Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. A weakness (software - hardware - procedural - human) that can be exploited
ISO/IEC 27002
delayed
vulnerability
L0phtCrack

2. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
planning horizon
ISO/IEC 27004
physical
COSO

3. IT governance at the operational level
CobiT
risk
Information Technology Infrastructure Library (ITIL)
Failure Modes and Effect Analysis

4. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
risk analysis
Information Security Management
SP 800-30
COSO

5. Guide assist in the implemenation of information security based on risk managent approach
Committee of Sponsoring Organizations
ISO/IEC 27005
ISO/IEC 27001
qualitative

6. An instance of being exposed to losses from a threat
risk analysis
IRM
exposure
vulnerability scanner

7. Tools to ID - develop - and design security requirements for business needs
COSO
exposure factor
ITIL
blueprints

8. Derived from the COSO framework
Information Security Management
CobiT
OVAL
escalation

9. CISO
FMEA
performance monitor
ISO/IEC 27001
chief information security officer

10. Type of audit that checks information classification and change control procedures
data owner
administrative
Operationally Critical Threat - Asset - and Vulnerability Evaluation
CISO

11. OCTAVE
chief information security officer
CISO
physical
Operationally Critical Threat - Asset - and Vulnerability Evaluation

12. Controls that implement access control - password mangement - identification and authentication methods - configuration
COSO
exposure factor
technical
elcomsoft

13. Strategic - tactical and operational planning
risk mitigation
security governanace
planning horizon
chief information security officer

14. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
CobiT
strategic
AS/NZS 4360
network mapping

15. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
security program
performance monitor
ISO/IEC 27005
No events - Errors only - Errors and warnings - All events

16. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
exposure
CobiT
elcomsoft
security program

17. Focus on service level agreements between IT dept and internal customers
COSO
ITIL
No events - Errors only - Errors and warnings - All events
tactical

18. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
risk analysis
security program
risk mitigation
CISO

19. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
corporate security officer
qualitative
Operationally Critical Threat - Asset - and Vulnerability Evaluation
Committee of Sponsoring Organizations

20. Percentage of an asset's value that would be lost in a single incident - (EF)
risk mitigation
fault tree analysis
ISO 17799
exposure factor

21. FRAP
risk anlysis
countermeasure
planning horizon
Facilitated Risk Analysis Process

22. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
Information Technology Infrastructure Library (ITIL)
administrative
OCTAVE
CobiT

23. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
risk catagories
ITIL
usage
FMEA

24. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
due care
FRAP
ISO/IEC 27002
mappers

25. FMEA
Failure Modes and Effect Analysis
CobiT
vulnerability
due care

26. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
Operationally Critical Threat - Asset - and Vulnerability Evaluation
risk analysis
Failure Modes and Effect Analysis
CobiT

27. Collection of controls an organization must have in place
availability
COSO
security program
qualitative

28. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
network mapping
FMEA
CobiT
penetration

29. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
security program
security governanace
ITIL
vulnerability scanner

30. Corporate governance at the strategic level
planning horizon
SP 800-30
FRAP
COSO

31. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
ISO/IEC 27001
port scanner
security program
Information risk management

32. Midterm goals
usage
tactical
integrity
port scanner

33. The likelihood of exploitation and the loss potential
Facilitated Risk Analysis Process
risk analysis
risk
Information risk management

34. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
SP 800-30
elcomsoft
security program
FMEA

35. Ensures managment security directives are fulfilled
security officer
corporate security officer
OVAL
threat

36. Made up of ten domains - a mechanism to describe security processes
qualitative
ISO 17799
ISO/IEC 27001
performance monitor

37. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
CobiT
ISO 17799
FMEA
strategic

38. The tools - personnel and business processes necessary to ensure that security meets needs
security governanace
risk
COSO
blueprints

39. Mitigates a potential risk
integrity
ISO 17799
countermeasure
risk mitigation

40. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
Information Technology Infrastructure Library (ITIL)
ITIL
ISO 17799
vulnerability

41. Provides a cost/benefit comparision
OCTAVE
risk analysis
elcomsoft
security program

42. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
risk
qualitative
strategic
risk anlysis

43. Responsible for information classification and protection
CobiT
FRAP
chief information security officer
data owner

44. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
ISO/IEC 27002
confidentiality
mappers
CobiT

45. Potential danger to information or systems
Committee of Sponsoring Organizations
vulnerability
threat
privilege

46. Risk mgmt method with much broader focus than IT security
operational
AS/NZS 4360
risk catagories
data owner

47. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
data owner
FRAP
risk
performance monitor

48. Information security managment measurements
ISO/IEC 27004
administrative
Information risk management
single loss expectancy

49. Number of time the incident might occur annually - (ARO)
annualized rate of occurrence
Operationally Critical Threat - Asset - and Vulnerability Evaluation
risk anlysis
john the ripper

50. De facto standard of best practices for IT service mgmt
Information Technology Infrastructure Library (ITIL)
exposure factor
risk mitigation
protocol analyzer