SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
risk
Committee of Sponsoring Organizations
FMEA
security governanace
2. Guide assist in the implemenation of information security based on risk managent approach
ISO/IEC 27005
operational
security program
Information Security Management
3. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
ISO/IEC 27001
physical
Committee of Sponsoring Organizations
Operationally Critical Threat - Asset - and Vulnerability Evaluation
4. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
security officer
privilege
confidentiality
L0phtCrack
5. The tools - personnel and business processes necessary to ensure that security meets needs
chief information security officer
integrity
security governanace
IRM
6. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
OCTAVE
IRM
vulnerability scanner
Control Objectives for Information and related Technology
7. Mitigates a potential risk
countermeasure
security program
security officer
CobiT
8. Event levels available for logging in a MS DNS server
ISO/IEC 27001
risk
risk analysis
No events - Errors only - Errors and warnings - All events
9. CISO
chief information security officer
performance monitor
vulnerability
risk analysis
10. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond
due care
CobiT
risk
COSO
11. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
annualized loss expectancy
risk mitigation
mappers
AS/NZS 4360
12. FMEA
privilege
COSO
FMEA
Failure Modes and Effect Analysis
13. FRAP
Failure Modes and Effect Analysis
Facilitated Risk Analysis Process
operational
risk catagories
14. CSO
COSO
corporate security officer
IRM
risk analysis
15. Corporate governance at the strategic level
penetration
delayed
ITIL
COSO
16. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
risk analysis
risk catagories
OCTAVE
ISO/IEC 27799
17. Possiblity of damage and the ramifications should it occur
BS7799
risk
FMEA
IRM
18. Type of audit that checks procedures and policies for escalating issues to management
vulnerability
privilege
CobiT
escalation
19. Guide to illustrate how to protect personal health information
ISO/IEC 27799
risk analysis
port scanner
risk
20. Focus on service level agreements between IT dept and internal customers
ITIL
risk catagories
ISO/IEC 27004
Information Security Management
21. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
penetration
Control Objectives for Information and related Technology
vulnerability
annualized rate of occurrence
22. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
risk catagories
privilege
FMEA
technical
23. Responsible for information classification and protection
CISO
data owner
technical
penetration
24. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
Committee of Sponsoring Organizations
vulnerability scanner
FRAP
port scanner
25. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
No events - Errors only - Errors and warnings - All events
ISO 17799
firewall
network mapping
26. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
COSO
FRAP
tactical
CISO
27. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
CISO
firewall
strategic
network mapping
28. Potential danger to information or systems
Information risk management
AS/NZS 4360
ISO/IEC 27002
threat
29. Number of time the incident might occur annually - (ARO)
mappers
annualized rate of occurrence
risk
privilege
30. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
CobiT
john the ripper
data owner
Information Security Management
31. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
qualitative
CobiT
ISO/IEC 27001
physical
32. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
countermeasure
risk analysis
exposure factor
annualized rate of occurrence
33. Ensures reliable timely access to data/resources to authorized individuals
fault tree analysis
vulnerability
risk
availability
34. NIST risk management methodology
ITIL
administrative
SP 800-30
CobiT
35. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
OCTAVE
performance baseline
mappers
network mapping
36. IRM
ISO/IEC 27005
availability
Information risk management
elcomsoft
37. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
vulnerability
vulnerability scanner
CobiT
security program
38. The following tools (Nessus - Qualys - Retina) are ______________ scanners
vulnerability
COSO
administrative
technical
39. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
administrative
risk anlysis
security program
firewall
40. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
IRM
annualized rate of occurrence
vulnerability scanner
L0phtCrack
41. COSO
FRAP
Committee of Sponsoring Organizations
OVAL
delayed
42. Percentage of an asset's value that would be lost in a single incident - (EF)
exposure factor
security officer
escalation
FRAP
43. Type of audit that checks that accounts - groups and roles are correctly assigned
vulnerability scanner
risk
ISO/IEC 27001
privilege
44. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
penetration
integrity
CISO
ISO 17799
45. An open language from mitre.org for determining vulnerabilities and problems on computer systems
countermeasure
qualitative
planning horizon
OVAL
46. Ensures managment security directives are fulfilled
annualized loss expectancy
risk anlysis
security officer
corporate security officer
47. A weakness (software - hardware - procedural - human) that can be exploited
risk mitigation
vulnerability
security program
security officer
48. The asset's value multiplied by the EF percentage - (SLE)
single loss expectancy
escalation
risk anlysis
due care
49. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
due care
strategic
CISO
annualized loss expectancy
50. An instance of being exposed to losses from a threat
escalation
risk catagories
exposure
penetration