SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. De facto standard of best practices for IT service mgmt
vulnerability scanner
Information Technology Infrastructure Library (ITIL)
SP 800-30
FRAP
2. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
CobiT
penetration
FMEA
exposure
3. Responsible for information classification and protection
data owner
Operationally Critical Threat - Asset - and Vulnerability Evaluation
tactical
OCTAVE
4. Event levels available for logging in a MS DNS server
threat
vulnerability
ISO/IEC 27004
No events - Errors only - Errors and warnings - All events
5. The asset's value multiplied by the EF percentage - (SLE)
ISO/IEC 27002
AS/NZS 4360
exposure
single loss expectancy
6. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
due care
CobiT
ISO 17799
elcomsoft
7. CISO
CobiT
Information risk management
chief information security officer
Information Technology Infrastructure Library (ITIL)
8. Ensures managment security directives are fulfilled
annualized rate of occurrence
vulnerability
elcomsoft
security officer
9. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
elcomsoft
qualitative
AS/NZS 4360
fault tree analysis
10. Tools to ID - develop - and design security requirements for business needs
blueprints
firewall
threat
planning horizon
11. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
vulnerability
ISO/IEC 27002
exposure factor
Control Objectives for Information and related Technology
12. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
ISO/IEC 27001
risk analysis
annualized loss expectancy
network mapping
13. Corporate governance at the strategic level
risk catagories
john the ripper
COSO
annualized loss expectancy
14. Provides a cost/benefit comparision
strategic
administrative
Information Technology Infrastructure Library (ITIL)
risk analysis
15. Ensures reliable timely access to data/resources to authorized individuals
privilege
availability
security program
single loss expectancy
16. An instance of being exposed to losses from a threat
exposure
AS/NZS 4360
ISO/IEC 27001
tactical
17. SLE x ARO - (ALE)
technical
risk catagories
security officer
annualized loss expectancy
18. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
risk catagories
john the ripper
risk mitigation
Failure Modes and Effect Analysis
19. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
administrative
security officer
ISO/IEC 27002
Committee of Sponsoring Organizations
20. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
penetration
performance baseline
vulnerability
operational
21. CSO
delayed
COSO
annualized rate of occurrence
corporate security officer
22. Information security managment measurements
confidentiality
Information Technology Infrastructure Library (ITIL)
security program
ISO/IEC 27004
23. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
Failure Modes and Effect Analysis
security program
vulnerability scanner
risk
24. Type of audit that checks procedures and policies for escalating issues to management
escalation
network mapping
annualized rate of occurrence
vulnerability scanner
25. Daily goals focused on productivity and task-oriented activities
ISO/IEC 27002
Operationally Critical Threat - Asset - and Vulnerability Evaluation
ISO/IEC 27004
operational
26. Possiblity of damage and the ramifications should it occur
exposure
blueprints
firewall
risk
27. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
technical
network mapping
COSO
vulnerability
28. The following tools (Nessus - Qualys - Retina) are ______________ scanners
administrative
vulnerability
corporate security officer
operational
29. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
ISO/IEC 27002
strategic
Information Technology Infrastructure Library (ITIL)
ISO/IEC 27004
30. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
escalation
IRM
CISO
protocol analyzer
31. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
mappers
administrative
risk anlysis
strategic
32. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
ISO/IEC 27001
risk mitigation
FRAP
security program
33. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
risk analysis
availability
annualized rate of occurrence
risk anlysis
34. The likelihood of exploitation and the loss potential
risk catagories
ISO/IEC 27799
integrity
risk
35. CobiT
john the ripper
security program
Control Objectives for Information and related Technology
technical
36. Type of audit that checks that accounts - groups and roles are correctly assigned
delayed
firewall
privilege
exposure
37. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
risk analysis
chief information security officer
threat
network mapping
38. Risk mgmt method with much broader focus than IT security
integrity
CISO
IRM
AS/NZS 4360
39. NIST risk management methodology
CobiT
SP 800-30
Committee of Sponsoring Organizations
risk anlysis
40. Type of audit that checks information classification and change control procedures
risk mitigation
Information risk management
administrative
security program
41. Expected or predetermined performance level - developed from policy - performance - requirements
CISO
threat
performance baseline
protocol analyzer
42. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
L0phtCrack
security officer
threat
Information Security Management
43. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
administrative
vulnerability
exposure factor
OCTAVE
44. Percentage of an asset's value that would be lost in a single incident - (EF)
FMEA
integrity
mappers
exposure factor
45. Guide to illustrate how to protect personal health information
ISO/IEC 27799
CobiT
risk
performance monitor
46. __________ loss has a negative effect after a vulnerability is initially exploited
delayed
ITIL
security program
firewall
47. Mitigates a potential risk
risk analysis
countermeasure
due care
BS7799
48. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
vulnerability
tactical
integrity
risk analysis
49. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
BS7799
ISO/IEC 27001
security governanace
port scanner
50. Potential danger to information or systems
vulnerability
threat
qualitative
No events - Errors only - Errors and warnings - All events