SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Midterm goals
risk catagories
john the ripper
tactical
Facilitated Risk Analysis Process
2. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
ISO 17799
No events - Errors only - Errors and warnings - All events
qualitative
annualized loss expectancy
3. Daily goals focused on productivity and task-oriented activities
operational
CobiT
OVAL
risk analysis
4. COSO
tactical
Committee of Sponsoring Organizations
OCTAVE
integrity
5. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
confidentiality
risk mitigation
security governanace
No events - Errors only - Errors and warnings - All events
6. Guide assist in the implemenation of information security based on risk managent approach
ISO/IEC 27799
Information risk management
IRM
ISO/IEC 27005
7. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
Control Objectives for Information and related Technology
protocol analyzer
CISO
technical
8. Type of audit that checks that accounts - groups and roles are correctly assigned
chief information security officer
SP 800-30
risk
privilege
9. Possiblity of damage and the ramifications should it occur
ISO/IEC 27004
usage
risk
strategic
10. Responsible for information classification and protection
CISO
data owner
Committee of Sponsoring Organizations
escalation
11. The tools - personnel and business processes necessary to ensure that security meets needs
security governanace
ISO/IEC 27799
exposure
risk catagories
12. Used to ID failures in a complex systems to understand underlying causes of threats
risk
fault tree analysis
administrative
mappers
13. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond
No events - Errors only - Errors and warnings - All events
risk anlysis
integrity
COSO
14. Strategic - tactical and operational planning
strategic
mappers
L0phtCrack
planning horizon
15. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
administrative
qualitative
ISO 17799
ISO/IEC 27004
16. Tools to ID - develop - and design security requirements for business needs
OVAL
annualized loss expectancy
privilege
blueprints
17. Collection of controls an organization must have in place
CISO
security program
physical
vulnerability
18. Responsible for communicating to senior mgmt organizational risks and compliance regulations
CISO
FRAP
tactical
annualized loss expectancy
19. NIST risk management methodology
SP 800-30
risk analysis
FMEA
ISO/IEC 27799
20. An open language from mitre.org for determining vulnerabilities and problems on computer systems
exposure
COSO
delayed
OVAL
21. Risk mgmt method with much broader focus than IT security
ISO/IEC 27005
BS7799
AS/NZS 4360
exposure
22. ISM Standard
Information Security Management
CobiT
annualized rate of occurrence
OCTAVE
23. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
vulnerability
risk catagories
performance monitor
elcomsoft
24. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
ISO/IEC 27001
annualized loss expectancy
physical
Information Technology Infrastructure Library (ITIL)
25. Ensures reliable timely access to data/resources to authorized individuals
FRAP
availability
OCTAVE
ISO 17799
26. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
qualitative
planning horizon
Information Technology Infrastructure Library (ITIL)
delayed
27. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
FMEA
confidentiality
performance baseline
Control Objectives for Information and related Technology
28. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
ISO/IEC 27004
threat
data owner
vulnerability scanner
29. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
technical
vulnerability
administrative
COSO
30. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
confidentiality
COSO
annualized rate of occurrence
CobiT
31. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
CobiT
ISO/IEC 27005
L0phtCrack
exposure
32. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
fault tree analysis
CobiT
risk anlysis
escalation
33. CISO
chief information security officer
Committee of Sponsoring Organizations
security officer
ISO/IEC 27005
34. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
AS/NZS 4360
risk catagories
ITIL
availability
35. IT governance at the operational level
vulnerability
L0phtCrack
ITIL
CobiT
36. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
corporate security officer
Control Objectives for Information and related Technology
OCTAVE
threat
37. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
operational
elcomsoft
Information Technology Infrastructure Library (ITIL)
vulnerability scanner
38. __________ loss has a negative effect after a vulnerability is initially exploited
delayed
elcomsoft
network mapping
FRAP
39. De facto standard of best practices for IT service mgmt
planning horizon
Information Technology Infrastructure Library (ITIL)
CobiT
CISO
40. A weakness (software - hardware - procedural - human) that can be exploited
Failure Modes and Effect Analysis
vulnerability
due care
Control Objectives for Information and related Technology
41. Number of time the incident might occur annually - (ARO)
security officer
annualized rate of occurrence
CISO
Facilitated Risk Analysis Process
42. Controls that implement access control - password mangement - identification and authentication methods - configuration
AS/NZS 4360
BS7799
annualized rate of occurrence
technical
43. Focus on service level agreements between IT dept and internal customers
ITIL
CobiT
operational
chief information security officer
44. Ensures managment security directives are fulfilled
Information Technology Infrastructure Library (ITIL)
risk
exposure factor
security officer
45. Type of audit that checks information classification and change control procedures
Control Objectives for Information and related Technology
escalation
SP 800-30
administrative
46. An instance of being exposed to losses from a threat
exposure
No events - Errors only - Errors and warnings - All events
tactical
technical
47. SLE x ARO - (ALE)
Committee of Sponsoring Organizations
operational
annualized loss expectancy
risk catagories
48. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
privilege
physical
network mapping
COSO
49. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
integrity
risk anlysis
FMEA
performance monitor
50. CSO
corporate security officer
administrative
OVAL
vulnerability