Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Made up of ten domains - a mechanism to describe security processes






2. FMEA






3. Type of audit that checks procedures and policies for escalating issues to management






4. Event levels available for logging in a MS DNS server






5. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment






6. OCTAVE






7. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation






8. Derived from the COSO framework






9. CobiT






10. Type of audit that checks information classification and change control procedures






11. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________






12. Mitigates a potential risk






13. Midterm goals






14. Assurance of accurancy and reliability of information and systems






15. CSO






16. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate






17. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)






18. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)






19. De facto standard of best practices for IT service mgmt






20. NIST risk management methodology






21. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits






22. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks






23. Expected or predetermined performance level - developed from policy - performance - requirements






24. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)






25. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks






26. Tools to ID - develop - and design security requirements for business needs






27. An instance of being exposed to losses from a threat






28. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error






29. Type of audit that checks that network resources - systems and software are used appropriately






30. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond






31. Strategic - tactical and operational planning






32. Used to ID failures in a complex systems to understand underlying causes of threats






33. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach






34. The following tools (Nessus - Qualys - Retina) are ______________ scanners






35. A log that can record outgoing requests - incoming traffic - and internet usage






36. Provides a cost/benefit comparision






37. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering






38. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards






39. COSO






40. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company






41. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental






42. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate






43. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control






44. Number of time the incident might occur annually - (ARO)






45. IT governance at the operational level






46. Corporate governance at the strategic level






47. Percentage of an asset's value that would be lost in a single incident - (EF)






48. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files






49. Collection of controls an organization must have in place






50. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers