SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The asset's value multiplied by the EF percentage - (SLE)
single loss expectancy
planning horizon
ISO/IEC 27001
escalation
2. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
elcomsoft
Control Objectives for Information and related Technology
security program
COSO
3. Corporate governance at the strategic level
Control Objectives for Information and related Technology
L0phtCrack
blueprints
COSO
4. De facto standard of best practices for IT service mgmt
Information Technology Infrastructure Library (ITIL)
FMEA
risk catagories
OVAL
5. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
due care
administrative
john the ripper
Information Security Management
6. Information security managment measurements
technical
CobiT
ISO/IEC 27004
penetration
7. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond
risk analysis
fault tree analysis
COSO
FMEA
8. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
CobiT
Failure Modes and Effect Analysis
network mapping
fault tree analysis
9. SLE x ARO - (ALE)
risk catagories
Failure Modes and Effect Analysis
OVAL
annualized loss expectancy
10. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
elcomsoft
COSO
vulnerability
security program
11. An instance of being exposed to losses from a threat
FMEA
exposure
tactical
CobiT
12. Potential danger to information or systems
Committee of Sponsoring Organizations
delayed
threat
exposure factor
13. FMEA
Failure Modes and Effect Analysis
technical
ITIL
OVAL
14. IRM
Information risk management
exposure factor
strategic
FMEA
15. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
Failure Modes and Effect Analysis
CISO
vulnerability scanner
security program
16. CSO
risk catagories
usage
Committee of Sponsoring Organizations
corporate security officer
17. NIST risk management methodology
performance baseline
FMEA
CobiT
SP 800-30
18. Guide assist in the implemenation of information security based on risk managent approach
ISO/IEC 27001
ISO/IEC 27005
security governanace
AS/NZS 4360
19. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
OCTAVE
exposure factor
Control Objectives for Information and related Technology
security program
20. The following tools (Nessus - Qualys - Retina) are ______________ scanners
tactical
performance monitor
penetration
vulnerability
21. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
qualitative
chief information security officer
security program
strategic
22. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
security governanace
administrative
planning horizon
FMEA
23. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
mappers
integrity
single loss expectancy
ISO/IEC 27001
24. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
countermeasure
tactical
administrative
usage
25. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
CobiT
FRAP
COSO
annualized loss expectancy
26. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
CISO
security governanace
single loss expectancy
OCTAVE
27. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
CobiT
chief information security officer
ISO 17799
strategic
28. The likelihood of exploitation and the loss potential
ISO/IEC 27002
risk
vulnerability
data owner
29. Provides a cost/benefit comparision
vulnerability
operational
ISO/IEC 27005
risk analysis
30. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
operational
security governanace
annualized loss expectancy
risk anlysis
31. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
Operationally Critical Threat - Asset - and Vulnerability Evaluation
Committee of Sponsoring Organizations
FMEA
network mapping
32. Made up of ten domains - a mechanism to describe security processes
ISO 17799
firewall
risk catagories
ISO/IEC 27002
33. Expected or predetermined performance level - developed from policy - performance - requirements
performance baseline
confidentiality
vulnerability scanner
network mapping
34. Type of audit that checks that network resources - systems and software are used appropriately
FMEA
Committee of Sponsoring Organizations
exposure
usage
35. Ensures necessary level of secrecy and prevents unauthorized disclosure
threat
ISO/IEC 27004
strategic
confidentiality
36. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
CISO
Committee of Sponsoring Organizations
due care
annualized rate of occurrence
37. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
L0phtCrack
Information Security Management
penetration
COSO
38. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
administrative
SP 800-30
protocol analyzer
vulnerability
39. Tools to ID - develop - and design security requirements for business needs
Control Objectives for Information and related Technology
operational
blueprints
vulnerability
40. Type of audit that checks information classification and change control procedures
BS7799
administrative
network mapping
risk
41. CobiT
mappers
AS/NZS 4360
Control Objectives for Information and related Technology
CISO
42. Number of time the incident might occur annually - (ARO)
corporate security officer
annualized rate of occurrence
network mapping
planning horizon
43. A weakness (software - hardware - procedural - human) that can be exploited
vulnerability
blueprints
risk analysis
Facilitated Risk Analysis Process
44. An open language from mitre.org for determining vulnerabilities and problems on computer systems
CobiT
BS7799
OVAL
exposure
45. Assurance of accurancy and reliability of information and systems
vulnerability scanner
administrative
risk
integrity
46. Guide to illustrate how to protect personal health information
ISO/IEC 27799
availability
ISO/IEC 27001
single loss expectancy
47. COSO
Committee of Sponsoring Organizations
security program
OCTAVE
CobiT
48. Possiblity of damage and the ramifications should it occur
threat
mappers
risk
due care
49. Percentage of an asset's value that would be lost in a single incident - (EF)
CISO
risk catagories
integrity
exposure factor
50. Used to ID failures in a complex systems to understand underlying causes of threats
ISO/IEC 27004
fault tree analysis
security program
vulnerability