SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Mitigates a potential risk
ISO 17799
operational
countermeasure
ITIL
2. Collection of controls an organization must have in place
qualitative
network mapping
security program
administrative
3. Ensures reliable timely access to data/resources to authorized individuals
availability
network mapping
IRM
Committee of Sponsoring Organizations
4. COSO
vulnerability
Committee of Sponsoring Organizations
exposure
FMEA
5. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
AS/NZS 4360
administrative
CISO
risk analysis
6. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
Control Objectives for Information and related Technology
penetration
strategic
risk analysis
7. Expected or predetermined performance level - developed from policy - performance - requirements
exposure
performance baseline
administrative
AS/NZS 4360
8. A log that can record outgoing requests - incoming traffic - and internet usage
ISO 17799
risk
firewall
usage
9. Made up of ten domains - a mechanism to describe security processes
port scanner
Operationally Critical Threat - Asset - and Vulnerability Evaluation
ISO 17799
due care
10. Responsible for information classification and protection
strategic
data owner
usage
exposure factor
11. Derived from the COSO framework
physical
CobiT
confidentiality
vulnerability
12. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
integrity
exposure
risk
security program
13. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
risk analysis
network mapping
confidentiality
john the ripper
14. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
CobiT
IRM
threat
physical
15. Midterm goals
annualized loss expectancy
ISO/IEC 27799
tactical
risk anlysis
16. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
elcomsoft
privilege
BS7799
AS/NZS 4360
17. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
mappers
security governanace
corporate security officer
SP 800-30
18. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
risk analysis
qualitative
CobiT
FMEA
19. Potential danger to information or systems
Committee of Sponsoring Organizations
availability
network mapping
threat
20. Focus on service level agreements between IT dept and internal customers
ITIL
delayed
vulnerability scanner
availability
21. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
data owner
strategic
single loss expectancy
risk
22. __________ loss has a negative effect after a vulnerability is initially exploited
tactical
due care
CISO
delayed
23. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
single loss expectancy
ISO/IEC 27001
CISO
elcomsoft
24. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
security governanace
Operationally Critical Threat - Asset - and Vulnerability Evaluation
OCTAVE
countermeasure
25. De facto standard of best practices for IT service mgmt
BS7799
L0phtCrack
performance monitor
Information Technology Infrastructure Library (ITIL)
26. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
FMEA
Information risk management
port scanner
risk mitigation
27. Type of audit that checks procedures and policies for escalating issues to management
escalation
risk catagories
network mapping
ISO/IEC 27799
28. Daily goals focused on productivity and task-oriented activities
FRAP
john the ripper
operational
physical
29. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
security officer
blueprints
FMEA
Control Objectives for Information and related Technology
30. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
No events - Errors only - Errors and warnings - All events
ISO/IEC 27002
vulnerability scanner
vulnerability
31. An instance of being exposed to losses from a threat
risk anlysis
exposure
escalation
CobiT
32. Controls that implement access control - password mangement - identification and authentication methods - configuration
security program
technical
CobiT
vulnerability scanner
33. Ensures necessary level of secrecy and prevents unauthorized disclosure
confidentiality
firewall
FMEA
risk analysis
34. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
vulnerability scanner
threat
due care
network mapping
35. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
fault tree analysis
delayed
risk mitigation
L0phtCrack
36. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
Facilitated Risk Analysis Process
ISO 17799
FMEA
vulnerability
37. The following tools (Nessus - Qualys - Retina) are ______________ scanners
technical
vulnerability
performance baseline
operational
38. The tools - personnel and business processes necessary to ensure that security meets needs
corporate security officer
ISO/IEC 27799
security governanace
Information Technology Infrastructure Library (ITIL)
39. FMEA
Failure Modes and Effect Analysis
escalation
security governanace
COSO
40. An open language from mitre.org for determining vulnerabilities and problems on computer systems
OVAL
risk analysis
CISO
ITIL
41. CISO
COSO
CobiT
ISO 17799
chief information security officer
42. A weakness (software - hardware - procedural - human) that can be exploited
OCTAVE
network mapping
vulnerability
Committee of Sponsoring Organizations
43. CobiT
Control Objectives for Information and related Technology
security officer
mappers
ISO/IEC 27005
44. Type of audit that checks that network resources - systems and software are used appropriately
usage
CobiT
elcomsoft
performance monitor
45. Percentage of an asset's value that would be lost in a single incident - (EF)
annualized loss expectancy
ISO/IEC 27004
exposure factor
port scanner
46. IRM
data owner
threat
Information risk management
vulnerability
47. Guide to illustrate how to protect personal health information
CISO
annualized loss expectancy
escalation
ISO/IEC 27799
48. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
escalation
ISO/IEC 27002
technical
data owner
49. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
CISO
risk catagories
escalation
ISO/IEC 27005
50. FRAP
Operationally Critical Threat - Asset - and Vulnerability Evaluation
Facilitated Risk Analysis Process
usage
single loss expectancy