SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. CobiT
protocol analyzer
Information Technology Infrastructure Library (ITIL)
ISO/IEC 27005
Control Objectives for Information and related Technology
2. Corporate governance at the strategic level
CobiT
ISO/IEC 27799
mappers
COSO
3. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
usage
performance baseline
port scanner
BS7799
4. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
exposure factor
network mapping
Failure Modes and Effect Analysis
security program
5. OCTAVE
Operationally Critical Threat - Asset - and Vulnerability Evaluation
due care
OVAL
Facilitated Risk Analysis Process
6. Ensures necessary level of secrecy and prevents unauthorized disclosure
risk anlysis
BS7799
confidentiality
Committee of Sponsoring Organizations
7. Provides a cost/benefit comparision
ISO/IEC 27004
Information Technology Infrastructure Library (ITIL)
security governanace
risk analysis
8. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
Information Security Management
security program
COSO
vulnerability
9. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
ISO 17799
planning horizon
COSO
security governanace
10. Collection of controls an organization must have in place
tactical
ISO 17799
OVAL
security program
11. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
risk catagories
COSO
security officer
performance monitor
12. Responsible for information classification and protection
Information Security Management
privilege
vulnerability
data owner
13. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
integrity
ISO/IEC 27004
COSO
FMEA
14. Information security managment measurements
ISO/IEC 27004
Information Security Management
Facilitated Risk Analysis Process
risk analysis
15. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
risk anlysis
COSO
integrity
L0phtCrack
16. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
ISO 17799
port scanner
ISO 17799
due care
17. Percentage of an asset's value that would be lost in a single incident - (EF)
threat
annualized loss expectancy
exposure factor
COSO
18. A log that can record outgoing requests - incoming traffic - and internet usage
ISO/IEC 27002
confidentiality
network mapping
firewall
19. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
CobiT
COSO
BS7799
ISO/IEC 27001
20. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
risk mitigation
confidentiality
strategic
mappers
21. Midterm goals
port scanner
tactical
security officer
security governanace
22. Type of audit that checks information classification and change control procedures
Operationally Critical Threat - Asset - and Vulnerability Evaluation
elcomsoft
administrative
ITIL
23. The following tools (Nessus - Qualys - Retina) are ______________ scanners
vulnerability
OCTAVE
vulnerability scanner
exposure
24. Strategic - tactical and operational planning
Facilitated Risk Analysis Process
countermeasure
planning horizon
Control Objectives for Information and related Technology
25. Event levels available for logging in a MS DNS server
administrative
No events - Errors only - Errors and warnings - All events
network mapping
risk anlysis
26. COSO
FRAP
risk analysis
Committee of Sponsoring Organizations
risk mitigation
27. Type of audit that checks that accounts - groups and roles are correctly assigned
privilege
network mapping
AS/NZS 4360
Facilitated Risk Analysis Process
28. Possiblity of damage and the ramifications should it occur
corporate security officer
BS7799
qualitative
risk
29. Made up of ten domains - a mechanism to describe security processes
ISO/IEC 27002
ISO 17799
performance baseline
OVAL
30. Guide to illustrate how to protect personal health information
BS7799
ISO/IEC 27799
network mapping
No events - Errors only - Errors and warnings - All events
31. Ensures managment security directives are fulfilled
security officer
L0phtCrack
OVAL
CobiT
32. Expected or predetermined performance level - developed from policy - performance - requirements
data owner
CobiT
BS7799
performance baseline
33. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
escalation
risk anlysis
Operationally Critical Threat - Asset - and Vulnerability Evaluation
blueprints
34. Mitigates a potential risk
Operationally Critical Threat - Asset - and Vulnerability Evaluation
risk mitigation
ISO/IEC 27001
countermeasure
35. SLE x ARO - (ALE)
penetration
COSO
COSO
annualized loss expectancy
36. __________ loss has a negative effect after a vulnerability is initially exploited
delayed
SP 800-30
ISO 17799
Failure Modes and Effect Analysis
37. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
ISO/IEC 27001
corporate security officer
Facilitated Risk Analysis Process
ISO/IEC 27002
38. CISO
ISO/IEC 27799
chief information security officer
risk analysis
annualized rate of occurrence
39. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
elcomsoft
security program
risk anlysis
CISO
40. Responsible for communicating to senior mgmt organizational risks and compliance regulations
ITIL
CISO
due care
corporate security officer
41. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
IRM
risk
due care
risk anlysis
42. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
OCTAVE
No events - Errors only - Errors and warnings - All events
L0phtCrack
FRAP
43. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
planning horizon
protocol analyzer
risk
risk analysis
44. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
Information Security Management
FMEA
annualized loss expectancy
due care
45. An instance of being exposed to losses from a threat
COSO
exposure
CobiT
Operationally Critical Threat - Asset - and Vulnerability Evaluation
46. Daily goals focused on productivity and task-oriented activities
ITIL
COSO
operational
risk catagories
47. The asset's value multiplied by the EF percentage - (SLE)
single loss expectancy
security governanace
IRM
CISO
48. Potential danger to information or systems
CISO
Facilitated Risk Analysis Process
corporate security officer
threat
49. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
protocol analyzer
john the ripper
due care
availability
50. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
threat
qualitative
risk
Information risk management