SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Mitigates a potential risk
network mapping
ISO/IEC 27005
countermeasure
security program
2. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
OCTAVE
risk
OVAL
Failure Modes and Effect Analysis
3. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
ISO/IEC 27005
elcomsoft
vulnerability
ITIL
4. CISO
penetration
Information Security Management
chief information security officer
risk analysis
5. Percentage of an asset's value that would be lost in a single incident - (EF)
protocol analyzer
exposure factor
FMEA
penetration
6. SLE x ARO - (ALE)
chief information security officer
annualized loss expectancy
mappers
vulnerability
7. A weakness (software - hardware - procedural - human) that can be exploited
ITIL
physical
vulnerability
due care
8. Used to ID failures in a complex systems to understand underlying causes of threats
countermeasure
fault tree analysis
operational
vulnerability scanner
9. Event levels available for logging in a MS DNS server
blueprints
risk
No events - Errors only - Errors and warnings - All events
Failure Modes and Effect Analysis
10. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
physical
risk mitigation
ISO 17799
annualized loss expectancy
11. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
availability
tactical
ISO/IEC 27799
risk catagories
12. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
security governanace
Operationally Critical Threat - Asset - and Vulnerability Evaluation
network mapping
annualized rate of occurrence
13. Potential danger to information or systems
threat
risk catagories
risk
corporate security officer
14. Possiblity of damage and the ramifications should it occur
operational
risk
performance baseline
network mapping
15. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
risk mitigation
security program
ISO/IEC 27001
vulnerability
16. Responsible for communicating to senior mgmt organizational risks and compliance regulations
countermeasure
ISO 17799
COSO
CISO
17. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
vulnerability
single loss expectancy
exposure factor
FMEA
18. Strategic - tactical and operational planning
exposure
planning horizon
vulnerability
availability
19. Expected or predetermined performance level - developed from policy - performance - requirements
mappers
Information Technology Infrastructure Library (ITIL)
performance baseline
vulnerability
20. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
administrative
ISO/IEC 27002
strategic
AS/NZS 4360
21. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
penetration
annualized loss expectancy
risk
due care
22. IRM
Information Security Management
risk analysis
Information risk management
corporate security officer
23. Type of audit that checks procedures and policies for escalating issues to management
L0phtCrack
SP 800-30
OCTAVE
escalation
24. The following tools (Nessus - Qualys - Retina) are ______________ scanners
vulnerability
security governanace
annualized loss expectancy
ISO/IEC 27004
25. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
CobiT
COSO
BS7799
Facilitated Risk Analysis Process
26. CSO
corporate security officer
performance monitor
CobiT
L0phtCrack
27. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
qualitative
risk catagories
CobiT
fault tree analysis
28. Daily goals focused on productivity and task-oriented activities
operational
escalation
risk
administrative
29. Type of audit that checks that accounts - groups and roles are correctly assigned
tactical
penetration
performance monitor
privilege
30. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
CobiT
technical
performance monitor
vulnerability
31. OCTAVE
Operationally Critical Threat - Asset - and Vulnerability Evaluation
CobiT
tactical
FMEA
32. Information security managment measurements
OVAL
COSO
ISO/IEC 27004
security program
33. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
mappers
risk
operational
ISO/IEC 27002
34. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
risk analysis
ITIL
security program
technical
35. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
annualized rate of occurrence
port scanner
OCTAVE
Control Objectives for Information and related Technology
36. Corporate governance at the strategic level
exposure
risk catagories
COSO
risk mitigation
37. An open language from mitre.org for determining vulnerabilities and problems on computer systems
SP 800-30
Information Technology Infrastructure Library (ITIL)
OVAL
protocol analyzer
38. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
security governanace
risk mitigation
CobiT
CISO
39. NIST risk management methodology
fault tree analysis
security program
countermeasure
SP 800-30
40. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
vulnerability
Failure Modes and Effect Analysis
CobiT
john the ripper
41. Derived from the COSO framework
risk
performance baseline
CobiT
due care
42. Collection of controls an organization must have in place
network mapping
qualitative
security program
vulnerability
43. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
risk
COSO
single loss expectancy
risk mitigation
44. Tools to ID - develop - and design security requirements for business needs
risk mitigation
blueprints
L0phtCrack
Operationally Critical Threat - Asset - and Vulnerability Evaluation
45. COSO
vulnerability scanner
Committee of Sponsoring Organizations
integrity
CobiT
46. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
mappers
escalation
IRM
privilege
47. IT governance at the operational level
ISO/IEC 27004
CobiT
technical
protocol analyzer
48. An instance of being exposed to losses from a threat
integrity
usage
john the ripper
exposure
49. Responsible for information classification and protection
data owner
availability
ISO 17799
vulnerability
50. Made up of ten domains - a mechanism to describe security processes
ISO 17799
delayed
security program
L0phtCrack
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests