Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment






2. Potential danger to information or systems






3. The following tools (Nessus - Qualys - Retina) are ______________ scanners






4. CSO






5. OCTAVE






6. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach






7. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files






8. Assurance of accurancy and reliability of information and systems






9. Made up of ten domains - a mechanism to describe security processes






10. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs






11. __________ loss has a negative effect after a vulnerability is initially exploited






12. Mitigates a potential risk






13. Expected or predetermined performance level - developed from policy - performance - requirements






14. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)






15. FRAP






16. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________






17. ISM Standard






18. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate






19. Ensures managment security directives are fulfilled






20. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)






21. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external






22. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental






23. Guide to illustrate how to protect personal health information






24. SLE x ARO - (ALE)






25. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard






26. NIST risk management methodology






27. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond






28. The tools - personnel and business processes necessary to ensure that security meets needs






29. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error






30. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering






31. Guide assist in the implemenation of information security based on risk managent approach






32. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product






33. Ensures necessary level of secrecy and prevents unauthorized disclosure






34. COSO






35. Controls that implement access control - password mangement - identification and authentication methods - configuration






36. An instance of being exposed to losses from a threat






37. Event levels available for logging in a MS DNS server






38. Risk mgmt method with much broader focus than IT security






39. A log that can record outgoing requests - incoming traffic - and internet usage






40. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)






41. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate






42. Ensures reliable timely access to data/resources to authorized individuals






43. A weakness (software - hardware - procedural - human) that can be exploited






44. De facto standard of best practices for IT service mgmt






45. Used to ID failures in a complex systems to understand underlying causes of threats






46. CobiT






47. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation






48. Information security managment measurements






49. Collection of controls an organization must have in place






50. Responsible for information classification and protection