SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Type of audit that checks procedures and policies for escalating issues to management
due care
escalation
risk anlysis
ISO 17799
2. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
ISO 17799
risk analysis
confidentiality
qualitative
3. Percentage of an asset's value that would be lost in a single incident - (EF)
ISO/IEC 27799
ISO/IEC 27001
chief information security officer
exposure factor
4. A log that can record outgoing requests - incoming traffic - and internet usage
physical
FMEA
firewall
exposure factor
5. Made up of ten domains - a mechanism to describe security processes
vulnerability
privilege
ISO 17799
network mapping
6. Strategic - tactical and operational planning
Information Technology Infrastructure Library (ITIL)
IRM
CISO
planning horizon
7. The tools - personnel and business processes necessary to ensure that security meets needs
ISO/IEC 27005
security governanace
physical
AS/NZS 4360
8. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
physical
FMEA
privilege
protocol analyzer
9. COSO
Committee of Sponsoring Organizations
physical
Information risk management
corporate security officer
10. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
chief information security officer
risk mitigation
Failure Modes and Effect Analysis
exposure
11. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
operational
ISO 17799
Information Security Management
risk analysis
12. CobiT
ITIL
Control Objectives for Information and related Technology
administrative
protocol analyzer
13. A weakness (software - hardware - procedural - human) that can be exploited
vulnerability
OVAL
annualized rate of occurrence
SP 800-30
14. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
fault tree analysis
port scanner
IRM
network mapping
15. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
vulnerability
penetration
mappers
risk mitigation
16. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
risk
chief information security officer
physical
elcomsoft
17. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
FRAP
annualized rate of occurrence
escalation
security program
18. Type of audit that checks that accounts - groups and roles are correctly assigned
annualized rate of occurrence
COSO
ISO/IEC 27002
privilege
19. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
strategic
ISO 17799
OVAL
No events - Errors only - Errors and warnings - All events
20. FMEA
Failure Modes and Effect Analysis
FRAP
SP 800-30
IRM
21. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
CobiT
Information risk management
OVAL
risk anlysis
22. De facto standard of best practices for IT service mgmt
Operationally Critical Threat - Asset - and Vulnerability Evaluation
Information Technology Infrastructure Library (ITIL)
ISO/IEC 27001
integrity
23. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
vulnerability scanner
network mapping
COSO
FMEA
24. Responsible for information classification and protection
strategic
data owner
OCTAVE
privilege
25. Mitigates a potential risk
CobiT
planning horizon
annualized rate of occurrence
countermeasure
26. Used to ID failures in a complex systems to understand underlying causes of threats
security officer
tactical
administrative
fault tree analysis
27. FRAP
Facilitated Risk Analysis Process
physical
penetration
FRAP
28. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
FRAP
CISO
BS7799
Failure Modes and Effect Analysis
29. Midterm goals
COSO
integrity
tactical
risk anlysis
30. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
OVAL
CISO
penetration
elcomsoft
31. IRM
ISO 17799
elcomsoft
Information risk management
IRM
32. Ensures reliable timely access to data/resources to authorized individuals
Facilitated Risk Analysis Process
OCTAVE
administrative
availability
33. NIST risk management methodology
SP 800-30
ISO/IEC 27004
ISO/IEC 27002
ISO/IEC 27005
34. OCTAVE
Information Technology Infrastructure Library (ITIL)
fault tree analysis
Operationally Critical Threat - Asset - and Vulnerability Evaluation
qualitative
35. CSO
corporate security officer
confidentiality
ISO/IEC 27001
CISO
36. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
FMEA
ISO/IEC 27001
No events - Errors only - Errors and warnings - All events
Operationally Critical Threat - Asset - and Vulnerability Evaluation
37. An open language from mitre.org for determining vulnerabilities and problems on computer systems
CISO
risk analysis
ISO/IEC 27001
OVAL
38. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
escalation
risk catagories
administrative
vulnerability
39. Derived from the COSO framework
CobiT
security program
ISO/IEC 27005
integrity
40. IT governance at the operational level
delayed
CobiT
vulnerability
COSO
41. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
confidentiality
protocol analyzer
security officer
ISO/IEC 27004
42. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
confidentiality
vulnerability
risk
risk catagories
43. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
john the ripper
ISO/IEC 27004
ISO/IEC 27005
ISO/IEC 27799
44. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
CobiT
vulnerability
data owner
L0phtCrack
45. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
ISO/IEC 27799
CobiT
IRM
L0phtCrack
46. Responsible for communicating to senior mgmt organizational risks and compliance regulations
No events - Errors only - Errors and warnings - All events
vulnerability scanner
CISO
FRAP
47. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
network mapping
threat
exposure factor
CISO
48. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
CobiT
tactical
vulnerability
FRAP
49. CISO
COSO
ITIL
chief information security officer
john the ripper
50. Guide assist in the implemenation of information security based on risk managent approach
confidentiality
escalation
OCTAVE
ISO/IEC 27005