Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Type of audit that checks that accounts - groups and roles are correctly assigned






2. A weakness (software - hardware - procedural - human) that can be exploited






3. Ensures reliable timely access to data/resources to authorized individuals






4. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files






5. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond






6. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)






7. Type of audit that checks procedures and policies for escalating issues to management






8. Made up of ten domains - a mechanism to describe security processes






9. Used to ID failures in a complex systems to understand underlying causes of threats






10. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control






11. Number of time the incident might occur annually - (ARO)






12. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks






13. Guide to illustrate how to protect personal health information






14. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation






15. Type of audit that checks that network resources - systems and software are used appropriately






16. An instance of being exposed to losses from a threat






17. Guide assist in the implemenation of information security based on risk managent approach






18. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company






19. A log that can record outgoing requests - incoming traffic - and internet usage






20. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting






21. Tools to ID - develop - and design security requirements for business needs






22. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion






23. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________






24. Midterm goals






25. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment






26. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate






27. Provides a cost/benefit comparision






28. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost






29. Corporate governance at the strategic level






30. The asset's value multiplied by the EF percentage - (SLE)






31. Potential danger to information or systems






32. Possiblity of damage and the ramifications should it occur






33. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits






34. Risk mgmt method with much broader focus than IT security






35. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis






36. De facto standard of best practices for IT service mgmt






37. Event levels available for logging in a MS DNS server






38. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards






39. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.






40. ISM Standard






41. Collection of controls an organization must have in place






42. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental






43. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external






44. Derived from the COSO framework






45. Used to predict changes based on trends - detect deviations - and watch events across multiple system components






46. CISO






47. Responsible for information classification and protection






48. Mitigates a potential risk






49. SLE x ARO - (ALE)






50. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard