SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The following tools (Nessus - Qualys - Retina) are ______________ scanners
COSO
vulnerability
operational
exposure
2. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
Control Objectives for Information and related Technology
IRM
vulnerability
threat
3. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
availability
CISO
OCTAVE
FRAP
4. Responsible for information classification and protection
data owner
OCTAVE
ISO/IEC 27799
COSO
5. OCTAVE
Operationally Critical Threat - Asset - and Vulnerability Evaluation
ISO/IEC 27002
performance monitor
Information Security Management
6. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
risk
OVAL
L0phtCrack
usage
7. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
strategic
ISO/IEC 27001
data owner
qualitative
8. The likelihood of exploitation and the loss potential
blueprints
network mapping
COSO
risk
9. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
performance baseline
usage
exposure factor
port scanner
10. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
integrity
security officer
risk analysis
ISO/IEC 27002
11. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
BS7799
security program
exposure factor
Control Objectives for Information and related Technology
12. Midterm goals
tactical
network mapping
ISO/IEC 27799
ISO/IEC 27005
13. Information security managment measurements
elcomsoft
mappers
COSO
ISO/IEC 27004
14. Daily goals focused on productivity and task-oriented activities
operational
mappers
performance baseline
No events - Errors only - Errors and warnings - All events
15. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
No events - Errors only - Errors and warnings - All events
administrative
ISO/IEC 27005
physical
16. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
FRAP
network mapping
annualized rate of occurrence
data owner
17. A weakness (software - hardware - procedural - human) that can be exploited
vulnerability
due care
threat
Information risk management
18. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
escalation
CobiT
Control Objectives for Information and related Technology
chief information security officer
19. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
Failure Modes and Effect Analysis
risk mitigation
network mapping
annualized loss expectancy
20. The asset's value multiplied by the EF percentage - (SLE)
CobiT
risk anlysis
Information risk management
single loss expectancy
21. An open language from mitre.org for determining vulnerabilities and problems on computer systems
tactical
No events - Errors only - Errors and warnings - All events
ITIL
OVAL
22. A log that can record outgoing requests - incoming traffic - and internet usage
Committee of Sponsoring Organizations
firewall
countermeasure
performance monitor
23. Ensures managment security directives are fulfilled
Information risk management
security officer
vulnerability
CobiT
24. Mitigates a potential risk
security program
exposure factor
risk
countermeasure
25. Type of audit that checks that network resources - systems and software are used appropriately
Failure Modes and Effect Analysis
exposure factor
physical
usage
26. Derived from the COSO framework
Committee of Sponsoring Organizations
risk anlysis
CobiT
exposure factor
27. Assurance of accurancy and reliability of information and systems
integrity
BS7799
annualized loss expectancy
Control Objectives for Information and related Technology
28. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
COSO
physical
strategic
risk catagories
29. __________ loss has a negative effect after a vulnerability is initially exploited
penetration
delayed
performance baseline
risk analysis
30. Possiblity of damage and the ramifications should it occur
risk
Failure Modes and Effect Analysis
FMEA
AS/NZS 4360
31. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
blueprints
physical
FMEA
COSO
32. De facto standard of best practices for IT service mgmt
Information Technology Infrastructure Library (ITIL)
threat
Failure Modes and Effect Analysis
Operationally Critical Threat - Asset - and Vulnerability Evaluation
33. Controls that implement access control - password mangement - identification and authentication methods - configuration
AS/NZS 4360
No events - Errors only - Errors and warnings - All events
usage
technical
34. An instance of being exposed to losses from a threat
port scanner
data owner
FRAP
exposure
35. CISO
COSO
chief information security officer
firewall
ISO/IEC 27001
36. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
administrative
penetration
CobiT
integrity
37. Guide to illustrate how to protect personal health information
technical
Information Security Management
ISO/IEC 27799
ISO 17799
38. Guide assist in the implemenation of information security based on risk managent approach
ISO/IEC 27005
exposure factor
CobiT
SP 800-30
39. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
physical
L0phtCrack
tactical
due care
40. CSO
administrative
security program
privilege
corporate security officer
41. IRM
protocol analyzer
COSO
Information risk management
Failure Modes and Effect Analysis
42. Ensures necessary level of secrecy and prevents unauthorized disclosure
chief information security officer
confidentiality
privilege
OCTAVE
43. CobiT
Control Objectives for Information and related Technology
delayed
CISO
strategic
44. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
IRM
technical
annualized loss expectancy
elcomsoft
45. Risk mgmt method with much broader focus than IT security
performance baseline
technical
AS/NZS 4360
corporate security officer
46. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
corporate security officer
risk catagories
ISO 17799
Information Technology Infrastructure Library (ITIL)
47. Corporate governance at the strategic level
due care
COSO
countermeasure
risk analysis
48. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
qualitative
data owner
fault tree analysis
vulnerability scanner
49. Focus on service level agreements between IT dept and internal customers
exposure factor
ITIL
due care
network mapping
50. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
OCTAVE
risk mitigation
CobiT
COSO