SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
chief information security officer
performance baseline
risk analysis
ISO/IEC 27002
2. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
escalation
OCTAVE
ISO/IEC 27002
COSO
3. COSO
risk anlysis
elcomsoft
tactical
Committee of Sponsoring Organizations
4. The tools - personnel and business processes necessary to ensure that security meets needs
security officer
security governanace
CobiT
escalation
5. Made up of ten domains - a mechanism to describe security processes
risk analysis
AS/NZS 4360
ISO 17799
annualized rate of occurrence
6. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
risk anlysis
exposure
SP 800-30
COSO
7. Ensures necessary level of secrecy and prevents unauthorized disclosure
corporate security officer
confidentiality
Information risk management
BS7799
8. A log that can record outgoing requests - incoming traffic - and internet usage
COSO
Operationally Critical Threat - Asset - and Vulnerability Evaluation
data owner
firewall
9. Number of time the incident might occur annually - (ARO)
exposure
risk
L0phtCrack
annualized rate of occurrence
10. The asset's value multiplied by the EF percentage - (SLE)
FMEA
ISO/IEC 27002
risk anlysis
single loss expectancy
11. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
BS7799
network mapping
firewall
CISO
12. Assurance of accurancy and reliability of information and systems
No events - Errors only - Errors and warnings - All events
strategic
integrity
FMEA
13. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
Information Technology Infrastructure Library (ITIL)
Information Security Management
FMEA
protocol analyzer
14. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
ISO/IEC 27001
Operationally Critical Threat - Asset - and Vulnerability Evaluation
ISO/IEC 27002
vulnerability scanner
15. Ensures managment security directives are fulfilled
security officer
security governanace
confidentiality
COSO
16. The likelihood of exploitation and the loss potential
risk
AS/NZS 4360
FMEA
ISO/IEC 27002
17. Expected or predetermined performance level - developed from policy - performance - requirements
operational
performance baseline
risk analysis
confidentiality
18. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
vulnerability
AS/NZS 4360
usage
CISO
19. OCTAVE
CobiT
vulnerability scanner
Operationally Critical Threat - Asset - and Vulnerability Evaluation
corporate security officer
20. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
elcomsoft
ISO 17799
risk anlysis
corporate security officer
21. SLE x ARO - (ALE)
physical
annualized loss expectancy
BS7799
ISO 17799
22. Guide assist in the implemenation of information security based on risk managent approach
vulnerability
ISO/IEC 27005
vulnerability
firewall
23. Mitigates a potential risk
FRAP
chief information security officer
countermeasure
COSO
24. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
firewall
privilege
No events - Errors only - Errors and warnings - All events
FRAP
25. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
firewall
IRM
CobiT
COSO
26. ISM Standard
blueprints
Information Security Management
OCTAVE
ISO 17799
27. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
escalation
Control Objectives for Information and related Technology
confidentiality
L0phtCrack
28. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
CobiT
mappers
vulnerability
administrative
29. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond
COSO
ISO/IEC 27005
corporate security officer
john the ripper
30. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
protocol analyzer
performance monitor
ITIL
qualitative
31. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
vulnerability
ITIL
vulnerability scanner
No events - Errors only - Errors and warnings - All events
32. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
corporate security officer
risk anlysis
risk analysis
port scanner
33. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
due care
network mapping
security officer
protocol analyzer
34. Information security managment measurements
exposure
ISO/IEC 27004
data owner
countermeasure
35. Controls that implement access control - password mangement - identification and authentication methods - configuration
countermeasure
CobiT
chief information security officer
technical
36. Potential danger to information or systems
COSO
risk analysis
threat
administrative
37. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
SP 800-30
risk mitigation
risk analysis
BS7799
38. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
Information risk management
usage
security program
strategic
39. IRM
CobiT
Information risk management
ISO/IEC 27004
security governanace
40. Focus on service level agreements between IT dept and internal customers
FMEA
ITIL
CISO
usage
41. Collection of controls an organization must have in place
performance baseline
Operationally Critical Threat - Asset - and Vulnerability Evaluation
security program
planning horizon
42. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
ISO/IEC 27001
risk mitigation
Information risk management
CobiT
43. Risk mgmt method with much broader focus than IT security
port scanner
blueprints
AS/NZS 4360
threat
44. An instance of being exposed to losses from a threat
annualized loss expectancy
exposure
mappers
CobiT
45. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
No events - Errors only - Errors and warnings - All events
vulnerability scanner
IRM
physical
46. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
Committee of Sponsoring Organizations
chief information security officer
CISO
network mapping
47. Used to ID failures in a complex systems to understand underlying causes of threats
corporate security officer
risk mitigation
single loss expectancy
fault tree analysis
48. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
exposure
data owner
john the ripper
ISO/IEC 27002
49. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
risk catagories
blueprints
No events - Errors only - Errors and warnings - All events
ISO/IEC 27004
50. Type of audit that checks that accounts - groups and roles are correctly assigned
vulnerability
Operationally Critical Threat - Asset - and Vulnerability Evaluation
privilege
elcomsoft