SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An instance of being exposed to losses from a threat
CobiT
ISO/IEC 27004
privilege
exposure
2. De facto standard of best practices for IT service mgmt
countermeasure
Information Technology Infrastructure Library (ITIL)
FMEA
risk
3. ISM Standard
Information Security Management
annualized loss expectancy
security program
risk
4. The tools - personnel and business processes necessary to ensure that security meets needs
chief information security officer
risk analysis
single loss expectancy
security governanace
5. Guide to illustrate how to protect personal health information
Facilitated Risk Analysis Process
ISO/IEC 27799
planning horizon
confidentiality
6. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
risk anlysis
risk
performance monitor
security officer
7. Strategic - tactical and operational planning
planning horizon
risk analysis
threat
john the ripper
8. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
vulnerability scanner
Failure Modes and Effect Analysis
administrative
risk catagories
9. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
Information Security Management
L0phtCrack
security governanace
IRM
10. Risk mgmt method with much broader focus than IT security
performance monitor
ISO/IEC 27002
operational
AS/NZS 4360
11. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
ISO/IEC 27001
Information risk management
FRAP
performance baseline
12. A weakness (software - hardware - procedural - human) that can be exploited
exposure
exposure factor
vulnerability
mappers
13. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond
ISO/IEC 27001
COSO
annualized rate of occurrence
risk analysis
14. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
vulnerability scanner
risk catagories
integrity
CobiT
15. __________ loss has a negative effect after a vulnerability is initially exploited
delayed
firewall
No events - Errors only - Errors and warnings - All events
privilege
16. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
COSO
OCTAVE
ISO/IEC 27004
administrative
17. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
network mapping
port scanner
john the ripper
CobiT
18. Responsible for information classification and protection
risk
data owner
exposure factor
Committee of Sponsoring Organizations
19. Ensures managment security directives are fulfilled
integrity
exposure
ISO/IEC 27005
security officer
20. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
vulnerability
No events - Errors only - Errors and warnings - All events
tactical
ISO/IEC 27799
21. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
COSO
qualitative
ISO/IEC 27004
Control Objectives for Information and related Technology
22. FRAP
Facilitated Risk Analysis Process
performance monitor
BS7799
CISO
23. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
ISO/IEC 27799
No events - Errors only - Errors and warnings - All events
FMEA
annualized loss expectancy
24. Number of time the incident might occur annually - (ARO)
annualized rate of occurrence
usage
FRAP
john the ripper
25. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
CISO
security program
risk analysis
Operationally Critical Threat - Asset - and Vulnerability Evaluation
26. Type of audit that checks that accounts - groups and roles are correctly assigned
privilege
strategic
ISO 17799
firewall
27. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
usage
performance monitor
ITIL
firewall
28. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
protocol analyzer
integrity
vulnerability
COSO
29. COSO
Information Security Management
CobiT
operational
Committee of Sponsoring Organizations
30. The following tools (Nessus - Qualys - Retina) are ______________ scanners
vulnerability
single loss expectancy
mappers
CobiT
31. Assurance of accurancy and reliability of information and systems
risk
integrity
ISO/IEC 27799
escalation
32. Expected or predetermined performance level - developed from policy - performance - requirements
performance baseline
IRM
usage
risk
33. Used to ID failures in a complex systems to understand underlying causes of threats
fault tree analysis
firewall
strategic
performance monitor
34. Daily goals focused on productivity and task-oriented activities
risk analysis
risk analysis
vulnerability scanner
operational
35. Collection of controls an organization must have in place
security program
exposure
performance baseline
Information risk management
36. An open language from mitre.org for determining vulnerabilities and problems on computer systems
FMEA
OVAL
physical
ITIL
37. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
port scanner
annualized loss expectancy
risk catagories
performance monitor
38. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
L0phtCrack
integrity
ISO/IEC 27005
Operationally Critical Threat - Asset - and Vulnerability Evaluation
39. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
qualitative
security governanace
COSO
tactical
40. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
physical
firewall
security governanace
administrative
41. The likelihood of exploitation and the loss potential
exposure factor
risk
Failure Modes and Effect Analysis
network mapping
42. Information security managment measurements
ISO/IEC 27004
L0phtCrack
AS/NZS 4360
single loss expectancy
43. Guide assist in the implemenation of information security based on risk managent approach
ISO/IEC 27005
data owner
john the ripper
Failure Modes and Effect Analysis
44. IRM
Information risk management
FMEA
risk catagories
strategic
45. Type of audit that checks that network resources - systems and software are used appropriately
annualized rate of occurrence
ITIL
usage
OCTAVE
46. NIST risk management methodology
IRM
risk
SP 800-30
Operationally Critical Threat - Asset - and Vulnerability Evaluation
47. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
ISO/IEC 27001
annualized loss expectancy
exposure factor
CISO
48. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
BS7799
COSO
No events - Errors only - Errors and warnings - All events
planning horizon
49. Possiblity of damage and the ramifications should it occur
performance monitor
risk
vulnerability
ISO/IEC 27001
50. OCTAVE
vulnerability
Failure Modes and Effect Analysis
countermeasure
Operationally Critical Threat - Asset - and Vulnerability Evaluation