SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. NIST risk management methodology
network mapping
SP 800-30
security program
risk anlysis
2. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
penetration
availability
mappers
ITIL
3. Percentage of an asset's value that would be lost in a single incident - (EF)
ISO/IEC 27005
countermeasure
security program
exposure factor
4. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
integrity
protocol analyzer
risk catagories
physical
5. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
risk analysis
security program
protocol analyzer
COSO
6. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
FMEA
network mapping
performance monitor
availability
7. Responsible for information classification and protection
OVAL
COSO
OCTAVE
data owner
8. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
vulnerability
No events - Errors only - Errors and warnings - All events
penetration
risk catagories
9. Type of audit that checks procedures and policies for escalating issues to management
firewall
OVAL
escalation
FRAP
10. __________ loss has a negative effect after a vulnerability is initially exploited
administrative
vulnerability scanner
delayed
Facilitated Risk Analysis Process
11. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
FMEA
CISO
qualitative
FMEA
12. The asset's value multiplied by the EF percentage - (SLE)
single loss expectancy
performance baseline
security governanace
due care
13. Tools to ID - develop - and design security requirements for business needs
due care
data owner
blueprints
risk analysis
14. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
risk analysis
risk
Information risk management
annualized rate of occurrence
15. Made up of ten domains - a mechanism to describe security processes
security governanace
ISO 17799
threat
risk
16. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
CISO
IRM
port scanner
Information Security Management
17. Ensures reliable timely access to data/resources to authorized individuals
data owner
availability
CobiT
integrity
18. FMEA
Failure Modes and Effect Analysis
Information risk management
COSO
technical
19. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
risk anlysis
L0phtCrack
CobiT
administrative
20. De facto standard of best practices for IT service mgmt
penetration
Control Objectives for Information and related Technology
elcomsoft
Information Technology Infrastructure Library (ITIL)
21. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
CISO
elcomsoft
network mapping
OCTAVE
22. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
Facilitated Risk Analysis Process
strategic
performance monitor
risk analysis
23. Guide to illustrate how to protect personal health information
annualized loss expectancy
fault tree analysis
ISO/IEC 27799
planning horizon
24. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
due care
physical
security governanace
Failure Modes and Effect Analysis
25. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
countermeasure
threat
performance monitor
administrative
26. Possiblity of damage and the ramifications should it occur
vulnerability
risk
penetration
ISO 17799
27. Used to ID failures in a complex systems to understand underlying causes of threats
security officer
privilege
fault tree analysis
ITIL
28. The likelihood of exploitation and the loss potential
risk
ITIL
ISO/IEC 27002
elcomsoft
29. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
mappers
ISO/IEC 27002
ISO/IEC 27001
IRM
30. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
due care
physical
Facilitated Risk Analysis Process
security program
31. CSO
corporate security officer
security program
elcomsoft
risk catagories
32. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
mappers
OCTAVE
operational
ISO/IEC 27004
33. Type of audit that checks information classification and change control procedures
chief information security officer
administrative
risk catagories
vulnerability
34. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
FRAP
ISO 17799
security program
IRM
35. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
Information Security Management
john the ripper
SP 800-30
annualized rate of occurrence
36. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
Information Security Management
COSO
vulnerability
vulnerability scanner
37. The tools - personnel and business processes necessary to ensure that security meets needs
security governanace
COSO
FRAP
COSO
38. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
blueprints
ISO 17799
ISO/IEC 27005
Information risk management
39. Event levels available for logging in a MS DNS server
No events - Errors only - Errors and warnings - All events
AS/NZS 4360
OCTAVE
vulnerability scanner
40. Daily goals focused on productivity and task-oriented activities
COSO
qualitative
operational
Facilitated Risk Analysis Process
41. Number of time the incident might occur annually - (ARO)
annualized rate of occurrence
COSO
ISO/IEC 27001
COSO
42. Type of audit that checks that network resources - systems and software are used appropriately
port scanner
usage
ISO 17799
planning horizon
43. CobiT
Control Objectives for Information and related Technology
strategic
ISO 17799
annualized loss expectancy
44. Risk mgmt method with much broader focus than IT security
Information Security Management
performance monitor
AS/NZS 4360
administrative
45. Collection of controls an organization must have in place
security program
FMEA
mappers
L0phtCrack
46. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
Information risk management
SP 800-30
COSO
annualized loss expectancy
47. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
corporate security officer
CobiT
ITIL
annualized loss expectancy
48. Derived from the COSO framework
risk analysis
annualized rate of occurrence
CobiT
ISO/IEC 27004
49. Midterm goals
tactical
FRAP
risk analysis
CISO
50. Mitigates a potential risk
countermeasure
elcomsoft
security officer
penetration