SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
IRM
Committee of Sponsoring Organizations
risk analysis
penetration
2. Type of audit that checks procedures and policies for escalating issues to management
risk analysis
escalation
L0phtCrack
security program
3. Responsible for communicating to senior mgmt organizational risks and compliance regulations
CobiT
CISO
security program
ISO/IEC 27002
4. Collection of controls an organization must have in place
security program
Information risk management
usage
security governanace
5. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
administrative
planning horizon
elcomsoft
firewall
6. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
elcomsoft
COSO
single loss expectancy
network mapping
7. An instance of being exposed to losses from a threat
exposure
risk analysis
single loss expectancy
No events - Errors only - Errors and warnings - All events
8. Possiblity of damage and the ramifications should it occur
risk
threat
FRAP
ITIL
9. OCTAVE
vulnerability
vulnerability
Operationally Critical Threat - Asset - and Vulnerability Evaluation
Control Objectives for Information and related Technology
10. Potential danger to information or systems
risk
threat
john the ripper
Committee of Sponsoring Organizations
11. ISM Standard
FMEA
ISO 17799
Information Security Management
Control Objectives for Information and related Technology
12. Number of time the incident might occur annually - (ARO)
COSO
mappers
annualized rate of occurrence
data owner
13. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
performance monitor
ISO/IEC 27799
CISO
due care
14. CobiT
Control Objectives for Information and related Technology
ITIL
vulnerability scanner
FMEA
15. Derived from the COSO framework
BS7799
penetration
CobiT
risk
16. A log that can record outgoing requests - incoming traffic - and internet usage
firewall
john the ripper
annualized loss expectancy
risk mitigation
17. Ensures necessary level of secrecy and prevents unauthorized disclosure
confidentiality
No events - Errors only - Errors and warnings - All events
security program
CISO
18. Assurance of accurancy and reliability of information and systems
vulnerability scanner
due care
network mapping
integrity
19. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
fault tree analysis
ISO 17799
risk analysis
threat
20. Type of audit that checks that network resources - systems and software are used appropriately
CobiT
usage
network mapping
planning horizon
21. CISO
operational
Facilitated Risk Analysis Process
Failure Modes and Effect Analysis
chief information security officer
22. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
ITIL
protocol analyzer
administrative
penetration
23. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
SP 800-30
planning horizon
vulnerability
OCTAVE
24. An open language from mitre.org for determining vulnerabilities and problems on computer systems
ISO/IEC 27002
availability
OVAL
vulnerability scanner
25. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
vulnerability
ISO/IEC 27001
qualitative
COSO
26. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
port scanner
threat
john the ripper
risk analysis
27. IT governance at the operational level
operational
risk analysis
CobiT
risk mitigation
28. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
elcomsoft
administrative
mappers
countermeasure
29. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
physical
ISO/IEC 27002
chief information security officer
privilege
30. Daily goals focused on productivity and task-oriented activities
escalation
CISO
operational
penetration
31. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
ISO/IEC 27001
performance monitor
Operationally Critical Threat - Asset - and Vulnerability Evaluation
qualitative
32. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
vulnerability scanner
fault tree analysis
physical
penetration
33. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
security officer
CobiT
administrative
ISO/IEC 27001
34. Ensures managment security directives are fulfilled
vulnerability
security officer
port scanner
CobiT
35. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
ISO/IEC 27799
FMEA
integrity
IRM
36. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
security program
availability
ISO 17799
strategic
37. A weakness (software - hardware - procedural - human) that can be exploited
vulnerability
performance baseline
exposure factor
threat
38. Expected or predetermined performance level - developed from policy - performance - requirements
Failure Modes and Effect Analysis
performance baseline
ISO/IEC 27799
AS/NZS 4360
39. The asset's value multiplied by the EF percentage - (SLE)
COSO
risk
annualized loss expectancy
single loss expectancy
40. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
firewall
administrative
CobiT
risk anlysis
41. Responsible for information classification and protection
data owner
usage
planning horizon
OCTAVE
42. Type of audit that checks that accounts - groups and roles are correctly assigned
data owner
port scanner
FRAP
privilege
43. Information security managment measurements
OVAL
ISO/IEC 27004
Facilitated Risk Analysis Process
Information Security Management
44. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
security program
OCTAVE
elcomsoft
vulnerability
45. FRAP
Facilitated Risk Analysis Process
delayed
CobiT
SP 800-30
46. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
ISO 17799
CISO
CobiT
COSO
47. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
risk catagories
CISO
administrative
network mapping
48. Type of audit that checks information classification and change control procedures
vulnerability
physical
administrative
FMEA
49. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
vulnerability
elcomsoft
strategic
CISO
50. Risk mgmt method with much broader focus than IT security
AS/NZS 4360
CISO
escalation
delayed