SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. COSO
risk catagories
Committee of Sponsoring Organizations
chief information security officer
FRAP
2. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
CobiT
countermeasure
OCTAVE
administrative
3. Strategic - tactical and operational planning
risk analysis
planning horizon
strategic
ISO 17799
4. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
BS7799
corporate security officer
risk analysis
risk anlysis
5. Event levels available for logging in a MS DNS server
No events - Errors only - Errors and warnings - All events
penetration
availability
CobiT
6. De facto standard of best practices for IT service mgmt
delayed
Information Technology Infrastructure Library (ITIL)
blueprints
COSO
7. Ensures managment security directives are fulfilled
exposure
performance baseline
fault tree analysis
security officer
8. Type of audit that checks that accounts - groups and roles are correctly assigned
privilege
ISO 17799
security governanace
annualized loss expectancy
9. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
Committee of Sponsoring Organizations
fault tree analysis
FMEA
risk mitigation
10. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
security officer
risk analysis
operational
FMEA
11. Percentage of an asset's value that would be lost in a single incident - (EF)
exposure factor
ISO 17799
security program
penetration
12. IRM
risk anlysis
exposure factor
OCTAVE
Information risk management
13. Expected or predetermined performance level - developed from policy - performance - requirements
network mapping
IRM
security program
performance baseline
14. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
FMEA
firewall
ISO/IEC 27004
security officer
15. CSO
corporate security officer
protocol analyzer
ISO/IEC 27001
COSO
16. Tools to ID - develop - and design security requirements for business needs
integrity
administrative
blueprints
ISO/IEC 27001
17. Provides a cost/benefit comparision
corporate security officer
john the ripper
risk analysis
Information risk management
18. Information security managment measurements
risk mitigation
confidentiality
CobiT
ISO/IEC 27004
19. CobiT
firewall
privilege
Control Objectives for Information and related Technology
AS/NZS 4360
20. Collection of controls an organization must have in place
SP 800-30
Operationally Critical Threat - Asset - and Vulnerability Evaluation
CobiT
security program
21. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
AS/NZS 4360
threat
data owner
CISO
22. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
qualitative
CISO
vulnerability
FMEA
23. Potential danger to information or systems
protocol analyzer
john the ripper
threat
risk catagories
24. Guide assist in the implemenation of information security based on risk managent approach
firewall
CobiT
Information Technology Infrastructure Library (ITIL)
ISO/IEC 27005
25. FMEA
risk analysis
corporate security officer
risk analysis
Failure Modes and Effect Analysis
26. Responsible for communicating to senior mgmt organizational risks and compliance regulations
ISO/IEC 27001
CISO
security officer
network mapping
27. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
physical
COSO
ISO/IEC 27002
annualized loss expectancy
28. IT governance at the operational level
vulnerability
threat
CobiT
risk
29. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
integrity
protocol analyzer
CobiT
FMEA
30. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
administrative
mappers
security governanace
security officer
31. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
usage
strategic
confidentiality
annualized rate of occurrence
32. Possiblity of damage and the ramifications should it occur
penetration
FMEA
Control Objectives for Information and related Technology
risk
33. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond
vulnerability scanner
ISO/IEC 27002
countermeasure
COSO
34. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
data owner
confidentiality
vulnerability
network mapping
35. ISM Standard
Information Security Management
CobiT
IRM
qualitative
36. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
CobiT
network mapping
risk analysis
risk analysis
37. An instance of being exposed to losses from a threat
IRM
exposure
mappers
FMEA
38. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
qualitative
L0phtCrack
exposure
Operationally Critical Threat - Asset - and Vulnerability Evaluation
39. Number of time the incident might occur annually - (ARO)
risk analysis
risk analysis
annualized rate of occurrence
L0phtCrack
40. The likelihood of exploitation and the loss potential
FRAP
network mapping
usage
risk
41. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
performance monitor
CobiT
FMEA
security governanace
42. __________ loss has a negative effect after a vulnerability is initially exploited
delayed
administrative
qualitative
CISO
43. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
protocol analyzer
penetration
ISO/IEC 27004
annualized loss expectancy
44. SLE x ARO - (ALE)
IRM
annualized loss expectancy
countermeasure
security program
45. Type of audit that checks procedures and policies for escalating issues to management
annualized rate of occurrence
fault tree analysis
escalation
annualized loss expectancy
46. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
performance monitor
network mapping
usage
ISO/IEC 27002
47. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
Control Objectives for Information and related Technology
tactical
delayed
network mapping
48. Midterm goals
Information Security Management
vulnerability
tactical
Information risk management
49. The following tools (Nessus - Qualys - Retina) are ______________ scanners
FMEA
vulnerability
countermeasure
escalation
50. The asset's value multiplied by the EF percentage - (SLE)
operational
single loss expectancy
security governanace
BS7799