Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. An open language from mitre.org for determining vulnerabilities and problems on computer systems
CISO
OVAL
operational
risk anlysis

2. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
delayed
network mapping
countermeasure
L0phtCrack

3. The asset's value multiplied by the EF percentage - (SLE)
due care
port scanner
tactical
single loss expectancy

4. An instance of being exposed to losses from a threat
physical
availability
exposure
technical

5. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
security program
vulnerability
administrative
privilege

6. CobiT
confidentiality
threat
Control Objectives for Information and related Technology
planning horizon

7. Guide assist in the implemenation of information security based on risk managent approach
physical
security program
ISO/IEC 27799
ISO/IEC 27005

8. Type of audit that checks information classification and change control procedures
Failure Modes and Effect Analysis
administrative
Information Security Management
strategic

9. Ensures managment security directives are fulfilled
elcomsoft
security officer
CISO
risk analysis

10. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
performance baseline
Facilitated Risk Analysis Process
ISO/IEC 27002
BS7799

11. Event levels available for logging in a MS DNS server
ISO/IEC 27005
chief information security officer
FMEA
No events - Errors only - Errors and warnings - All events

12. Ensures necessary level of secrecy and prevents unauthorized disclosure
data owner
operational
planning horizon
confidentiality

13. OCTAVE
FMEA
COSO
john the ripper
Operationally Critical Threat - Asset - and Vulnerability Evaluation

14. Collection of controls an organization must have in place
security program
Information Security Management
ISO/IEC 27799
L0phtCrack

15. Responsible for information classification and protection
CobiT
FMEA
penetration
data owner

16. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
FMEA
Facilitated Risk Analysis Process
CISO
AS/NZS 4360

17. ISM Standard
administrative
Information Security Management
ISO/IEC 27005
physical

18. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
ISO 17799
port scanner
CobiT
FMEA

19. Possiblity of damage and the ramifications should it occur
risk
security officer
risk analysis
risk analysis

20. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
privilege
CobiT
performance monitor
BS7799

21. Type of audit that checks procedures and policies for escalating issues to management
due care
ISO/IEC 27004
threat
escalation

22. Percentage of an asset's value that would be lost in a single incident - (EF)
Committee of Sponsoring Organizations
risk
technical
exposure factor

23. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
No events - Errors only - Errors and warnings - All events
SP 800-30
single loss expectancy
FRAP

24. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
ISO/IEC 27002
due care
security program
COSO

25. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
threat
ISO/IEC 27001
COSO
CobiT

26. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
Facilitated Risk Analysis Process
ISO/IEC 27005
ISO 17799
mappers

27. Type of audit that checks that accounts - groups and roles are correctly assigned
CISO
network mapping
Facilitated Risk Analysis Process
privilege

28. A log that can record outgoing requests - incoming traffic - and internet usage
firewall
exposure
annualized rate of occurrence
ITIL

29. Tools to ID - develop - and design security requirements for business needs
COSO
integrity
annualized rate of occurrence
blueprints

30. Assurance of accurancy and reliability of information and systems
CobiT
integrity
administrative
IRM

31. Risk mgmt method with much broader focus than IT security
risk anlysis
AS/NZS 4360
confidentiality
single loss expectancy

32. Corporate governance at the strategic level
single loss expectancy
CISO
CobiT
COSO

33. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond
penetration
CobiT
annualized rate of occurrence
COSO

34. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
john the ripper
FRAP
annualized rate of occurrence
CobiT

35. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
privilege
FRAP
penetration
technical

36. Potential danger to information or systems
CobiT
threat
L0phtCrack
AS/NZS 4360

37. CISO
escalation
OVAL
chief information security officer
operational

38. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
IRM
availability
data owner
operational

39. Made up of ten domains - a mechanism to describe security processes
vulnerability
ISO/IEC 27002
ISO 17799
risk anlysis

40. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
physical
security program
BS7799
security governanace

41. SLE x ARO - (ALE)
data owner
penetration
annualized loss expectancy
exposure

42. The likelihood of exploitation and the loss potential
OCTAVE
OVAL
integrity
risk

43. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
FMEA
risk mitigation
CISO
availability

44. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
BS7799
FMEA
Information Security Management
CobiT

45. __________ loss has a negative effect after a vulnerability is initially exploited
threat
delayed
COSO
security officer

46. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
ISO/IEC 27004
strategic
tactical
AS/NZS 4360

47. CSO
CobiT
corporate security officer
blueprints
threat

48. Number of time the incident might occur annually - (ARO)
port scanner
integrity
annualized rate of occurrence
ITIL

49. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
elcomsoft
single loss expectancy
port scanner
vulnerability

50. Derived from the COSO framework
vulnerability
administrative
CobiT
FMEA