SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The likelihood of exploitation and the loss potential
risk analysis
risk
exposure
countermeasure
2. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
blueprints
chief information security officer
Committee of Sponsoring Organizations
FMEA
3. Ensures necessary level of secrecy and prevents unauthorized disclosure
planning horizon
ISO 17799
confidentiality
Information Technology Infrastructure Library (ITIL)
4. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
CobiT
mappers
CobiT
security program
5. Ensures managment security directives are fulfilled
ISO/IEC 27001
administrative
security officer
tactical
6. Focus on service level agreements between IT dept and internal customers
vulnerability
exposure
ITIL
vulnerability
7. OCTAVE
ITIL
availability
countermeasure
Operationally Critical Threat - Asset - and Vulnerability Evaluation
8. Type of audit that checks that network resources - systems and software are used appropriately
vulnerability
usage
risk anlysis
countermeasure
9. Responsible for information classification and protection
CISO
physical
risk
data owner
10. Tools to ID - develop - and design security requirements for business needs
network mapping
security program
BS7799
blueprints
11. Type of audit that checks information classification and change control procedures
administrative
SP 800-30
fault tree analysis
protocol analyzer
12. Potential danger to information or systems
integrity
single loss expectancy
threat
No events - Errors only - Errors and warnings - All events
13. The asset's value multiplied by the EF percentage - (SLE)
exposure
ISO/IEC 27799
single loss expectancy
network mapping
14. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
OCTAVE
IRM
elcomsoft
exposure factor
15. Midterm goals
corporate security officer
Operationally Critical Threat - Asset - and Vulnerability Evaluation
security governanace
tactical
16. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
vulnerability
delayed
risk analysis
Information risk management
17. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
L0phtCrack
FMEA
COSO
CISO
18. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
CISO
risk catagories
COSO
elcomsoft
19. FMEA
Failure Modes and Effect Analysis
OCTAVE
data owner
IRM
20. COSO
Information Technology Infrastructure Library (ITIL)
COSO
Committee of Sponsoring Organizations
IRM
21. Provides a cost/benefit comparision
threat
risk analysis
operational
performance monitor
22. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
CobiT
annualized loss expectancy
CobiT
network mapping
23. A log that can record outgoing requests - incoming traffic - and internet usage
ISO/IEC 27005
risk mitigation
tactical
firewall
24. Derived from the COSO framework
annualized rate of occurrence
network mapping
CobiT
exposure factor
25. Guide assist in the implemenation of information security based on risk managent approach
CobiT
network mapping
fault tree analysis
ISO/IEC 27005
26. Daily goals focused on productivity and task-oriented activities
firewall
vulnerability
FMEA
operational
27. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
data owner
countermeasure
COSO
CobiT
28. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
FMEA
due care
L0phtCrack
AS/NZS 4360
29. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
AS/NZS 4360
security governanace
COSO
protocol analyzer
30. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
FRAP
ITIL
CobiT
Failure Modes and Effect Analysis
31. Responsible for communicating to senior mgmt organizational risks and compliance regulations
CISO
risk mitigation
SP 800-30
vulnerability
32. Number of time the incident might occur annually - (ARO)
ISO/IEC 27002
ISO/IEC 27799
annualized rate of occurrence
firewall
33. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
john the ripper
CobiT
physical
CISO
34. FRAP
privilege
Facilitated Risk Analysis Process
risk anlysis
port scanner
35. Controls that implement access control - password mangement - identification and authentication methods - configuration
firewall
usage
IRM
technical
36. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
port scanner
FMEA
technical
Information Security Management
37. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
Failure Modes and Effect Analysis
performance monitor
vulnerability
AS/NZS 4360
38. Assurance of accurancy and reliability of information and systems
exposure factor
SP 800-30
operational
integrity
39. Expected or predetermined performance level - developed from policy - performance - requirements
data owner
planning horizon
administrative
performance baseline
40. CISO
OVAL
usage
chief information security officer
ITIL
41. Strategic - tactical and operational planning
vulnerability
planning horizon
FMEA
blueprints
42. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
data owner
firewall
confidentiality
due care
43. Used to ID failures in a complex systems to understand underlying causes of threats
Operationally Critical Threat - Asset - and Vulnerability Evaluation
administrative
fault tree analysis
john the ripper
44. Mitigates a potential risk
strategic
ITIL
technical
countermeasure
45. Risk mgmt method with much broader focus than IT security
usage
AS/NZS 4360
mappers
CobiT
46. IRM
privilege
Information risk management
administrative
ISO/IEC 27002
47. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
security program
COSO
CobiT
strategic
48. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
john the ripper
BS7799
CISO
risk analysis
49. IT governance at the operational level
risk catagories
COSO
CobiT
firewall
50. Type of audit that checks that accounts - groups and roles are correctly assigned
FMEA
vulnerability
technical
privilege