SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
ISO/IEC 27002
escalation
CobiT
CISO
2. Type of audit that checks procedures and policies for escalating issues to management
escalation
usage
risk catagories
vulnerability
3. A weakness (software - hardware - procedural - human) that can be exploited
CobiT
risk catagories
vulnerability
protocol analyzer
4. An instance of being exposed to losses from a threat
exposure factor
COSO
exposure
risk analysis
5. De facto standard of best practices for IT service mgmt
Information Technology Infrastructure Library (ITIL)
performance baseline
integrity
Information Security Management
6. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
network mapping
security program
threat
fault tree analysis
7. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
Facilitated Risk Analysis Process
COSO
protocol analyzer
risk anlysis
8. Collection of controls an organization must have in place
delayed
No events - Errors only - Errors and warnings - All events
security program
exposure factor
9. Responsible for information classification and protection
blueprints
CobiT
network mapping
data owner
10. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
security program
fault tree analysis
penetration
vulnerability
11. Type of audit that checks that network resources - systems and software are used appropriately
Control Objectives for Information and related Technology
confidentiality
usage
Information risk management
12. Controls that implement access control - password mangement - identification and authentication methods - configuration
exposure
IRM
blueprints
technical
13. IT governance at the operational level
ISO 17799
physical
CobiT
Information Security Management
14. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
john the ripper
vulnerability
ISO/IEC 27005
annualized rate of occurrence
15. Responsible for communicating to senior mgmt organizational risks and compliance regulations
No events - Errors only - Errors and warnings - All events
delayed
CISO
SP 800-30
16. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
IRM
risk
network mapping
fault tree analysis
17. Guide to illustrate how to protect personal health information
due care
risk catagories
ISO/IEC 27799
FRAP
18. Type of audit that checks that accounts - groups and roles are correctly assigned
integrity
ISO/IEC 27001
physical
privilege
19. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
security governanace
administrative
privilege
qualitative
20. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
network mapping
Facilitated Risk Analysis Process
risk
integrity
21. FMEA
ISO 17799
ISO/IEC 27002
Failure Modes and Effect Analysis
OVAL
22. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
physical
vulnerability scanner
confidentiality
security program
23. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
security officer
firewall
Failure Modes and Effect Analysis
risk catagories
24. NIST risk management methodology
IRM
ISO 17799
FRAP
SP 800-30
25. Provides a cost/benefit comparision
Facilitated Risk Analysis Process
planning horizon
risk analysis
firewall
26. CISO
security program
Failure Modes and Effect Analysis
chief information security officer
corporate security officer
27. An open language from mitre.org for determining vulnerabilities and problems on computer systems
SP 800-30
Operationally Critical Threat - Asset - and Vulnerability Evaluation
OVAL
technical
28. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
vulnerability scanner
ISO/IEC 27002
Information risk management
ISO 17799
29. __________ loss has a negative effect after a vulnerability is initially exploited
delayed
security program
Information risk management
chief information security officer
30. Focus on service level agreements between IT dept and internal customers
integrity
ITIL
FMEA
tactical
31. A log that can record outgoing requests - incoming traffic - and internet usage
Information Security Management
risk
technical
firewall
32. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
CobiT
vulnerability scanner
No events - Errors only - Errors and warnings - All events
CISO
33. Expected or predetermined performance level - developed from policy - performance - requirements
due care
performance baseline
corporate security officer
CobiT
34. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
network mapping
ISO 17799
risk catagories
Failure Modes and Effect Analysis
35. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
SP 800-30
Failure Modes and Effect Analysis
FMEA
annualized loss expectancy
36. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
L0phtCrack
security program
BS7799
Information risk management
37. ISM Standard
annualized loss expectancy
penetration
single loss expectancy
Information Security Management
38. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
L0phtCrack
CobiT
risk anlysis
corporate security officer
39. The tools - personnel and business processes necessary to ensure that security meets needs
CISO
exposure
performance baseline
security governanace
40. Percentage of an asset's value that would be lost in a single incident - (EF)
vulnerability
firewall
annualized loss expectancy
exposure factor
41. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
confidentiality
vulnerability
port scanner
chief information security officer
42. The following tools (Nessus - Qualys - Retina) are ______________ scanners
blueprints
vulnerability
confidentiality
network mapping
43. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
technical
COSO
FRAP
performance monitor
44. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
risk anlysis
ITIL
L0phtCrack
FMEA
45. CSO
FMEA
OVAL
corporate security officer
BS7799
46. Tools to ID - develop - and design security requirements for business needs
due care
IRM
CISO
blueprints
47. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
Information Technology Infrastructure Library (ITIL)
Control Objectives for Information and related Technology
CobiT
usage
48. Event levels available for logging in a MS DNS server
exposure
risk mitigation
No events - Errors only - Errors and warnings - All events
ISO 17799
49. Midterm goals
tactical
administrative
Control Objectives for Information and related Technology
threat
50. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
CISO
strategic
confidentiality
security officer