
Information Security Management
blueprints
vulnerability scanner

48. Expected or predetermined performance level - developed from policy - performance - requirements
technical
performance baseline
No events - Errors only - Errors and warnings - All events
FRAP

49. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
annualized rate of occurrence
protocol analyzer
risk
L0phtCrack

50. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
CobiT
firewall
risk catagories
annualized rate of occurrence