Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Risk mgmt method with much broader focus than IT security
AS/NZS 4360
technical
COSO
confidentiality

2. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
port scanner
ISO 17799
Information Technology Infrastructure Library (ITIL)
single loss expectancy

3. Type of audit that checks that accounts - groups and roles are correctly assigned
blueprints
fault tree analysis
security program
privilege

4. CSO
COSO
integrity
privilege
corporate security officer

5. Tools to ID - develop - and design security requirements for business needs
chief information security officer
risk anlysis
Facilitated Risk Analysis Process
blueprints

6. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
performance monitor
No events - Errors only - Errors and warnings - All events
threat
network mapping

7. Daily goals focused on productivity and task-oriented activities
SP 800-30
operational
risk analysis
AS/NZS 4360

8. Type of audit that checks that network resources - systems and software are used appropriately
FRAP
FMEA
planning horizon
usage

9. De facto standard of best practices for IT service mgmt
No events - Errors only - Errors and warnings - All events
privilege
Information Technology Infrastructure Library (ITIL)
mappers

10. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
CobiT
penetration
Operationally Critical Threat - Asset - and Vulnerability Evaluation
security program

11. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
risk
corporate security officer
physical
ISO/IEC 27799

12. Guide to illustrate how to protect personal health information
usage
mappers
ISO/IEC 27799
annualized rate of occurrence

13. SLE x ARO - (ALE)
ISO 17799
FMEA
annualized loss expectancy
security governanace

14. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
performance baseline
countermeasure
FMEA
performance monitor

15. Possiblity of damage and the ramifications should it occur
risk
security program
technical
due care

16. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
CISO
CISO
risk
due care

17. Derived from the COSO framework
Information Security Management
operational
vulnerability
CobiT

18. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
strategic
corporate security officer
exposure factor
Control Objectives for Information and related Technology

19. CobiT
risk anlysis
Control Objectives for Information and related Technology
escalation
annualized loss expectancy

20. Type of audit that checks information classification and change control procedures
strategic
administrative
vulnerability
COSO

21. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
performance baseline
risk catagories
ITIL
exposure

22. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
mappers
annualized rate of occurrence
escalation
CISO

23. NIST risk management methodology
ITIL
strategic
CobiT
SP 800-30

24. Information security managment measurements
fault tree analysis
ISO/IEC 27004
administrative
blueprints

25. Responsible for information classification and protection
data owner
exposure factor
COSO
administrative

26. Corporate governance at the strategic level
escalation
exposure factor
COSO
ISO 17799

27. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
risk anlysis
Failure Modes and Effect Analysis
SP 800-30
ISO/IEC 27002

28. Mitigates a potential risk
Information Security Management
countermeasure
corporate security officer
network mapping

29. Type of audit that checks procedures and policies for escalating issues to management
administrative
escalation
technical
ITIL

30. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
risk analysis
vulnerability
chief information security officer
security program

31. The tools - personnel and business processes necessary to ensure that security meets needs
security governanace
qualitative
vulnerability scanner
firewall

32. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
CobiT
qualitative
risk mitigation
tactical

33. The likelihood of exploitation and the loss potential
risk analysis
data owner
risk
security governanace

34. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
network mapping
ISO/IEC 27001
AS/NZS 4360
performance baseline

35. Guide assist in the implemenation of information security based on risk managent approach
corporate security officer
countermeasure
ISO/IEC 27005
operational

36. COSO
risk anlysis
Facilitated Risk Analysis Process
Committee of Sponsoring Organizations
performance monitor

37. Potential danger to information or systems
CobiT
threat
CobiT
risk

38. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
elcomsoft
physical
ISO 17799
BS7799

39. Assurance of accurancy and reliability of information and systems
COSO
integrity
delayed
Information Security Management

40. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
network mapping
security governanace
ISO/IEC 27799
CISO

41. Event levels available for logging in a MS DNS server
escalation
No events - Errors only - Errors and warnings - All events
john the ripper
IRM

42. An instance of being exposed to losses from a threat
administrative
exposure
port scanner
FRAP

43. Made up of ten domains - a mechanism to describe security processes
tactical
due care
ISO 17799
Facilitated Risk Analysis Process

44. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
ISO/IEC 27001
ISO/IEC 27799
network mapping
L0phtCrack

45. Midterm goals
Information Security Management
L0phtCrack
tactical
Information Technology Infrastructure Library (ITIL)

46. An open language from mitre.org for determining vulnerabilities and problems on computer systems
tactical
OVAL
integrity
FRAP

47. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
Information Security Management
ISO 17799
annualized loss expectancy
qualitative

48. ISM Standard
security governanace
Information Security Management
chief information security officer
COSO

49. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
escalation
COSO
john the ripper
OCTAVE

50. Expected or predetermined performance level - developed from policy - performance - requirements
performance baseline
Information Security Management
usage
network mapping