SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A weakness (software - hardware - procedural - human) that can be exploited
ISO/IEC 27002
delayed
vulnerability
L0phtCrack
2. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
planning horizon
ISO/IEC 27004
physical
COSO
3. IT governance at the operational level
CobiT
risk
Information Technology Infrastructure Library (ITIL)
Failure Modes and Effect Analysis
4. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
risk analysis
Information Security Management
SP 800-30
COSO
5. Guide assist in the implemenation of information security based on risk managent approach
Committee of Sponsoring Organizations
ISO/IEC 27005
ISO/IEC 27001
qualitative
6. An instance of being exposed to losses from a threat
risk analysis
IRM
exposure
vulnerability scanner
7. Tools to ID - develop - and design security requirements for business needs
COSO
exposure factor
ITIL
blueprints
8. Derived from the COSO framework
Information Security Management
CobiT
OVAL
escalation
9. CISO
FMEA
performance monitor
ISO/IEC 27001
chief information security officer
10. Type of audit that checks information classification and change control procedures
data owner
administrative
Operationally Critical Threat - Asset - and Vulnerability Evaluation
CISO
11. OCTAVE
chief information security officer
CISO
physical
Operationally Critical Threat - Asset - and Vulnerability Evaluation
12. Controls that implement access control - password mangement - identification and authentication methods - configuration
COSO
exposure factor
technical
elcomsoft
13. Strategic - tactical and operational planning
risk mitigation
security governanace
planning horizon
chief information security officer
14. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
CobiT
strategic
AS/NZS 4360
network mapping
15. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
security program
performance monitor
ISO/IEC 27005
No events - Errors only - Errors and warnings - All events
16. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
exposure
CobiT
elcomsoft
security program
17. Focus on service level agreements between IT dept and internal customers
COSO
ITIL
No events - Errors only - Errors and warnings - All events
tactical
18. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
risk analysis
security program
risk mitigation
CISO
19. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
corporate security officer
qualitative
Operationally Critical Threat - Asset - and Vulnerability Evaluation
Committee of Sponsoring Organizations
20. Percentage of an asset's value that would be lost in a single incident - (EF)
risk mitigation
fault tree analysis
ISO 17799
exposure factor
21. FRAP
risk anlysis
countermeasure
planning horizon
Facilitated Risk Analysis Process
22. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
Information Technology Infrastructure Library (ITIL)
administrative
OCTAVE
CobiT
23. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
risk catagories
ITIL
usage
FMEA
24. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
due care
FRAP
ISO/IEC 27002
mappers
25. FMEA
Failure Modes and Effect Analysis
CobiT
vulnerability
due care
26. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
Operationally Critical Threat - Asset - and Vulnerability Evaluation
risk analysis
Failure Modes and Effect Analysis
CobiT
27. Collection of controls an organization must have in place
availability
COSO
security program
qualitative
28. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
network mapping
FMEA
CobiT
penetration
29. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
security program
security governanace
ITIL
vulnerability scanner
30. Corporate governance at the strategic level
planning horizon
SP 800-30
FRAP
COSO
31. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
ISO/IEC 27001
port scanner
security program
Information risk management
32. Midterm goals
usage
tactical
integrity
port scanner
33. The likelihood of exploitation and the loss potential
Facilitated Risk Analysis Process
risk analysis
risk
Information risk management
34. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
SP 800-30
elcomsoft
security program
FMEA
35. Ensures managment security directives are fulfilled
security officer
corporate security officer
OVAL
threat
36. Made up of ten domains - a mechanism to describe security processes
qualitative
ISO 17799
ISO/IEC 27001
performance monitor
37. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
CobiT
ISO 17799
FMEA
strategic
38. The tools - personnel and business processes necessary to ensure that security meets needs
security governanace
risk
COSO
blueprints
39. Mitigates a potential risk
integrity
ISO 17799
countermeasure
risk mitigation
40. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
Information Technology Infrastructure Library (ITIL)
ITIL
ISO 17799
vulnerability
41. Provides a cost/benefit comparision
OCTAVE
risk analysis
elcomsoft
security program
42. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
risk
qualitative
strategic
risk anlysis
43. Responsible for information classification and protection
CobiT
FRAP
chief information security officer
data owner
44. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
ISO/IEC 27002
confidentiality
mappers
CobiT
45. Potential danger to information or systems
Committee of Sponsoring Organizations
vulnerability
threat
privilege
46. Risk mgmt method with much broader focus than IT security
operational
AS/NZS 4360
risk catagories
data owner
47. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
data owner
FRAP
risk
performance monitor
48. Information security managment measurements
ISO/IEC 27004
administrative
Information risk management
single loss expectancy
49. Number of time the incident might occur annually - (ARO)
annualized rate of occurrence
Operationally Critical Threat - Asset - and Vulnerability Evaluation
risk anlysis
john the ripper
50. De facto standard of best practices for IT service mgmt
Information Technology Infrastructure Library (ITIL)
exposure factor
risk mitigation
protocol analyzer