Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
CobiT
tactical
IRM
risk mitigation

2. COSO
FRAP
Control Objectives for Information and related Technology
vulnerability
Committee of Sponsoring Organizations

3. Controls that implement access control - password mangement - identification and authentication methods - configuration
security governanace
technical
CobiT
OVAL

4. The tools - personnel and business processes necessary to ensure that security meets needs
administrative
security governanace
network mapping
vulnerability scanner

5. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
performance monitor
administrative
tactical
CobiT

6. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
qualitative
CISO
FMEA
ITIL

7. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
performance monitor
Control Objectives for Information and related Technology
COSO
elcomsoft

8. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
vulnerability scanner
CobiT
COSO
ISO/IEC 27002

9. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
ISO 17799
firewall
escalation
ISO/IEC 27002

10. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
FMEA
penetration
vulnerability
security program

11. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
security program
availability
COSO
network mapping

12. IRM
OVAL
annualized loss expectancy
tactical
Information risk management

13. OCTAVE
FMEA
mappers
CobiT
Operationally Critical Threat - Asset - and Vulnerability Evaluation

14. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
COSO
exposure factor
planning horizon
due care

15. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
COSO
fault tree analysis
ISO 17799
single loss expectancy

16. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
integrity
administrative
operational
mappers

17. Focus on service level agreements between IT dept and internal customers
SP 800-30
ITIL
blueprints
protocol analyzer

18. Type of audit that checks procedures and policies for escalating issues to management
ISO/IEC 27799
CobiT
escalation
ISO 17799

19. FRAP
ISO/IEC 27004
ISO/IEC 27001
Facilitated Risk Analysis Process
chief information security officer

20. Guide assist in the implemenation of information security based on risk managent approach
Failure Modes and Effect Analysis
ISO/IEC 27002
ISO/IEC 27005
OVAL

21. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
FMEA
CobiT
exposure
due care

22. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
elcomsoft
strategic
operational
FMEA

23. Provides a cost/benefit comparision
risk analysis
mappers
port scanner
operational

24. An instance of being exposed to losses from a threat
tactical
data owner
exposure
mappers

25. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
penetration
physical
Control Objectives for Information and related Technology
CobiT

26. NIST risk management methodology
SP 800-30
CISO
security officer
BS7799

27. CSO
security program
penetration
corporate security officer
Control Objectives for Information and related Technology

28. De facto standard of best practices for IT service mgmt
countermeasure
technical
Information Technology Infrastructure Library (ITIL)
planning horizon

29. Mitigates a potential risk
port scanner
countermeasure
usage
administrative

30. A weakness (software - hardware - procedural - human) that can be exploited
escalation
Information risk management
vulnerability
ISO 17799

31. Ensures reliable timely access to data/resources to authorized individuals
IRM
ISO 17799
availability
CobiT

32. CISO
john the ripper
security officer
strategic
chief information security officer

33. The likelihood of exploitation and the loss potential
annualized loss expectancy
operational
administrative
risk

34. Type of audit that checks that network resources - systems and software are used appropriately
No events - Errors only - Errors and warnings - All events
CISO
Operationally Critical Threat - Asset - and Vulnerability Evaluation
usage

35. Corporate governance at the strategic level
COSO
security officer
OVAL
risk anlysis

36. Strategic - tactical and operational planning
FMEA
performance baseline
exposure factor
planning horizon

37. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
ISO/IEC 27004
OVAL
protocol analyzer
Control Objectives for Information and related Technology

38. Percentage of an asset's value that would be lost in a single incident - (EF)
exposure factor
network mapping
network mapping
delayed

39. An open language from mitre.org for determining vulnerabilities and problems on computer systems
No events - Errors only - Errors and warnings - All events
OVAL
single loss expectancy
FMEA

40. Information security managment measurements
CISO
ISO/IEC 27004
mappers
port scanner

41. CobiT
Control Objectives for Information and related Technology
single loss expectancy
availability
FRAP

42. Possiblity of damage and the ramifications should it occur
risk
risk catagories
Facilitated Risk Analysis Process
COSO

43. Potential danger to information or systems
ISO/IEC 27002
threat
escalation
physical

44. Tools to ID - develop - and design security requirements for business needs
COSO
penetration
risk anlysis
blueprints

45. SLE x ARO - (ALE)
risk
annualized loss expectancy
Information Security Management
COSO

46. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
risk
CISO
SP 800-30
risk catagories

47. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
exposure factor
FMEA
risk anlysis
COSO

48. Type of audit that checks that accounts - groups and roles are correctly assigned
L0phtCrack
performance baseline
privilege
FMEA

49. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
risk
FRAP
ISO/IEC 27799
COSO

50. The following tools (Nessus - Qualys - Retina) are ______________ scanners
physical
administrative
risk mitigation
vulnerability