SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
confidentiality
ISO/IEC 27001
CISO
OVAL
2. Risk mgmt method with much broader focus than IT security
risk analysis
data owner
elcomsoft
AS/NZS 4360
3. Controls that implement access control - password mangement - identification and authentication methods - configuration
COSO
technical
performance baseline
threat
4. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond
Information Technology Infrastructure Library (ITIL)
COSO
risk anlysis
network mapping
5. CSO
corporate security officer
qualitative
chief information security officer
security program
6. CISO
OVAL
planning horizon
ISO/IEC 27005
chief information security officer
7. Guide assist in the implemenation of information security based on risk managent approach
Control Objectives for Information and related Technology
OCTAVE
privilege
ISO/IEC 27005
8. Strategic - tactical and operational planning
FMEA
single loss expectancy
planning horizon
SP 800-30
9. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
risk mitigation
COSO
ISO 17799
security program
10. NIST risk management methodology
ISO/IEC 27799
SP 800-30
ITIL
availability
11. Responsible for communicating to senior mgmt organizational risks and compliance regulations
exposure
protocol analyzer
CISO
ISO/IEC 27002
12. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
penetration
corporate security officer
Operationally Critical Threat - Asset - and Vulnerability Evaluation
CobiT
13. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
COSO
availability
tactical
fault tree analysis
14. Ensures reliable timely access to data/resources to authorized individuals
vulnerability
single loss expectancy
availability
operational
15. De facto standard of best practices for IT service mgmt
ISO/IEC 27001
planning horizon
Information Technology Infrastructure Library (ITIL)
vulnerability
16. Assurance of accurancy and reliability of information and systems
blueprints
integrity
annualized loss expectancy
ISO 17799
17. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
network mapping
risk analysis
technical
port scanner
18. Percentage of an asset's value that would be lost in a single incident - (EF)
risk analysis
exposure factor
performance baseline
administrative
19. Provides a cost/benefit comparision
risk analysis
escalation
Information Security Management
FMEA
20. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
CobiT
protocol analyzer
escalation
ISO/IEC 27004
21. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
tactical
vulnerability
ITIL
OCTAVE
22. Event levels available for logging in a MS DNS server
vulnerability scanner
No events - Errors only - Errors and warnings - All events
risk
Information Security Management
23. CobiT
OVAL
Control Objectives for Information and related Technology
security officer
BS7799
24. Responsible for information classification and protection
integrity
COSO
data owner
annualized loss expectancy
25. IRM
firewall
Committee of Sponsoring Organizations
Information risk management
corporate security officer
26. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
CISO
ISO/IEC 27004
CobiT
qualitative
27. Ensures managment security directives are fulfilled
COSO
firewall
Operationally Critical Threat - Asset - and Vulnerability Evaluation
security officer
28. Made up of ten domains - a mechanism to describe security processes
ISO 17799
exposure factor
delayed
strategic
29. Tools to ID - develop - and design security requirements for business needs
OCTAVE
CISO
ISO/IEC 27001
blueprints
30. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
Information Technology Infrastructure Library (ITIL)
due care
risk mitigation
risk
31. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
mappers
network mapping
planning horizon
exposure
32. Used to ID failures in a complex systems to understand underlying causes of threats
risk mitigation
L0phtCrack
fault tree analysis
physical
33. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
ISO 17799
annualized loss expectancy
vulnerability
fault tree analysis
34. Number of time the incident might occur annually - (ARO)
port scanner
annualized rate of occurrence
protocol analyzer
AS/NZS 4360
35. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
network mapping
physical
penetration
FRAP
36. Possiblity of damage and the ramifications should it occur
risk
CISO
availability
strategic
37. The following tools (Nessus - Qualys - Retina) are ______________ scanners
Information Technology Infrastructure Library (ITIL)
vulnerability
annualized rate of occurrence
risk catagories
38. Mitigates a potential risk
vulnerability
vulnerability
risk analysis
countermeasure
39. Ensures necessary level of secrecy and prevents unauthorized disclosure
risk
physical
chief information security officer
confidentiality
40. SLE x ARO - (ALE)
Operationally Critical Threat - Asset - and Vulnerability Evaluation
security governanace
data owner
annualized loss expectancy
41. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
risk
usage
vulnerability
strategic
42. COSO
Operationally Critical Threat - Asset - and Vulnerability Evaluation
network mapping
tactical
Committee of Sponsoring Organizations
43. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
IRM
network mapping
CISO
ISO/IEC 27799
44. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
CobiT
OVAL
Information Technology Infrastructure Library (ITIL)
data owner
45. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
L0phtCrack
security officer
Information risk management
BS7799
46. __________ loss has a negative effect after a vulnerability is initially exploited
delayed
CISO
administrative
due care
47. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
Information Security Management
BS7799
vulnerability scanner
physical
48. FRAP
CobiT
vulnerability
Facilitated Risk Analysis Process
ITIL
49. Type of audit that checks that network resources - systems and software are used appropriately
usage
network mapping
tactical
No events - Errors only - Errors and warnings - All events
50. Daily goals focused on productivity and task-oriented activities
AS/NZS 4360
CobiT
operational
ISO/IEC 27001