SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
risk
CISO
Facilitated Risk Analysis Process
security governanace
2. The asset's value multiplied by the EF percentage - (SLE)
tactical
escalation
mappers
single loss expectancy
3. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
escalation
elcomsoft
due care
COSO
4. An instance of being exposed to losses from a threat
security program
countermeasure
FRAP
exposure
5. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
performance monitor
security governanace
CobiT
qualitative
6. Assurance of accurancy and reliability of information and systems
CISO
IRM
risk anlysis
integrity
7. Used to ID failures in a complex systems to understand underlying causes of threats
port scanner
fault tree analysis
CISO
threat
8. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
security program
risk analysis
exposure factor
port scanner
9. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
corporate security officer
L0phtCrack
confidentiality
Control Objectives for Information and related Technology
10. The likelihood of exploitation and the loss potential
CISO
CobiT
integrity
risk
11. CISO
security program
No events - Errors only - Errors and warnings - All events
chief information security officer
administrative
12. De facto standard of best practices for IT service mgmt
Information Technology Infrastructure Library (ITIL)
annualized rate of occurrence
firewall
Information risk management
13. Guide to illustrate how to protect personal health information
Failure Modes and Effect Analysis
firewall
annualized loss expectancy
ISO/IEC 27799
14. Guide assist in the implemenation of information security based on risk managent approach
ISO 17799
FRAP
vulnerability scanner
ISO/IEC 27005
15. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
network mapping
risk anlysis
corporate security officer
penetration
16. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
ISO/IEC 27005
risk catagories
risk analysis
vulnerability scanner
17. Ensures managment security directives are fulfilled
security officer
vulnerability
ISO/IEC 27005
vulnerability scanner
18. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
protocol analyzer
physical
annualized loss expectancy
vulnerability scanner
19. Risk mgmt method with much broader focus than IT security
elcomsoft
due care
AS/NZS 4360
usage
20. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
firewall
risk
physical
CobiT
21. Type of audit that checks procedures and policies for escalating issues to management
ISO 17799
escalation
Information Security Management
network mapping
22. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
physical
vulnerability
confidentiality
delayed
23. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
penetration
single loss expectancy
ISO/IEC 27005
ISO 17799
24. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
FMEA
firewall
IRM
AS/NZS 4360
25. An open language from mitre.org for determining vulnerabilities and problems on computer systems
ISO 17799
delayed
OVAL
technical
26. Derived from the COSO framework
No events - Errors only - Errors and warnings - All events
exposure factor
CobiT
fault tree analysis
27. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
corporate security officer
FMEA
confidentiality
ISO/IEC 27005
28. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
network mapping
risk
ISO 17799
ISO/IEC 27001
29. NIST risk management methodology
risk
planning horizon
security program
SP 800-30
30. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
COSO
security program
blueprints
administrative
31. Type of audit that checks that accounts - groups and roles are correctly assigned
confidentiality
privilege
firewall
ISO/IEC 27001
32. Possiblity of damage and the ramifications should it occur
risk
protocol analyzer
risk mitigation
ISO/IEC 27002
33. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
SP 800-30
ITIL
risk catagories
due care
34. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
risk
strategic
CISO
ISO 17799
35. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
OVAL
mappers
countermeasure
ISO 17799
36. IRM
vulnerability
due care
Control Objectives for Information and related Technology
Information risk management
37. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
Information Security Management
physical
confidentiality
john the ripper
38. SLE x ARO - (ALE)
IRM
annualized loss expectancy
vulnerability
risk analysis
39. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
risk mitigation
IRM
Information risk management
ISO/IEC 27004
40. IT governance at the operational level
planning horizon
CISO
CobiT
No events - Errors only - Errors and warnings - All events
41. Event levels available for logging in a MS DNS server
No events - Errors only - Errors and warnings - All events
john the ripper
CobiT
network mapping
42. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
exposure factor
BS7799
john the ripper
risk
43. OCTAVE
Operationally Critical Threat - Asset - and Vulnerability Evaluation
security program
ISO 17799
OCTAVE
44. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
ISO 17799
countermeasure
OCTAVE
administrative
45. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
OVAL
FRAP
vulnerability
COSO
46. Daily goals focused on productivity and task-oriented activities
operational
performance monitor
corporate security officer
No events - Errors only - Errors and warnings - All events
47. Number of time the incident might occur annually - (ARO)
network mapping
annualized rate of occurrence
blueprints
risk catagories
48. ISM Standard
Information Security Management
chief information security officer
mappers
administrative
49. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
exposure factor
exposure
network mapping
COSO
50. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
qualitative
L0phtCrack
risk catagories
COSO