Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. CobiT






2. Controls that implement access control - password mangement - identification and authentication methods - configuration






3. Assurance of accurancy and reliability of information and systems






4. SLE x ARO - (ALE)






5. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering






6. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers






7. Collection of controls an organization must have in place






8. The likelihood of exploitation and the loss potential






9. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs






10. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond






11. Midterm goals






12. An open language from mitre.org for determining vulnerabilities and problems on computer systems






13. Daily goals focused on productivity and task-oriented activities






14. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting






15. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk






16. De facto standard of best practices for IT service mgmt






17. Information security managment measurements






18. The following tools (Nessus - Qualys - Retina) are ______________ scanners






19. The tools - personnel and business processes necessary to ensure that security meets needs






20. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks






21. Ensures necessary level of secrecy and prevents unauthorized disclosure






22. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental






23. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)






24. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate






25. Focus on service level agreements between IT dept and internal customers






26. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate






27. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)






28. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost






29. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment






30. Responsible for communicating to senior mgmt organizational risks and compliance regulations






31. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks






32. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)






33. Possiblity of damage and the ramifications should it occur






34. Type of audit that checks that network resources - systems and software are used appropriately






35. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external






36. Provides a cost/benefit comparision






37. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)






38. A weakness (software - hardware - procedural - human) that can be exploited






39. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard






40. Potential danger to information or systems






41. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach






42. CSO






43. FMEA






44. Expected or predetermined performance level - developed from policy - performance - requirements






45. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation






46. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)






47. __________ loss has a negative effect after a vulnerability is initially exploited






48. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control






49. FRAP






50. Type of audit that checks information classification and change control procedures