Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
penetration
Facilitated Risk Analysis Process
ISO/IEC 27002
OCTAVE

2. Strategic - tactical and operational planning
OCTAVE
vulnerability scanner
Committee of Sponsoring Organizations
planning horizon

3. An instance of being exposed to losses from a threat
Information Technology Infrastructure Library (ITIL)
strategic
security officer
exposure

4. Daily goals focused on productivity and task-oriented activities
operational
vulnerability
network mapping
confidentiality

5. Potential danger to information or systems
CobiT
threat
chief information security officer
No events - Errors only - Errors and warnings - All events

6. Tools to ID - develop - and design security requirements for business needs
OCTAVE
blueprints
elcomsoft
countermeasure

7. NIST risk management methodology
CobiT
availability
ISO/IEC 27004
SP 800-30

8. The tools - personnel and business processes necessary to ensure that security meets needs
vulnerability
administrative
security governanace
vulnerability scanner

9. Made up of ten domains - a mechanism to describe security processes
ISO/IEC 27005
Operationally Critical Threat - Asset - and Vulnerability Evaluation
ISO 17799
qualitative

10. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
port scanner
OVAL
CobiT
ISO/IEC 27001

11. Provides a cost/benefit comparision
security program
network mapping
vulnerability
risk analysis

12. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
usage
CobiT
IRM
performance monitor

13. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
ISO/IEC 27004
ISO 17799
CISO
vulnerability scanner

14. Guide assist in the implemenation of information security based on risk managent approach
Committee of Sponsoring Organizations
ISO/IEC 27005
risk analysis
CISO

15. __________ loss has a negative effect after a vulnerability is initially exploited
annualized rate of occurrence
network mapping
delayed
port scanner

16. An open language from mitre.org for determining vulnerabilities and problems on computer systems
protocol analyzer
OVAL
vulnerability scanner
administrative

17. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
mappers
risk analysis
ISO/IEC 27002
physical

18. Guide to illustrate how to protect personal health information
Committee of Sponsoring Organizations
strategic
ISO/IEC 27799
protocol analyzer

19. Assurance of accurancy and reliability of information and systems
threat
integrity
availability
BS7799

20. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
firewall
Control Objectives for Information and related Technology
FRAP
OCTAVE

21. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
CobiT
Committee of Sponsoring Organizations
confidentiality
network mapping

22. Corporate governance at the strategic level
ISO/IEC 27004
COSO
BS7799
usage

23. OCTAVE
FRAP
corporate security officer
Operationally Critical Threat - Asset - and Vulnerability Evaluation
COSO

24. The asset's value multiplied by the EF percentage - (SLE)
CobiT
FMEA
OVAL
single loss expectancy

25. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
Information Security Management
FRAP
chief information security officer
penetration

26. Ensures managment security directives are fulfilled
privilege
CobiT
security officer
data owner

27. Midterm goals
CISO
CobiT
data owner
tactical

28. FMEA
Failure Modes and Effect Analysis
due care
risk anlysis
vulnerability

29. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
vulnerability
Control Objectives for Information and related Technology
elcomsoft
AS/NZS 4360

30. Focus on service level agreements between IT dept and internal customers
security officer
ITIL
COSO
Failure Modes and Effect Analysis

31. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
risk analysis
elcomsoft
IRM
exposure factor

32. Used to ID failures in a complex systems to understand underlying causes of threats
protocol analyzer
CobiT
IRM
fault tree analysis

33. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
risk catagories
Control Objectives for Information and related Technology
ISO 17799
operational

34. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
tactical
OCTAVE
COSO
ISO/IEC 27005

35. Collection of controls an organization must have in place
security program
performance monitor
planning horizon
risk anlysis

36. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
CobiT
CobiT
administrative
strategic

37. IRM
Facilitated Risk Analysis Process
countermeasure
Information risk management
administrative

38. Responsible for communicating to senior mgmt organizational risks and compliance regulations
CISO
BS7799
OCTAVE
COSO

39. COSO
exposure factor
availability
annualized loss expectancy
Committee of Sponsoring Organizations

40. Ensures necessary level of secrecy and prevents unauthorized disclosure
due care
administrative
confidentiality
escalation

41. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
Operationally Critical Threat - Asset - and Vulnerability Evaluation
ISO 17799
escalation
technical

42. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
due care
risk analysis
tactical
physical

43. A weakness (software - hardware - procedural - human) that can be exploited
planning horizon
AS/NZS 4360
vulnerability
data owner

44. ISM Standard
Information Security Management
risk mitigation
due care
countermeasure

45. Possiblity of damage and the ramifications should it occur
risk
usage
AS/NZS 4360
performance monitor

46. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond
Control Objectives for Information and related Technology
tactical
network mapping
COSO

47. Responsible for information classification and protection
SP 800-30
vulnerability
CobiT
data owner

48. Ensures reliable timely access to data/resources to authorized individuals
ISO/IEC 27004
availability
confidentiality
Committee of Sponsoring Organizations

49. Number of time the incident might occur annually - (ARO)
performance monitor
CobiT
fault tree analysis
annualized rate of occurrence

50. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
technical
COSO
IRM
SP 800-30