SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. CobiT
tactical
corporate security officer
Control Objectives for Information and related Technology
ISO/IEC 27002
2. Controls that implement access control - password mangement - identification and authentication methods - configuration
annualized loss expectancy
technical
AS/NZS 4360
exposure
3. Assurance of accurancy and reliability of information and systems
mappers
due care
single loss expectancy
integrity
4. SLE x ARO - (ALE)
annualized loss expectancy
OVAL
vulnerability
availability
5. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
CobiT
FMEA
security governanace
ISO/IEC 27005
6. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
CISO
strategic
Facilitated Risk Analysis Process
qualitative
7. Collection of controls an organization must have in place
risk analysis
FRAP
security program
COSO
8. The likelihood of exploitation and the loss potential
Information Technology Infrastructure Library (ITIL)
strategic
elcomsoft
risk
9. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
CISO
network mapping
CobiT
usage
10. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond
risk
COSO
firewall
CobiT
11. Midterm goals
tactical
CobiT
CobiT
AS/NZS 4360
12. An open language from mitre.org for determining vulnerabilities and problems on computer systems
mappers
chief information security officer
single loss expectancy
OVAL
13. Daily goals focused on productivity and task-oriented activities
operational
usage
qualitative
ITIL
14. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
risk anlysis
COSO
usage
No events - Errors only - Errors and warnings - All events
15. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
risk mitigation
risk analysis
performance monitor
network mapping
16. De facto standard of best practices for IT service mgmt
Information Technology Infrastructure Library (ITIL)
No events - Errors only - Errors and warnings - All events
mappers
CobiT
17. Information security managment measurements
CISO
ISO/IEC 27004
security program
confidentiality
18. The following tools (Nessus - Qualys - Retina) are ______________ scanners
vulnerability
ISO 17799
threat
network mapping
19. The tools - personnel and business processes necessary to ensure that security meets needs
network mapping
vulnerability scanner
security governanace
Information risk management
20. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
risk catagories
ISO/IEC 27002
network mapping
security program
21. Ensures necessary level of secrecy and prevents unauthorized disclosure
confidentiality
administrative
fault tree analysis
operational
22. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
physical
security program
FRAP
ISO/IEC 27799
23. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
mappers
data owner
No events - Errors only - Errors and warnings - All events
protocol analyzer
24. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
FMEA
ISO/IEC 27004
john the ripper
network mapping
25. Focus on service level agreements between IT dept and internal customers
vulnerability
ITIL
Failure Modes and Effect Analysis
elcomsoft
26. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
CobiT
Control Objectives for Information and related Technology
AS/NZS 4360
qualitative
27. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
operational
corporate security officer
ISO/IEC 27002
COSO
28. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
No events - Errors only - Errors and warnings - All events
security officer
firewall
risk anlysis
29. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
risk
vulnerability
risk
tactical
30. Responsible for communicating to senior mgmt organizational risks and compliance regulations
security program
risk mitigation
escalation
CISO
31. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
administrative
fault tree analysis
security program
elcomsoft
32. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
port scanner
delayed
CobiT
planning horizon
33. Possiblity of damage and the ramifications should it occur
confidentiality
CISO
risk
Control Objectives for Information and related Technology
34. Type of audit that checks that network resources - systems and software are used appropriately
COSO
ISO 17799
usage
CobiT
35. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
Information Technology Infrastructure Library (ITIL)
risk analysis
penetration
risk analysis
36. Provides a cost/benefit comparision
chief information security officer
L0phtCrack
risk analysis
FRAP
37. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
escalation
annualized rate of occurrence
FMEA
strategic
38. A weakness (software - hardware - procedural - human) that can be exploited
Failure Modes and Effect Analysis
corporate security officer
vulnerability
risk
39. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
ISO/IEC 27005
operational
ISO/IEC 27799
BS7799
40. Potential danger to information or systems
vulnerability
qualitative
single loss expectancy
threat
41. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
due care
corporate security officer
vulnerability
data owner
42. CSO
Information Security Management
BS7799
corporate security officer
penetration
43. FMEA
Information Technology Infrastructure Library (ITIL)
security program
Failure Modes and Effect Analysis
ISO/IEC 27005
44. Expected or predetermined performance level - developed from policy - performance - requirements
security governanace
OVAL
performance baseline
Information risk management
45. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
IRM
ISO/IEC 27799
ISO 17799
vulnerability
46. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
IRM
security governanace
ISO/IEC 27001
annualized loss expectancy
47. __________ loss has a negative effect after a vulnerability is initially exploited
strategic
CobiT
confidentiality
delayed
48. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
administrative
fault tree analysis
ISO/IEC 27002
CobiT
49. FRAP
Facilitated Risk Analysis Process
CobiT
vulnerability
mappers
50. Type of audit that checks information classification and change control procedures
john the ripper
security governanace
FMEA
administrative