SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
firewall
COSO
elcomsoft
operational
2. The following tools (Nessus - Qualys - Retina) are ______________ scanners
vulnerability
security governanace
risk analysis
physical
3. FMEA
CobiT
technical
Failure Modes and Effect Analysis
risk analysis
4. CobiT
security officer
Control Objectives for Information and related Technology
network mapping
COSO
5. Responsible for information classification and protection
IRM
availability
mappers
data owner
6. Made up of ten domains - a mechanism to describe security processes
ISO 17799
ISO/IEC 27002
security governanace
Operationally Critical Threat - Asset - and Vulnerability Evaluation
7. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
OCTAVE
CISO
vulnerability
Facilitated Risk Analysis Process
8. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
threat
Information Security Management
BS7799
annualized loss expectancy
9. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
single loss expectancy
AS/NZS 4360
Control Objectives for Information and related Technology
vulnerability scanner
10. Event levels available for logging in a MS DNS server
data owner
exposure factor
No events - Errors only - Errors and warnings - All events
elcomsoft
11. Risk mgmt method with much broader focus than IT security
strategic
ISO/IEC 27799
AS/NZS 4360
COSO
12. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
Information Security Management
ISO 17799
L0phtCrack
risk analysis
13. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
fault tree analysis
port scanner
security program
risk anlysis
14. Controls that implement access control - password mangement - identification and authentication methods - configuration
security program
countermeasure
technical
escalation
15. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
FMEA
vulnerability
single loss expectancy
ISO/IEC 27005
16. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
CobiT
due care
AS/NZS 4360
ISO/IEC 27005
17. Provides a cost/benefit comparision
ISO 17799
vulnerability
security program
risk analysis
18. Ensures reliable timely access to data/resources to authorized individuals
availability
tactical
risk catagories
administrative
19. A weakness (software - hardware - procedural - human) that can be exploited
AS/NZS 4360
vulnerability
risk analysis
security governanace
20. Guide to illustrate how to protect personal health information
OVAL
ISO/IEC 27001
ISO/IEC 27799
COSO
21. Collection of controls an organization must have in place
penetration
delayed
data owner
security program
22. The tools - personnel and business processes necessary to ensure that security meets needs
security governanace
Control Objectives for Information and related Technology
performance monitor
Committee of Sponsoring Organizations
23. ISM Standard
Information Security Management
chief information security officer
risk analysis
CISO
24. Potential danger to information or systems
port scanner
protocol analyzer
administrative
threat
25. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
exposure
technical
Information risk management
ISO 17799
26. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
risk mitigation
security program
confidentiality
usage
27. Expected or predetermined performance level - developed from policy - performance - requirements
Committee of Sponsoring Organizations
CISO
performance baseline
due care
28. Ensures necessary level of secrecy and prevents unauthorized disclosure
CISO
ISO/IEC 27799
CISO
confidentiality
29. __________ loss has a negative effect after a vulnerability is initially exploited
performance baseline
confidentiality
delayed
OCTAVE
30. Guide assist in the implemenation of information security based on risk managent approach
annualized rate of occurrence
ISO/IEC 27005
AS/NZS 4360
CISO
31. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
network mapping
usage
COSO
risk analysis
32. SLE x ARO - (ALE)
annualized loss expectancy
ISO/IEC 27799
qualitative
tactical
33. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
security governanace
IRM
vulnerability
john the ripper
34. FRAP
Facilitated Risk Analysis Process
integrity
Operationally Critical Threat - Asset - and Vulnerability Evaluation
ITIL
35. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
Information Security Management
Operationally Critical Threat - Asset - and Vulnerability Evaluation
FMEA
OVAL
36. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
mappers
CobiT
corporate security officer
FMEA
37. Tools to ID - develop - and design security requirements for business needs
blueprints
vulnerability
risk catagories
CISO
38. The asset's value multiplied by the EF percentage - (SLE)
single loss expectancy
COSO
annualized loss expectancy
ISO/IEC 27799
39. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
due care
performance monitor
ISO 17799
ISO/IEC 27005
40. Assurance of accurancy and reliability of information and systems
risk anlysis
ISO/IEC 27005
FMEA
integrity
41. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
risk catagories
security program
security governanace
ISO/IEC 27002
42. COSO
Committee of Sponsoring Organizations
AS/NZS 4360
elcomsoft
mappers
43. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
vulnerability
ISO/IEC 27002
ISO/IEC 27005
AS/NZS 4360
44. Daily goals focused on productivity and task-oriented activities
operational
tactical
corporate security officer
administrative
45. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
network mapping
ISO/IEC 27004
risk catagories
risk
46. An open language from mitre.org for determining vulnerabilities and problems on computer systems
delayed
escalation
OVAL
FMEA
47. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
IRM
risk mitigation
Control Objectives for Information and related Technology
FRAP
48. The likelihood of exploitation and the loss potential
ISO/IEC 27002
risk
data owner
operational
49. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
penetration
due care
strategic
data owner
50. Type of audit that checks information classification and change control procedures
availability
administrative
data owner
planning horizon