Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
COSO
technical
ISO/IEC 27001
Information risk management

2. Ensures managment security directives are fulfilled
ISO 17799
CobiT
CobiT
security officer

3. OCTAVE
Operationally Critical Threat - Asset - and Vulnerability Evaluation
vulnerability
Facilitated Risk Analysis Process
network mapping

4. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
strategic
FMEA
ISO/IEC 27799
IRM

5. Corporate governance at the strategic level
COSO
chief information security officer
No events - Errors only - Errors and warnings - All events
risk analysis

6. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
firewall
elcomsoft
CobiT
vulnerability

7. NIST risk management methodology
CobiT
SP 800-30
security governanace
security program

8. CISO
due care
CISO
chief information security officer
Committee of Sponsoring Organizations

9. The following tools (Nessus - Qualys - Retina) are ______________ scanners
vulnerability
security program
security governanace
CobiT

10. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
COSO
Failure Modes and Effect Analysis
FMEA
elcomsoft

11. The tools - personnel and business processes necessary to ensure that security meets needs
security governanace
protocol analyzer
single loss expectancy
performance monitor

12. Type of audit that checks that network resources - systems and software are used appropriately
CISO
CISO
availability
usage

13. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
port scanner
security program
OVAL
delayed

14. Ensures reliable timely access to data/resources to authorized individuals
vulnerability
vulnerability
availability
ISO/IEC 27002

15. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
IRM
security program
vulnerability scanner
Failure Modes and Effect Analysis

16. Risk mgmt method with much broader focus than IT security
single loss expectancy
COSO
operational
AS/NZS 4360

17. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
privilege
CobiT
performance monitor
Operationally Critical Threat - Asset - and Vulnerability Evaluation

18. Possiblity of damage and the ramifications should it occur
security program
annualized loss expectancy
security officer
risk

19. Responsible for communicating to senior mgmt organizational risks and compliance regulations
risk
risk mitigation
CISO
performance monitor

20. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
chief information security officer
risk catagories
operational
countermeasure

21. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
Information Security Management
ISO 17799
FRAP
due care

22. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
exposure
administrative
firewall
ISO/IEC 27002

23. A weakness (software - hardware - procedural - human) that can be exploited
threat
risk anlysis
vulnerability
FMEA

24. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
mappers
L0phtCrack
COSO
vulnerability scanner

25. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
penetration
FMEA
Failure Modes and Effect Analysis
risk analysis

26. Expected or predetermined performance level - developed from policy - performance - requirements
technical
Information risk management
CobiT
performance baseline

27. Strategic - tactical and operational planning
IRM
planning horizon
exposure
CobiT

28. __________ loss has a negative effect after a vulnerability is initially exploited
availability
delayed
firewall
due care

29. IT governance at the operational level
ISO/IEC 27005
fault tree analysis
CobiT
corporate security officer

30. A log that can record outgoing requests - incoming traffic - and internet usage
CISO
Committee of Sponsoring Organizations
firewall
Information Security Management

31. An open language from mitre.org for determining vulnerabilities and problems on computer systems
OVAL
integrity
AS/NZS 4360
escalation

32. Responsible for information classification and protection
exposure
corporate security officer
Information risk management
data owner

33. Derived from the COSO framework
vulnerability
OCTAVE
CobiT
physical

34. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
privilege
ISO/IEC 27005
strategic
security governanace

35. CSO
COSO
corporate security officer
CobiT
security program

36. Focus on service level agreements between IT dept and internal customers
exposure factor
ITIL
escalation
Information risk management

37. Assurance of accurancy and reliability of information and systems
integrity
Information Security Management
vulnerability
security program

38. Type of audit that checks procedures and policies for escalating issues to management
CobiT
corporate security officer
escalation
Failure Modes and Effect Analysis

39. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
john the ripper
CISO
chief information security officer
risk mitigation

40. COSO
Committee of Sponsoring Organizations
risk anlysis
COSO
security program

41. FRAP
strategic
administrative
security program
Facilitated Risk Analysis Process

42. Guide assist in the implemenation of information security based on risk managent approach
single loss expectancy
blueprints
strategic
ISO/IEC 27005

43. Information security managment measurements
penetration
Operationally Critical Threat - Asset - and Vulnerability Evaluation
exposure
ISO/IEC 27004

44. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
network mapping
Failure Modes and Effect Analysis
confidentiality
BS7799

45. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
FMEA
L0phtCrack
qualitative
risk anlysis

46. Daily goals focused on productivity and task-oriented activities
escalation
operational
ISO/IEC 27001
OCTAVE

47. Ensures necessary level of secrecy and prevents unauthorized disclosure
technical
performance monitor
confidentiality
vulnerability

48. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
data owner
COSO
mappers
escalation

49. Tools to ID - develop - and design security requirements for business needs
risk analysis
exposure
technical
blueprints

50. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
administrative
planning horizon
risk anlysis
vulnerability