Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Controls that implement access control - password mangement - identification and authentication methods - configuration
No events - Errors only - Errors and warnings - All events
FMEA
technical
administrative

2. Midterm goals
security program
escalation
CISO
tactical

3. Possiblity of damage and the ramifications should it occur
network mapping
risk mitigation
risk
COSO

4. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
CobiT
security program
COSO
operational

5. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
elcomsoft
FMEA
vulnerability
port scanner

6. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
single loss expectancy
AS/NZS 4360
delayed
ISO/IEC 27002

7. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
mappers
FRAP
ISO/IEC 27005
Operationally Critical Threat - Asset - and Vulnerability Evaluation

8. Made up of ten domains - a mechanism to describe security processes
ISO/IEC 27004
CobiT
ISO 17799
escalation

9. Assurance of accurancy and reliability of information and systems
integrity
OCTAVE
ISO 17799
network mapping

10. Information security managment measurements
ISO 17799
ISO/IEC 27004
availability
administrative

11. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
CobiT
Operationally Critical Threat - Asset - and Vulnerability Evaluation
AS/NZS 4360
IRM

12. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
network mapping
security program
Failure Modes and Effect Analysis
blueprints

13. NIST risk management methodology
ISO 17799
countermeasure
SP 800-30
mappers

14. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
protocol analyzer
blueprints
FMEA
network mapping

15. Used to ID failures in a complex systems to understand underlying causes of threats
CobiT
administrative
strategic
fault tree analysis

16. Ensures necessary level of secrecy and prevents unauthorized disclosure
risk analysis
confidentiality
IRM
integrity

17. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
Information Security Management
administrative
firewall
ISO/IEC 27799

18. Percentage of an asset's value that would be lost in a single incident - (EF)
physical
exposure factor
countermeasure
risk analysis

19. Tools to ID - develop - and design security requirements for business needs
exposure
performance baseline
blueprints
security governanace

20. Corporate governance at the strategic level
COSO
CobiT
corporate security officer
exposure

21. Strategic - tactical and operational planning
planning horizon
FRAP
annualized loss expectancy
COSO

22. The asset's value multiplied by the EF percentage - (SLE)
single loss expectancy
annualized loss expectancy
COSO
blueprints

23. ISM Standard
SP 800-30
Information Security Management
elcomsoft
annualized loss expectancy

24. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
ISO/IEC 27799
CISO
delayed
qualitative

25. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
Facilitated Risk Analysis Process
security program
FMEA
CISO

26. Responsible for information classification and protection
data owner
delayed
network mapping
Information Technology Infrastructure Library (ITIL)

27. Potential danger to information or systems
Information Security Management
threat
countermeasure
risk analysis

28. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
No events - Errors only - Errors and warnings - All events
vulnerability
mappers
OCTAVE

29. The following tools (Nessus - Qualys - Retina) are ______________ scanners
security governanace
countermeasure
vulnerability
escalation

30. Provides a cost/benefit comparision
vulnerability
data owner
port scanner
risk analysis

31. Risk mgmt method with much broader focus than IT security
risk mitigation
ITIL
AS/NZS 4360
SP 800-30

32. COSO
FMEA
tactical
Committee of Sponsoring Organizations
annualized loss expectancy

33. __________ loss has a negative effect after a vulnerability is initially exploited
performance baseline
ISO 17799
delayed
COSO

34. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
BS7799
SP 800-30
ISO 17799
technical

35. Event levels available for logging in a MS DNS server
No events - Errors only - Errors and warnings - All events
delayed
Information Security Management
data owner

36. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
ISO/IEC 27001
CobiT
exposure factor
confidentiality

37. Guide assist in the implemenation of information security based on risk managent approach
ISO/IEC 27005
security program
risk analysis
risk analysis

38. An instance of being exposed to losses from a threat
ITIL
countermeasure
exposure
administrative

39. Collection of controls an organization must have in place
security program
operational
OVAL
annualized loss expectancy

40. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
vulnerability scanner
Facilitated Risk Analysis Process
strategic
COSO

41. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
risk analysis
john the ripper
BS7799
CISO

42. Type of audit that checks procedures and policies for escalating issues to management
escalation
CobiT
confidentiality
availability

43. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
john the ripper
penetration
technical
risk anlysis

44. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
threat
FMEA
penetration
technical

45. FMEA
Failure Modes and Effect Analysis
vulnerability
fault tree analysis
annualized loss expectancy

46. IT governance at the operational level
ISO 17799
L0phtCrack
FMEA
CobiT

47. Daily goals focused on productivity and task-oriented activities
data owner
annualized rate of occurrence
exposure
operational

48. IRM
administrative
security officer
Information Security Management
Information risk management

49. A weakness (software - hardware - procedural - human) that can be exploited
risk analysis
administrative
john the ripper
vulnerability

50. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
physical
SP 800-30
ISO/IEC 27001
security program