Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks






2. The following tools (Nessus - Qualys - Retina) are ______________ scanners






3. FMEA






4. CobiT






5. Responsible for information classification and protection






6. Made up of ten domains - a mechanism to describe security processes






7. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company






8. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard






9. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits






10. Event levels available for logging in a MS DNS server






11. Risk mgmt method with much broader focus than IT security






12. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product






13. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost






14. Controls that implement access control - password mangement - identification and authentication methods - configuration






15. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)






16. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs






17. Provides a cost/benefit comparision






18. Ensures reliable timely access to data/resources to authorized individuals






19. A weakness (software - hardware - procedural - human) that can be exploited






20. Guide to illustrate how to protect personal health information






21. Collection of controls an organization must have in place






22. The tools - personnel and business processes necessary to ensure that security meets needs






23. ISM Standard






24. Potential danger to information or systems






25. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation






26. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk






27. Expected or predetermined performance level - developed from policy - performance - requirements






28. Ensures necessary level of secrecy and prevents unauthorized disclosure






29. __________ loss has a negative effect after a vulnerability is initially exploited






30. Guide assist in the implemenation of information security based on risk managent approach






31. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards






32. SLE x ARO - (ALE)






33. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files






34. FRAP






35. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering






36. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________






37. Tools to ID - develop - and design security requirements for business needs






38. The asset's value multiplied by the EF percentage - (SLE)






39. Used to predict changes based on trends - detect deviations - and watch events across multiple system components






40. Assurance of accurancy and reliability of information and systems






41. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate






42. COSO






43. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)






44. Daily goals focused on productivity and task-oriented activities






45. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error






46. An open language from mitre.org for determining vulnerabilities and problems on computer systems






47. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis






48. The likelihood of exploitation and the loss potential






49. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach






50. Type of audit that checks information classification and change control procedures