Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Type of audit that checks procedures and policies for escalating issues to management






2. Strategic - tactical and operational planning






3. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate






4. Guide to illustrate how to protect personal health information






5. Derived from the COSO framework






6. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards






7. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate






8. FRAP






9. CISO






10. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control






11. IT governance at the operational level






12. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach






13. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion






14. The tools - personnel and business processes necessary to ensure that security meets needs






15. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)






16. Ensures managment security directives are fulfilled






17. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files






18. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company






19. The asset's value multiplied by the EF percentage - (SLE)






20. De facto standard of best practices for IT service mgmt






21. OCTAVE






22. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering






23. Ensures necessary level of secrecy and prevents unauthorized disclosure






24. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)






25. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)






26. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)






27. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics






28. Number of time the incident might occur annually - (ARO)






29. Midterm goals






30. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks






31. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate






32. Corporate governance at the strategic level






33. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk






34. Guide assist in the implemenation of information security based on risk managent approach






35. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers






36. Made up of ten domains - a mechanism to describe security processes






37. Type of audit that checks that accounts - groups and roles are correctly assigned






38. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)






39. __________ loss has a negative effect after a vulnerability is initially exploited






40. Type of audit that checks that network resources - systems and software are used appropriately






41. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis






42. An instance of being exposed to losses from a threat






43. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error






44. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment






45. IRM






46. Expected or predetermined performance level - developed from policy - performance - requirements






47. Collection of controls an organization must have in place






48. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost






49. Risk mgmt method with much broader focus than IT security






50. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external