SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
blueprints
OCTAVE
integrity
AS/NZS 4360
2. Controls that implement access control - password mangement - identification and authentication methods - configuration
technical
COSO
network mapping
Information risk management
3. COSO
CobiT
No events - Errors only - Errors and warnings - All events
annualized rate of occurrence
Committee of Sponsoring Organizations
4. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
strategic
qualitative
vulnerability
Failure Modes and Effect Analysis
5. An open language from mitre.org for determining vulnerabilities and problems on computer systems
OVAL
security program
performance monitor
single loss expectancy
6. Provides a cost/benefit comparision
firewall
confidentiality
performance baseline
risk analysis
7. Assurance of accurancy and reliability of information and systems
delayed
BS7799
CobiT
integrity
8. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
COSO
tactical
CobiT
risk analysis
9. CSO
exposure factor
L0phtCrack
corporate security officer
due care
10. Type of audit that checks that network resources - systems and software are used appropriately
Facilitated Risk Analysis Process
usage
No events - Errors only - Errors and warnings - All events
tactical
11. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
risk
operational
risk mitigation
No events - Errors only - Errors and warnings - All events
12. Ensures managment security directives are fulfilled
performance baseline
FRAP
john the ripper
security officer
13. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
OVAL
COSO
annualized rate of occurrence
ISO/IEC 27002
14. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
ISO 17799
penetration
Operationally Critical Threat - Asset - and Vulnerability Evaluation
security governanace
15. Tools to ID - develop - and design security requirements for business needs
IRM
security officer
Control Objectives for Information and related Technology
blueprints
16. Midterm goals
administrative
tactical
due care
Information risk management
17. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
risk mitigation
fault tree analysis
penetration
network mapping
18. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
SP 800-30
usage
security program
firewall
19. De facto standard of best practices for IT service mgmt
performance baseline
L0phtCrack
Information Technology Infrastructure Library (ITIL)
strategic
20. Guide to illustrate how to protect personal health information
ISO/IEC 27799
CobiT
COSO
COSO
21. The likelihood of exploitation and the loss potential
security governanace
risk
ISO/IEC 27799
OVAL
22. FMEA
elcomsoft
performance monitor
Failure Modes and Effect Analysis
ISO 17799
23. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
qualitative
IRM
ISO 17799
port scanner
24. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
FMEA
corporate security officer
CobiT
exposure
25. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
SP 800-30
protocol analyzer
IRM
Information Security Management
26. Percentage of an asset's value that would be lost in a single incident - (EF)
penetration
exposure factor
Failure Modes and Effect Analysis
physical
27. FRAP
security governanace
confidentiality
Facilitated Risk Analysis Process
vulnerability scanner
28. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
risk catagories
risk analysis
due care
risk mitigation
29. Guide assist in the implemenation of information security based on risk managent approach
qualitative
security officer
ISO/IEC 27005
tactical
30. Responsible for information classification and protection
FMEA
data owner
qualitative
usage
31. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
risk
CISO
countermeasure
risk analysis
32. A log that can record outgoing requests - incoming traffic - and internet usage
vulnerability
ISO/IEC 27004
firewall
ISO 17799
33. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
administrative
john the ripper
ISO/IEC 27005
exposure
34. Information security managment measurements
ISO/IEC 27004
risk analysis
mappers
AS/NZS 4360
35. ISM Standard
Information Security Management
delayed
blueprints
availability
36. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
elcomsoft
usage
vulnerability scanner
delayed
37. Responsible for communicating to senior mgmt organizational risks and compliance regulations
CISO
L0phtCrack
COSO
fault tree analysis
38. Focus on service level agreements between IT dept and internal customers
AS/NZS 4360
ISO 17799
ITIL
risk catagories
39. IRM
Information risk management
delayed
annualized loss expectancy
CobiT
40. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
BS7799
security program
security governanace
administrative
41. An instance of being exposed to losses from a threat
COSO
ISO/IEC 27002
exposure
annualized rate of occurrence
42. The tools - personnel and business processes necessary to ensure that security meets needs
qualitative
vulnerability
security governanace
corporate security officer
43. Mitigates a potential risk
COSO
COSO
countermeasure
CobiT
44. Event levels available for logging in a MS DNS server
planning horizon
ISO/IEC 27001
john the ripper
No events - Errors only - Errors and warnings - All events
45. The following tools (Nessus - Qualys - Retina) are ______________ scanners
vulnerability
Committee of Sponsoring Organizations
planning horizon
FMEA
46. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
planning horizon
mappers
strategic
COSO
47. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
ISO/IEC 27001
CobiT
vulnerability
FMEA
48. NIST risk management methodology
administrative
security program
Information risk management
SP 800-30
49. Used to ID failures in a complex systems to understand underlying causes of threats
elcomsoft
data owner
exposure factor
fault tree analysis
50. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
CobiT
Control Objectives for Information and related Technology
risk analysis
network mapping