SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Used to ID failures in a complex systems to understand underlying causes of threats
performance monitor
fault tree analysis
exposure
FMEA
2. IRM
john the ripper
Information risk management
risk analysis
administrative
3. Percentage of an asset's value that would be lost in a single incident - (EF)
vulnerability
chief information security officer
exposure factor
ISO 17799
4. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
technical
penetration
risk anlysis
port scanner
5. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
IRM
COSO
performance baseline
administrative
6. Ensures managment security directives are fulfilled
availability
network mapping
security officer
single loss expectancy
7. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
vulnerability
integrity
network mapping
tactical
8. Information security managment measurements
ISO/IEC 27004
physical
qualitative
chief information security officer
9. Type of audit that checks procedures and policies for escalating issues to management
escalation
delayed
security program
risk analysis
10. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
ISO 17799
ISO/IEC 27002
ISO/IEC 27001
strategic
11. SLE x ARO - (ALE)
physical
security program
annualized loss expectancy
FRAP
12. FRAP
Facilitated Risk Analysis Process
physical
risk anlysis
penetration
13. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
john the ripper
physical
ISO 17799
CobiT
14. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
FMEA
risk
Information Technology Infrastructure Library (ITIL)
operational
15. NIST risk management methodology
availability
blueprints
planning horizon
SP 800-30
16. A log that can record outgoing requests - incoming traffic - and internet usage
john the ripper
Information risk management
risk catagories
firewall
17. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
ISO/IEC 27002
OVAL
No events - Errors only - Errors and warnings - All events
COSO
18. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
Facilitated Risk Analysis Process
FRAP
performance monitor
Information risk management
19. A weakness (software - hardware - procedural - human) that can be exploited
COSO
Information Security Management
vulnerability
CobiT
20. OCTAVE
AS/NZS 4360
blueprints
Operationally Critical Threat - Asset - and Vulnerability Evaluation
availability
21. Derived from the COSO framework
CobiT
exposure
data owner
administrative
22. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
due care
mappers
security officer
qualitative
23. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
confidentiality
vulnerability scanner
data owner
security program
24. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
ISO/IEC 27799
qualitative
elcomsoft
operational
25. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
port scanner
privilege
administrative
Information risk management
26. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
Information risk management
john the ripper
risk catagories
L0phtCrack
27. Guide to illustrate how to protect personal health information
OVAL
FMEA
annualized loss expectancy
ISO/IEC 27799
28. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
COSO
threat
usage
Committee of Sponsoring Organizations
29. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
risk catagories
availability
risk
due care
30. Assurance of accurancy and reliability of information and systems
FRAP
vulnerability
Failure Modes and Effect Analysis
integrity
31. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
risk anlysis
penetration
escalation
blueprints
32. Responsible for information classification and protection
protocol analyzer
data owner
Committee of Sponsoring Organizations
administrative
33. CobiT
SP 800-30
vulnerability
IRM
Control Objectives for Information and related Technology
34. Ensures necessary level of secrecy and prevents unauthorized disclosure
confidentiality
ISO/IEC 27799
penetration
Information risk management
35. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
exposure factor
mappers
vulnerability
BS7799
36. The tools - personnel and business processes necessary to ensure that security meets needs
OVAL
security governanace
security program
Committee of Sponsoring Organizations
37. Number of time the incident might occur annually - (ARO)
data owner
security program
annualized rate of occurrence
Failure Modes and Effect Analysis
38. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
network mapping
privilege
performance baseline
FMEA
39. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
single loss expectancy
ISO/IEC 27005
ISO/IEC 27799
risk anlysis
40. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
vulnerability
confidentiality
network mapping
physical
41. Focus on service level agreements between IT dept and internal customers
ISO 17799
ITIL
annualized loss expectancy
vulnerability scanner
42. __________ loss has a negative effect after a vulnerability is initially exploited
delayed
exposure factor
BS7799
penetration
43. An open language from mitre.org for determining vulnerabilities and problems on computer systems
OCTAVE
OVAL
CobiT
chief information security officer
44. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
vulnerability
Committee of Sponsoring Organizations
confidentiality
CobiT
45. An instance of being exposed to losses from a threat
CobiT
CISO
exposure
CobiT
46. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
FRAP
performance monitor
fault tree analysis
risk catagories
47. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
qualitative
chief information security officer
CobiT
OCTAVE
48. Type of audit that checks that network resources - systems and software are used appropriately
usage
COSO
data owner
COSO
49. Possiblity of damage and the ramifications should it occur
security governanace
privilege
ISO/IEC 27005
risk
50. Type of audit that checks that accounts - groups and roles are correctly assigned
privilege
annualized loss expectancy
risk anlysis
risk