Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
risk anlysis
OCTAVE
OVAL
ISO/IEC 27001

2. A weakness (software - hardware - procedural - human) that can be exploited
due care
Operationally Critical Threat - Asset - and Vulnerability Evaluation
firewall
vulnerability

3. Guide to illustrate how to protect personal health information
risk catagories
ISO/IEC 27002
ISO/IEC 27799
FRAP

4. Strategic - tactical and operational planning
vulnerability
risk catagories
CobiT
planning horizon

5. Corporate governance at the strategic level
ISO 17799
COSO
Operationally Critical Threat - Asset - and Vulnerability Evaluation
chief information security officer

6. FRAP
administrative
Facilitated Risk Analysis Process
FRAP
risk anlysis

7. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
elcomsoft
ISO 17799
ISO/IEC 27799
vulnerability

8. Ensures necessary level of secrecy and prevents unauthorized disclosure
OCTAVE
strategic
FRAP
confidentiality

9. SLE x ARO - (ALE)
ISO 17799
CISO
risk catagories
annualized loss expectancy

10. Used to ID failures in a complex systems to understand underlying causes of threats
ITIL
fault tree analysis
Information Security Management
tactical

11. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
vulnerability
risk mitigation
privilege
blueprints

12. Type of audit that checks that accounts - groups and roles are correctly assigned
vulnerability
escalation
privilege
annualized loss expectancy

13. Possiblity of damage and the ramifications should it occur
risk
annualized loss expectancy
technical
usage

14. Collection of controls an organization must have in place
security program
availability
ISO 17799
CobiT

15. CSO
privilege
planning horizon
corporate security officer
AS/NZS 4360

16. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
performance monitor
risk
vulnerability scanner
annualized loss expectancy

17. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
Committee of Sponsoring Organizations
Information risk management
port scanner
vulnerability

18. __________ loss has a negative effect after a vulnerability is initially exploited
administrative
delayed
OCTAVE
vulnerability

19. A log that can record outgoing requests - incoming traffic - and internet usage
mappers
availability
firewall
fault tree analysis

20. Focus on service level agreements between IT dept and internal customers
SP 800-30
vulnerability scanner
ITIL
port scanner

21. The likelihood of exploitation and the loss potential
delayed
port scanner
Operationally Critical Threat - Asset - and Vulnerability Evaluation
risk

22. CobiT
countermeasure
Facilitated Risk Analysis Process
Control Objectives for Information and related Technology
network mapping

23. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
availability
administrative
ISO/IEC 27004
planning horizon

24. The following tools (Nessus - Qualys - Retina) are ______________ scanners
firewall
elcomsoft
CobiT
vulnerability

25. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
risk mitigation
single loss expectancy
OCTAVE
IRM

26. Derived from the COSO framework
CobiT
ISO/IEC 27002
due care
annualized rate of occurrence

27. An open language from mitre.org for determining vulnerabilities and problems on computer systems
CobiT
risk analysis
security program
OVAL

28. Ensures reliable timely access to data/resources to authorized individuals
single loss expectancy
COSO
annualized rate of occurrence
availability

29. Event levels available for logging in a MS DNS server
Information risk management
No events - Errors only - Errors and warnings - All events
network mapping
technical

30. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
strategic
FMEA
blueprints
OCTAVE

31. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
mappers
performance monitor
administrative
ISO/IEC 27799

32. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
Information Technology Infrastructure Library (ITIL)
countermeasure
OCTAVE
network mapping

33. Information security managment measurements
vulnerability
ISO/IEC 27001
FRAP
ISO/IEC 27004

34. Type of audit that checks procedures and policies for escalating issues to management
escalation
port scanner
vulnerability
performance baseline

35. Mitigates a potential risk
privilege
risk
countermeasure
single loss expectancy

36. De facto standard of best practices for IT service mgmt
FMEA
privilege
Information Technology Infrastructure Library (ITIL)
physical

37. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
protocol analyzer
vulnerability
COSO
penetration

38. Guide assist in the implemenation of information security based on risk managent approach
exposure factor
FMEA
ISO/IEC 27005
L0phtCrack

39. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
CobiT
performance baseline
risk anlysis
L0phtCrack

40. Responsible for information classification and protection
security officer
usage
ISO 17799
data owner

41. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond
single loss expectancy
planning horizon
CobiT
COSO

42. ISM Standard
delayed
Information risk management
Information Security Management
qualitative

43. Expected or predetermined performance level - developed from policy - performance - requirements
BS7799
performance baseline
Operationally Critical Threat - Asset - and Vulnerability Evaluation
CobiT

44. FMEA
FMEA
Failure Modes and Effect Analysis
risk
Information risk management

45. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
Information Technology Infrastructure Library (ITIL)
annualized rate of occurrence
single loss expectancy
FMEA

46. OCTAVE
Operationally Critical Threat - Asset - and Vulnerability Evaluation
confidentiality
CobiT
SP 800-30

47. Ensures managment security directives are fulfilled
qualitative
penetration
AS/NZS 4360
security officer

48. Made up of ten domains - a mechanism to describe security processes
FRAP
penetration
administrative
ISO 17799

49. The asset's value multiplied by the EF percentage - (SLE)
technical
Information Security Management
network mapping
single loss expectancy

50. Number of time the incident might occur annually - (ARO)
ISO 17799
annualized rate of occurrence
Operationally Critical Threat - Asset - and Vulnerability Evaluation
administrative