SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Event levels available for logging in a MS DNS server
qualitative
No events - Errors only - Errors and warnings - All events
Control Objectives for Information and related Technology
fault tree analysis
2. Type of audit that checks information classification and change control procedures
security program
OCTAVE
administrative
network mapping
3. Responsible for communicating to senior mgmt organizational risks and compliance regulations
privilege
CISO
ISO/IEC 27005
network mapping
4. Provides a cost/benefit comparision
security program
risk analysis
OVAL
SP 800-30
5. Ensures necessary level of secrecy and prevents unauthorized disclosure
confidentiality
Information Technology Infrastructure Library (ITIL)
annualized rate of occurrence
Information Security Management
6. Assurance of accurancy and reliability of information and systems
risk analysis
chief information security officer
Information Technology Infrastructure Library (ITIL)
integrity
7. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond
COSO
ISO/IEC 27005
port scanner
exposure factor
8. Expected or predetermined performance level - developed from policy - performance - requirements
vulnerability
performance baseline
corporate security officer
IRM
9. A weakness (software - hardware - procedural - human) that can be exploited
vulnerability
confidentiality
countermeasure
security governanace
10. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
exposure
Failure Modes and Effect Analysis
CobiT
john the ripper
11. Guide to illustrate how to protect personal health information
integrity
ISO/IEC 27799
network mapping
physical
12. COSO
security program
Committee of Sponsoring Organizations
ISO 17799
protocol analyzer
13. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
risk mitigation
performance monitor
blueprints
ISO/IEC 27005
14. Mitigates a potential risk
Operationally Critical Threat - Asset - and Vulnerability Evaluation
availability
countermeasure
ISO 17799
15. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
COSO
risk catagories
planning horizon
performance baseline
16. The following tools (Nessus - Qualys - Retina) are ______________ scanners
annualized loss expectancy
vulnerability
data owner
john the ripper
17. SLE x ARO - (ALE)
Operationally Critical Threat - Asset - and Vulnerability Evaluation
exposure
annualized loss expectancy
Control Objectives for Information and related Technology
18. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
CobiT
security governanace
security program
elcomsoft
19. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
AS/NZS 4360
network mapping
FRAP
technical
20. Made up of ten domains - a mechanism to describe security processes
blueprints
ISO 17799
usage
COSO
21. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
CISO
ISO/IEC 27799
penetration
FMEA
22. Information security managment measurements
exposure factor
integrity
ISO/IEC 27004
corporate security officer
23. Ensures managment security directives are fulfilled
vulnerability
security officer
operational
Failure Modes and Effect Analysis
24. Controls that implement access control - password mangement - identification and authentication methods - configuration
technical
Failure Modes and Effect Analysis
physical
chief information security officer
25. CISO
risk mitigation
chief information security officer
corporate security officer
Information risk management
26. FRAP
Committee of Sponsoring Organizations
network mapping
ISO 17799
Facilitated Risk Analysis Process
27. Type of audit that checks that network resources - systems and software are used appropriately
ISO/IEC 27002
security governanace
usage
CISO
28. Risk mgmt method with much broader focus than IT security
No events - Errors only - Errors and warnings - All events
AS/NZS 4360
CISO
COSO
29. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
exposure
vulnerability scanner
port scanner
COSO
30. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
technical
Failure Modes and Effect Analysis
mappers
CISO
31. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
No events - Errors only - Errors and warnings - All events
CISO
due care
exposure
32. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
CobiT
ISO/IEC 27001
COSO
john the ripper
33. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
planning horizon
vulnerability
exposure
ISO 17799
34. Type of audit that checks procedures and policies for escalating issues to management
penetration
Information Technology Infrastructure Library (ITIL)
OCTAVE
escalation
35. IT governance at the operational level
annualized rate of occurrence
port scanner
strategic
CobiT
36. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
risk
risk analysis
firewall
qualitative
37. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
vulnerability scanner
security program
tactical
CISO
38. Potential danger to information or systems
threat
ISO 17799
vulnerability
single loss expectancy
39. Derived from the COSO framework
No events - Errors only - Errors and warnings - All events
security program
CobiT
vulnerability
40. Focus on service level agreements between IT dept and internal customers
FMEA
ITIL
strategic
vulnerability scanner
41. De facto standard of best practices for IT service mgmt
Information Technology Infrastructure Library (ITIL)
SP 800-30
performance monitor
escalation
42. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
usage
annualized loss expectancy
Facilitated Risk Analysis Process
risk analysis
43. NIST risk management methodology
ISO/IEC 27005
Committee of Sponsoring Organizations
data owner
SP 800-30
44. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
availability
risk mitigation
COSO
network mapping
45. Percentage of an asset's value that would be lost in a single incident - (EF)
blueprints
exposure factor
COSO
vulnerability scanner
46. Used to ID failures in a complex systems to understand underlying causes of threats
physical
No events - Errors only - Errors and warnings - All events
fault tree analysis
risk catagories
47. Strategic - tactical and operational planning
confidentiality
ISO/IEC 27799
planning horizon
vulnerability
48. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
OVAL
risk
security governanace
ISO/IEC 27002
49. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
OCTAVE
SP 800-30
Facilitated Risk Analysis Process
confidentiality
50. Guide assist in the implemenation of information security based on risk managent approach
risk anlysis
data owner
ISO/IEC 27005
performance baseline