SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
privilege
protocol analyzer
elcomsoft
planning horizon
2. Derived from the COSO framework
CobiT
single loss expectancy
data owner
BS7799
3. Expected or predetermined performance level - developed from policy - performance - requirements
FMEA
No events - Errors only - Errors and warnings - All events
performance baseline
planning horizon
4. Guide to illustrate how to protect personal health information
ISO/IEC 27001
single loss expectancy
ISO/IEC 27799
qualitative
5. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
CISO
penetration
vulnerability
annualized rate of occurrence
6. Percentage of an asset's value that would be lost in a single incident - (EF)
threat
corporate security officer
due care
exposure factor
7. Focus on service level agreements between IT dept and internal customers
ISO/IEC 27799
ITIL
IRM
operational
8. Guide assist in the implemenation of information security based on risk managent approach
Failure Modes and Effect Analysis
ISO/IEC 27005
penetration
john the ripper
9. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
operational
FMEA
No events - Errors only - Errors and warnings - All events
port scanner
10. NIST risk management methodology
risk
AS/NZS 4360
SP 800-30
countermeasure
11. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
risk analysis
delayed
risk catagories
escalation
12. Provides a cost/benefit comparision
exposure factor
risk analysis
CISO
CISO
13. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
Facilitated Risk Analysis Process
ISO 17799
CobiT
technical
14. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
administrative
annualized rate of occurrence
FMEA
risk analysis
15. CobiT
performance baseline
Control Objectives for Information and related Technology
risk catagories
L0phtCrack
16. Information security managment measurements
ISO/IEC 27004
Control Objectives for Information and related Technology
No events - Errors only - Errors and warnings - All events
L0phtCrack
17. Number of time the incident might occur annually - (ARO)
annualized rate of occurrence
qualitative
integrity
strategic
18. FMEA
CISO
Failure Modes and Effect Analysis
ISO 17799
exposure
19. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
COSO
port scanner
exposure
vulnerability
20. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
performance monitor
security program
risk
corporate security officer
21. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
risk anlysis
Operationally Critical Threat - Asset - and Vulnerability Evaluation
due care
john the ripper
22. Ensures necessary level of secrecy and prevents unauthorized disclosure
firewall
confidentiality
administrative
risk mitigation
23. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
Control Objectives for Information and related Technology
security governanace
network mapping
vulnerability scanner
24. Type of audit that checks information classification and change control procedures
ISO/IEC 27004
administrative
vulnerability scanner
risk
25. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
AS/NZS 4360
single loss expectancy
strategic
FMEA
26. Controls that implement access control - password mangement - identification and authentication methods - configuration
vulnerability
AS/NZS 4360
technical
Information Technology Infrastructure Library (ITIL)
27. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
chief information security officer
technical
mappers
FRAP
28. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
risk anlysis
CISO
CobiT
Failure Modes and Effect Analysis
29. Responsible for information classification and protection
OVAL
administrative
ISO/IEC 27002
data owner
30. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
risk
mappers
Failure Modes and Effect Analysis
elcomsoft
31. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
physical
CobiT
elcomsoft
OCTAVE
32. IT governance at the operational level
risk anlysis
CobiT
performance monitor
Committee of Sponsoring Organizations
33. CISO
chief information security officer
security officer
single loss expectancy
countermeasure
34. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
risk
administrative
protocol analyzer
Committee of Sponsoring Organizations
35. FRAP
privilege
Facilitated Risk Analysis Process
vulnerability
FMEA
36. SLE x ARO - (ALE)
risk analysis
Information Security Management
integrity
annualized loss expectancy
37. Event levels available for logging in a MS DNS server
AS/NZS 4360
No events - Errors only - Errors and warnings - All events
qualitative
Committee of Sponsoring Organizations
38. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
CISO
SP 800-30
blueprints
BS7799
39. Potential danger to information or systems
No events - Errors only - Errors and warnings - All events
ISO/IEC 27004
john the ripper
threat
40. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
planning horizon
security officer
risk analysis
qualitative
41. A weakness (software - hardware - procedural - human) that can be exploited
annualized loss expectancy
ISO 17799
strategic
vulnerability
42. Tools to ID - develop - and design security requirements for business needs
vulnerability
blueprints
CobiT
CobiT
43. Corporate governance at the strategic level
confidentiality
ISO/IEC 27004
COSO
network mapping
44. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
CISO
elcomsoft
Committee of Sponsoring Organizations
Information Technology Infrastructure Library (ITIL)
45. The following tools (Nessus - Qualys - Retina) are ______________ scanners
CobiT
Facilitated Risk Analysis Process
vulnerability
qualitative
46. CSO
corporate security officer
annualized loss expectancy
FMEA
physical
47. COSO
availability
FMEA
ISO 17799
Committee of Sponsoring Organizations
48. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
BS7799
risk
countermeasure
COSO
49. Responsible for communicating to senior mgmt organizational risks and compliance regulations
CISO
fault tree analysis
strategic
ISO/IEC 27001
50. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
COSO
port scanner
Information Technology Infrastructure Library (ITIL)
CobiT