SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Information security managment measurements
ISO/IEC 27004
ISO 17799
protocol analyzer
COSO
2. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
CISO
chief information security officer
Information Security Management
L0phtCrack
3. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
CobiT
No events - Errors only - Errors and warnings - All events
risk analysis
elcomsoft
4. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
strategic
countermeasure
risk analysis
network mapping
5. Possiblity of damage and the ramifications should it occur
risk
IRM
CobiT
BS7799
6. IT governance at the operational level
protocol analyzer
confidentiality
CobiT
fault tree analysis
7. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
OCTAVE
operational
ISO 17799
vulnerability
8. CobiT
countermeasure
Control Objectives for Information and related Technology
FMEA
OVAL
9. Guide to illustrate how to protect personal health information
Information risk management
ISO/IEC 27799
Operationally Critical Threat - Asset - and Vulnerability Evaluation
delayed
10. ISM Standard
SP 800-30
Information risk management
risk analysis
Information Security Management
11. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
ISO/IEC 27005
vulnerability scanner
physical
elcomsoft
12. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
AS/NZS 4360
firewall
ISO/IEC 27002
network mapping
13. The asset's value multiplied by the EF percentage - (SLE)
ISO/IEC 27799
ISO/IEC 27005
single loss expectancy
threat
14. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
ISO/IEC 27002
technical
availability
AS/NZS 4360
15. Strategic - tactical and operational planning
confidentiality
CISO
planning horizon
CobiT
16. Derived from the COSO framework
CobiT
L0phtCrack
IRM
Facilitated Risk Analysis Process
17. Corporate governance at the strategic level
risk
security program
firewall
COSO
18. FRAP
Facilitated Risk Analysis Process
planning horizon
Failure Modes and Effect Analysis
administrative
19. Provides a cost/benefit comparision
ITIL
confidentiality
Information risk management
risk analysis
20. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
COSO
exposure
blueprints
CISO
21. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
performance baseline
network mapping
administrative
security program
22. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
ITIL
BS7799
CobiT
security governanace
23. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
CobiT
COSO
ISO 17799
security program
24. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
risk analysis
performance monitor
CobiT
technical
25. An open language from mitre.org for determining vulnerabilities and problems on computer systems
CobiT
ISO/IEC 27001
OVAL
security officer
26. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
threat
risk catagories
ISO/IEC 27001
ISO/IEC 27799
27. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
ISO 17799
security officer
mappers
risk analysis
28. De facto standard of best practices for IT service mgmt
risk analysis
countermeasure
ISO 17799
Information Technology Infrastructure Library (ITIL)
29. Responsible for information classification and protection
confidentiality
corporate security officer
data owner
CISO
30. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond
Operationally Critical Threat - Asset - and Vulnerability Evaluation
ISO/IEC 27004
CobiT
COSO
31. Risk mgmt method with much broader focus than IT security
AS/NZS 4360
CISO
usage
performance baseline
32. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
COSO
ISO/IEC 27001
risk anlysis
strategic
33. Responsible for communicating to senior mgmt organizational risks and compliance regulations
elcomsoft
port scanner
IRM
CISO
34. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
usage
john the ripper
vulnerability
Facilitated Risk Analysis Process
35. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
protocol analyzer
risk
Information Security Management
qualitative
36. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
mappers
BS7799
port scanner
security governanace
37. SLE x ARO - (ALE)
operational
L0phtCrack
AS/NZS 4360
annualized loss expectancy
38. Guide assist in the implemenation of information security based on risk managent approach
risk anlysis
exposure
FRAP
ISO/IEC 27005
39. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
security program
chief information security officer
administrative
blueprints
40. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
mappers
protocol analyzer
risk analysis
planning horizon
41. Ensures managment security directives are fulfilled
CobiT
security officer
AS/NZS 4360
BS7799
42. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
BS7799
operational
Committee of Sponsoring Organizations
IRM
43. Daily goals focused on productivity and task-oriented activities
operational
mappers
technical
penetration
44. Ensures necessary level of secrecy and prevents unauthorized disclosure
technical
Facilitated Risk Analysis Process
confidentiality
L0phtCrack
45. Used to ID failures in a complex systems to understand underlying causes of threats
fault tree analysis
planning horizon
security program
due care
46. OCTAVE
vulnerability
Operationally Critical Threat - Asset - and Vulnerability Evaluation
risk anlysis
security officer
47. NIST risk management methodology
security governanace
SP 800-30
protocol analyzer
CISO
48. FMEA
security program
OCTAVE
Failure Modes and Effect Analysis
Information Technology Infrastructure Library (ITIL)
49. CISO
risk analysis
chief information security officer
mappers
ISO/IEC 27001
50. The following tools (Nessus - Qualys - Retina) are ______________ scanners
blueprints
risk catagories
vulnerability
No events - Errors only - Errors and warnings - All events