Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Provides a cost/benefit comparision






2. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate






3. Responsible for communicating to senior mgmt organizational risks and compliance regulations






4. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental






5. Strategic - tactical and operational planning






6. A log that can record outgoing requests - incoming traffic - and internet usage






7. The following tools (Nessus - Qualys - Retina) are ______________ scanners






8. IT governance at the operational level






9. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error






10. IRM






11. Daily goals focused on productivity and task-oriented activities






12. CSO






13. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control






14. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)






15. Possiblity of damage and the ramifications should it occur






16. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost






17. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)






18. Potential danger to information or systems






19. Derived from the COSO framework






20. Guide assist in the implemenation of information security based on risk managent approach






21. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks






22. Midterm goals






23. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external






24. NIST risk management methodology






25. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards






26. ISM Standard






27. Controls that implement access control - password mangement - identification and authentication methods - configuration






28. An instance of being exposed to losses from a threat






29. Type of audit that checks that accounts - groups and roles are correctly assigned






30. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)






31. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation






32. De facto standard of best practices for IT service mgmt






33. Event levels available for logging in a MS DNS server






34. Type of audit that checks that network resources - systems and software are used appropriately






35. Ensures reliable timely access to data/resources to authorized individuals






36. OCTAVE






37. Used to ID failures in a complex systems to understand underlying causes of threats






38. FMEA






39. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment






40. Information security managment measurements






41. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate






42. FRAP






43. Percentage of an asset's value that would be lost in a single incident - (EF)






44. Type of audit that checks information classification and change control procedures






45. CISO






46. COSO






47. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________






48. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks






49. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product






50. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion