Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
vulnerability
ISO/IEC 27004
escalation
protocol analyzer

2. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
Committee of Sponsoring Organizations
ITIL
ISO/IEC 27001
CISO

3. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
physical
security governanace
mappers
Failure Modes and Effect Analysis

4. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
CISO
administrative
CobiT
penetration

5. Assurance of accurancy and reliability of information and systems
No events - Errors only - Errors and warnings - All events
integrity
operational
risk

6. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
risk catagories
CobiT
Information Security Management
ISO 17799

7. Mitigates a potential risk
fault tree analysis
threat
countermeasure
vulnerability

8. The tools - personnel and business processes necessary to ensure that security meets needs
L0phtCrack
CobiT
security governanace
john the ripper

9. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
ISO/IEC 27002
due care
vulnerability
port scanner

10. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
CobiT
availability
qualitative
risk

11. Collection of controls an organization must have in place
john the ripper
technical
security program
Information Technology Infrastructure Library (ITIL)

12. A log that can record outgoing requests - incoming traffic - and internet usage
Information Technology Infrastructure Library (ITIL)
data owner
security governanace
firewall

13. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
physical
FRAP
escalation
ISO 17799

14. Daily goals focused on productivity and task-oriented activities
operational
CobiT
Information Security Management
BS7799

15. OCTAVE
security officer
integrity
Information risk management
Operationally Critical Threat - Asset - and Vulnerability Evaluation

16. The asset's value multiplied by the EF percentage - (SLE)
ISO/IEC 27002
single loss expectancy
FRAP
network mapping

17. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
usage
performance monitor
john the ripper
security program

18. FMEA
technical
IRM
Failure Modes and Effect Analysis
administrative

19. A weakness (software - hardware - procedural - human) that can be exploited
vulnerability
AS/NZS 4360
Information Technology Infrastructure Library (ITIL)
exposure factor

20. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
COSO
usage
exposure factor
risk catagories

21. IRM
COSO
Information risk management
integrity
OCTAVE

22. Type of audit that checks procedures and policies for escalating issues to management
escalation
Information Technology Infrastructure Library (ITIL)
ISO 17799
risk analysis

23. Used to ID failures in a complex systems to understand underlying causes of threats
fault tree analysis
strategic
ISO 17799
CobiT

24. CSO
planning horizon
CISO
corporate security officer
technical

25. Responsible for communicating to senior mgmt organizational risks and compliance regulations
CISO
Information Security Management
FRAP
integrity

26. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
ISO/IEC 27002
annualized rate of occurrence
FMEA
network mapping

27. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
risk
ISO/IEC 27002
network mapping
FRAP

28. Possiblity of damage and the ramifications should it occur
risk mitigation
risk
security program
IRM

29. Corporate governance at the strategic level
CISO
john the ripper
COSO
risk analysis

30. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
CISO
data owner
vulnerability
security program

31. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
security program
elcomsoft
Committee of Sponsoring Organizations
protocol analyzer

32. FRAP
ISO 17799
Facilitated Risk Analysis Process
firewall
ISO 17799

33. The likelihood of exploitation and the loss potential
Failure Modes and Effect Analysis
risk
Operationally Critical Threat - Asset - and Vulnerability Evaluation
CobiT

34. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
escalation
physical
CobiT
BS7799

35. Controls that implement access control - password mangement - identification and authentication methods - configuration
technical
elcomsoft
SP 800-30
annualized rate of occurrence

36. Type of audit that checks information classification and change control procedures
ISO/IEC 27005
administrative
performance baseline
firewall

37. De facto standard of best practices for IT service mgmt
security program
performance baseline
Information Technology Infrastructure Library (ITIL)
escalation

38. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
COSO
security program
strategic
L0phtCrack

39. Percentage of an asset's value that would be lost in a single incident - (EF)
SP 800-30
exposure factor
protocol analyzer
Information risk management

40. Midterm goals
tactical
COSO
risk catagories
security program

41. SLE x ARO - (ALE)
risk anlysis
annualized loss expectancy
ISO 17799
usage

42. Potential danger to information or systems
threat
strategic
security governanace
network mapping

43. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
single loss expectancy
risk catagories
risk anlysis
FMEA

44. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
countermeasure
CobiT
security program
ISO/IEC 27004

45. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
exposure factor
risk mitigation
IRM
AS/NZS 4360

46. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
L0phtCrack
FRAP
risk
ISO/IEC 27005

47. An instance of being exposed to losses from a threat
exposure
security program
risk
CISO

48. Risk mgmt method with much broader focus than IT security
corporate security officer
qualitative
AS/NZS 4360
availability

49. Responsible for information classification and protection
risk mitigation
penetration
ISO/IEC 27799
data owner

50. Focus on service level agreements between IT dept and internal customers
CobiT
Failure Modes and Effect Analysis
CobiT
ITIL