SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
Information risk management
SP 800-30
physical
exposure
2. Tools to ID - develop - and design security requirements for business needs
countermeasure
IRM
blueprints
corporate security officer
3. Percentage of an asset's value that would be lost in a single incident - (EF)
confidentiality
vulnerability
exposure factor
risk
4. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
strategic
confidentiality
firewall
Information Security Management
5. The asset's value multiplied by the EF percentage - (SLE)
single loss expectancy
escalation
planning horizon
ISO/IEC 27004
6. Type of audit that checks procedures and policies for escalating issues to management
FMEA
CobiT
escalation
risk anlysis
7. Information security managment measurements
vulnerability
escalation
OVAL
ISO/IEC 27004
8. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
FMEA
fault tree analysis
ISO 17799
john the ripper
9. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
network mapping
COSO
availability
due care
10. An open language from mitre.org for determining vulnerabilities and problems on computer systems
OVAL
countermeasure
integrity
administrative
11. NIST risk management methodology
SP 800-30
penetration
network mapping
annualized loss expectancy
12. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
security program
exposure factor
Facilitated Risk Analysis Process
CobiT
13. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
vulnerability
fault tree analysis
protocol analyzer
OVAL
14. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
ISO/IEC 27002
data owner
chief information security officer
ISO/IEC 27799
15. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
performance monitor
elcomsoft
administrative
ISO 17799
16. Type of audit that checks information classification and change control procedures
Operationally Critical Threat - Asset - and Vulnerability Evaluation
CISO
CobiT
administrative
17. Number of time the incident might occur annually - (ARO)
annualized rate of occurrence
ISO/IEC 27002
port scanner
risk
18. Strategic - tactical and operational planning
risk
planning horizon
annualized loss expectancy
security governanace
19. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
CobiT
OCTAVE
physical
CISO
20. The following tools (Nessus - Qualys - Retina) are ______________ scanners
vulnerability
Facilitated Risk Analysis Process
single loss expectancy
ISO/IEC 27001
21. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
ISO/IEC 27799
Information Security Management
Facilitated Risk Analysis Process
IRM
22. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
FRAP
security governanace
integrity
risk
23. Corporate governance at the strategic level
corporate security officer
COSO
risk analysis
security program
24. A weakness (software - hardware - procedural - human) that can be exploited
security program
ITIL
vulnerability scanner
vulnerability
25. IRM
protocol analyzer
delayed
qualitative
Information risk management
26. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
annualized loss expectancy
CobiT
strategic
Control Objectives for Information and related Technology
27. Ensures reliable timely access to data/resources to authorized individuals
availability
ITIL
Facilitated Risk Analysis Process
risk anlysis
28. Responsible for communicating to senior mgmt organizational risks and compliance regulations
Failure Modes and Effect Analysis
planning horizon
ISO/IEC 27001
CISO
29. OCTAVE
ISO/IEC 27002
Operationally Critical Threat - Asset - and Vulnerability Evaluation
strategic
delayed
30. Ensures necessary level of secrecy and prevents unauthorized disclosure
CISO
confidentiality
ISO/IEC 27799
strategic
31. An instance of being exposed to losses from a threat
risk catagories
network mapping
exposure
vulnerability scanner
32. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
port scanner
physical
escalation
mappers
33. Potential danger to information or systems
threat
confidentiality
security governanace
qualitative
34. COSO
security governanace
availability
L0phtCrack
Committee of Sponsoring Organizations
35. FRAP
ITIL
risk analysis
Information Security Management
Facilitated Risk Analysis Process
36. Responsible for information classification and protection
strategic
data owner
annualized rate of occurrence
mappers
37. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
FMEA
ISO 17799
risk
risk analysis
38. De facto standard of best practices for IT service mgmt
Information Technology Infrastructure Library (ITIL)
IRM
administrative
Information risk management
39. Midterm goals
vulnerability
network mapping
tactical
risk analysis
40. Collection of controls an organization must have in place
administrative
escalation
AS/NZS 4360
security program
41. Used to ID failures in a complex systems to understand underlying causes of threats
tactical
AS/NZS 4360
fault tree analysis
threat
42. Risk mgmt method with much broader focus than IT security
blueprints
port scanner
security officer
AS/NZS 4360
43. Type of audit that checks that network resources - systems and software are used appropriately
threat
usage
FMEA
vulnerability
44. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond
ISO/IEC 27799
OCTAVE
network mapping
COSO
45. Guide to illustrate how to protect personal health information
elcomsoft
risk analysis
CobiT
ISO/IEC 27799
46. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
exposure factor
planning horizon
BS7799
Information Technology Infrastructure Library (ITIL)
47. Expected or predetermined performance level - developed from policy - performance - requirements
performance baseline
ISO/IEC 27001
elcomsoft
BS7799
48. ISM Standard
performance monitor
tactical
Information Security Management
availability
49. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
fault tree analysis
ISO/IEC 27005
ISO/IEC 27002
FMEA
50. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
risk anlysis
firewall
technical
IRM