Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. __________ loss has a negative effect after a vulnerability is initially exploited






2. Mitigates a potential risk






3. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation






4. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)






5. The asset's value multiplied by the EF percentage - (SLE)






6. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.






7. Responsible for information classification and protection






8. Collection of controls an organization must have in place






9. A weakness (software - hardware - procedural - human) that can be exploited






10. A log that can record outgoing requests - incoming traffic - and internet usage






11. Information security managment measurements






12. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks






13. Derived from the COSO framework






14. Risk mgmt method with much broader focus than IT security






15. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk






16. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers






17. OCTAVE






18. ISM Standard






19. Ensures reliable timely access to data/resources to authorized individuals






20. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond






21. Responsible for communicating to senior mgmt organizational risks and compliance regulations






22. An instance of being exposed to losses from a threat






23. Percentage of an asset's value that would be lost in a single incident - (EF)






24. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)






25. Controls that implement access control - password mangement - identification and authentication methods - configuration






26. Corporate governance at the strategic level






27. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits






28. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs






29. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error






30. Expected or predetermined performance level - developed from policy - performance - requirements






31. Ensures necessary level of secrecy and prevents unauthorized disclosure






32. Possiblity of damage and the ramifications should it occur






33. Made up of ten domains - a mechanism to describe security processes






34. NIST risk management methodology






35. Type of audit that checks that network resources - systems and software are used appropriately






36. Tools to ID - develop - and design security requirements for business needs






37. Midterm goals






38. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product






39. The likelihood of exploitation and the loss potential






40. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks






41. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental






42. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis






43. Type of audit that checks procedures and policies for escalating issues to management






44. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate






45. FMEA






46. FRAP






47. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files






48. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external






49. SLE x ARO - (ALE)






50. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting