Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Derived from the COSO framework






2. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits






3. De facto standard of best practices for IT service mgmt






4. Number of time the incident might occur annually - (ARO)






5. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate






6. Provides a cost/benefit comparision






7. The following tools (Nessus - Qualys - Retina) are ______________ scanners






8. ISM Standard






9. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.






10. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate






11. Mitigates a potential risk






12. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product






13. Event levels available for logging in a MS DNS server






14. COSO






15. An open language from mitre.org for determining vulnerabilities and problems on computer systems






16. The asset's value multiplied by the EF percentage - (SLE)






17. __________ loss has a negative effect after a vulnerability is initially exploited






18. The likelihood of exploitation and the loss potential






19. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost






20. Used to ID failures in a complex systems to understand underlying causes of threats






21. Ensures necessary level of secrecy and prevents unauthorized disclosure






22. SLE x ARO - (ALE)






23. The tools - personnel and business processes necessary to ensure that security meets needs






24. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks






25. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental






26. Assurance of accurancy and reliability of information and systems






27. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate






28. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company






29. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics






30. Possiblity of damage and the ramifications should it occur






31. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)






32. FRAP






33. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment






34. Controls that implement access control - password mangement - identification and authentication methods - configuration






35. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard






36. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external






37. NIST risk management methodology






38. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)






39. IRM






40. Tools to ID - develop - and design security requirements for business needs






41. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation






42. Guide assist in the implemenation of information security based on risk managent approach






43. Ensures reliable timely access to data/resources to authorized individuals






44. Corporate governance at the strategic level






45. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)






46. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error






47. Type of audit that checks information classification and change control procedures






48. Responsible for information classification and protection






49. A weakness (software - hardware - procedural - human) that can be exploited






50. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion