SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. De facto standard of best practices for IT service mgmt
chief information security officer
Information Technology Infrastructure Library (ITIL)
administrative
Information risk management
2. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
strategic
integrity
elcomsoft
confidentiality
3. Event levels available for logging in a MS DNS server
escalation
No events - Errors only - Errors and warnings - All events
operational
risk analysis
4. Responsible for communicating to senior mgmt organizational risks and compliance regulations
risk analysis
risk analysis
CISO
performance baseline
5. CSO
escalation
CobiT
data owner
corporate security officer
6. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
CobiT
protocol analyzer
confidentiality
firewall
7. Made up of ten domains - a mechanism to describe security processes
ISO 17799
single loss expectancy
risk
planning horizon
8. Possiblity of damage and the ramifications should it occur
risk
AS/NZS 4360
Information Technology Infrastructure Library (ITIL)
administrative
9. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
vulnerability
delayed
annualized rate of occurrence
mappers
10. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
vulnerability
CobiT
penetration
escalation
11. Derived from the COSO framework
CobiT
planning horizon
qualitative
IRM
12. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
risk analysis
risk analysis
Failure Modes and Effect Analysis
BS7799
13. Guide to illustrate how to protect personal health information
CISO
confidentiality
ISO/IEC 27799
ISO/IEC 27001
14. Strategic - tactical and operational planning
planning horizon
IRM
ISO/IEC 27002
FRAP
15. Risk mgmt method with much broader focus than IT security
exposure factor
AS/NZS 4360
CISO
Failure Modes and Effect Analysis
16. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
CobiT
FMEA
OCTAVE
CobiT
17. OCTAVE
annualized rate of occurrence
FRAP
Operationally Critical Threat - Asset - and Vulnerability Evaluation
technical
18. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
COSO
data owner
IRM
annualized loss expectancy
19. Expected or predetermined performance level - developed from policy - performance - requirements
countermeasure
exposure factor
performance baseline
delayed
20. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
physical
CISO
risk catagories
risk mitigation
21. Number of time the incident might occur annually - (ARO)
FMEA
administrative
OCTAVE
annualized rate of occurrence
22. A weakness (software - hardware - procedural - human) that can be exploited
vulnerability
physical
OVAL
administrative
23. The following tools (Nessus - Qualys - Retina) are ______________ scanners
vulnerability
single loss expectancy
No events - Errors only - Errors and warnings - All events
Information Security Management
24. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
Control Objectives for Information and related Technology
strategic
CobiT
COSO
25. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
COSO
OCTAVE
port scanner
john the ripper
26. Focus on service level agreements between IT dept and internal customers
ITIL
security program
qualitative
confidentiality
27. The asset's value multiplied by the EF percentage - (SLE)
single loss expectancy
Information Technology Infrastructure Library (ITIL)
Information risk management
AS/NZS 4360
28. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
strategic
IRM
L0phtCrack
escalation
29. The tools - personnel and business processes necessary to ensure that security meets needs
security governanace
due care
risk catagories
elcomsoft
30. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
port scanner
risk
ISO 17799
security program
31. SLE x ARO - (ALE)
planning horizon
annualized loss expectancy
Committee of Sponsoring Organizations
port scanner
32. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
FRAP
security program
penetration
data owner
33. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
OCTAVE
performance monitor
Information Security Management
Committee of Sponsoring Organizations
34. Assurance of accurancy and reliability of information and systems
integrity
blueprints
exposure factor
ISO 17799
35. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
ISO 17799
network mapping
COSO
physical
36. Type of audit that checks that accounts - groups and roles are correctly assigned
privilege
ITIL
risk
FRAP
37. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
FMEA
blueprints
escalation
ISO/IEC 27002
38. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
corporate security officer
ISO/IEC 27799
FRAP
Failure Modes and Effect Analysis
39. Used to ID failures in a complex systems to understand underlying causes of threats
fault tree analysis
exposure
COSO
chief information security officer
40. An open language from mitre.org for determining vulnerabilities and problems on computer systems
FRAP
IRM
OVAL
qualitative
41. Midterm goals
tactical
COSO
ISO 17799
countermeasure
42. Controls that implement access control - password mangement - identification and authentication methods - configuration
penetration
vulnerability scanner
technical
blueprints
43. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
CobiT
vulnerability
protocol analyzer
CobiT
44. Ensures necessary level of secrecy and prevents unauthorized disclosure
FMEA
elcomsoft
confidentiality
physical
45. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
vulnerability
COSO
CISO
risk catagories
46. Provides a cost/benefit comparision
administrative
risk analysis
operational
risk catagories
47. ISM Standard
Information Security Management
confidentiality
annualized loss expectancy
usage
48. An instance of being exposed to losses from a threat
technical
exposure
COSO
Control Objectives for Information and related Technology
49. IRM
CobiT
OCTAVE
administrative
Information risk management
50. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
vulnerability
blueprints
COSO
CobiT