SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Derived from the COSO framework
technical
annualized loss expectancy
CobiT
single loss expectancy
2. Event levels available for logging in a MS DNS server
risk catagories
delayed
No events - Errors only - Errors and warnings - All events
privilege
3. Type of audit that checks procedures and policies for escalating issues to management
operational
No events - Errors only - Errors and warnings - All events
escalation
administrative
4. Assurance of accurancy and reliability of information and systems
privilege
physical
exposure
integrity
5. Mitigates a potential risk
security governanace
chief information security officer
protocol analyzer
countermeasure
6. OCTAVE
vulnerability
Operationally Critical Threat - Asset - and Vulnerability Evaluation
ITIL
Information risk management
7. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
mappers
OVAL
Operationally Critical Threat - Asset - and Vulnerability Evaluation
risk analysis
8. Corporate governance at the strategic level
CISO
ISO/IEC 27005
COSO
FRAP
9. Percentage of an asset's value that would be lost in a single incident - (EF)
security program
exposure factor
CobiT
ISO/IEC 27002
10. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
blueprints
port scanner
BS7799
COSO
11. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
vulnerability
physical
fault tree analysis
strategic
12. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
L0phtCrack
FMEA
annualized loss expectancy
strategic
13. FMEA
Failure Modes and Effect Analysis
COSO
protocol analyzer
risk analysis
14. Possiblity of damage and the ramifications should it occur
risk
Operationally Critical Threat - Asset - and Vulnerability Evaluation
data owner
qualitative
15. An instance of being exposed to losses from a threat
BS7799
security program
exposure
risk
16. FRAP
single loss expectancy
corporate security officer
Facilitated Risk Analysis Process
annualized loss expectancy
17. Type of audit that checks that network resources - systems and software are used appropriately
vulnerability scanner
usage
Information risk management
annualized loss expectancy
18. CobiT
tactical
Control Objectives for Information and related Technology
chief information security officer
COSO
19. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
L0phtCrack
risk mitigation
qualitative
annualized loss expectancy
20. A weakness (software - hardware - procedural - human) that can be exploited
OVAL
vulnerability
ISO/IEC 27799
fault tree analysis
21. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
performance monitor
network mapping
risk catagories
ISO/IEC 27005
22. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond
fault tree analysis
operational
COSO
penetration
23. Used to ID failures in a complex systems to understand underlying causes of threats
delayed
risk
fault tree analysis
protocol analyzer
24. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
countermeasure
availability
security governanace
network mapping
25. Potential danger to information or systems
threat
SP 800-30
exposure
COSO
26. The tools - personnel and business processes necessary to ensure that security meets needs
availability
security governanace
chief information security officer
Information Technology Infrastructure Library (ITIL)
27. An open language from mitre.org for determining vulnerabilities and problems on computer systems
risk mitigation
OVAL
COSO
availability
28. Ensures necessary level of secrecy and prevents unauthorized disclosure
blueprints
ISO 17799
technical
confidentiality
29. Number of time the incident might occur annually - (ARO)
ISO/IEC 27005
firewall
annualized rate of occurrence
elcomsoft
30. Responsible for communicating to senior mgmt organizational risks and compliance regulations
CobiT
annualized loss expectancy
CobiT
CISO
31. SLE x ARO - (ALE)
threat
annualized loss expectancy
risk
ISO 17799
32. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
L0phtCrack
BS7799
FMEA
FRAP
33. COSO
CobiT
BS7799
Committee of Sponsoring Organizations
OCTAVE
34. Guide assist in the implemenation of information security based on risk managent approach
due care
physical
data owner
ISO/IEC 27005
35. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
network mapping
integrity
mappers
vulnerability
36. Provides a cost/benefit comparision
chief information security officer
integrity
Information Security Management
risk analysis
37. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
CISO
CobiT
ISO/IEC 27005
strategic
38. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
FMEA
security program
ISO 17799
security program
39. CSO
corporate security officer
availability
security governanace
chief information security officer
40. De facto standard of best practices for IT service mgmt
exposure
countermeasure
usage
Information Technology Infrastructure Library (ITIL)
41. Midterm goals
security program
tactical
Information risk management
port scanner
42. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
physical
vulnerability
risk analysis
data owner
43. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
L0phtCrack
ISO/IEC 27002
CobiT
john the ripper
44. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
FRAP
corporate security officer
administrative
BS7799
45. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
mappers
COSO
ISO/IEC 27004
escalation
46. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
elcomsoft
vulnerability
CISO
CobiT
47. __________ loss has a negative effect after a vulnerability is initially exploited
annualized rate of occurrence
delayed
privilege
protocol analyzer
48. Risk mgmt method with much broader focus than IT security
AS/NZS 4360
COSO
performance baseline
technical
49. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
planning horizon
vulnerability scanner
port scanner
ISO 17799
50. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
fault tree analysis
risk anlysis
Failure Modes and Effect Analysis
FMEA
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests