Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
ISO/IEC 27799
countermeasure
BS7799
vulnerability scanner

2. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
confidentiality
security program
administrative
COSO

3. Used to ID failures in a complex systems to understand underlying causes of threats
integrity
fault tree analysis
security officer
security program

4. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
blueprints
ISO/IEC 27799
BS7799
performance baseline

5. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
risk catagories
L0phtCrack
ISO/IEC 27005
vulnerability

6. Ensures reliable timely access to data/resources to authorized individuals
availability
corporate security officer
confidentiality
port scanner

7. Midterm goals
escalation
technical
tactical
CISO

8. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
ISO/IEC 27001
firewall
escalation
Failure Modes and Effect Analysis

9. Event levels available for logging in a MS DNS server
vulnerability
No events - Errors only - Errors and warnings - All events
qualitative
AS/NZS 4360

10. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
network mapping
CobiT
privilege
john the ripper

11. COSO
Committee of Sponsoring Organizations
risk anlysis
elcomsoft
tactical

12. Mitigates a potential risk
ISO/IEC 27004
qualitative
security governanace
countermeasure

13. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
exposure factor
security governanace
blueprints
qualitative

14. The following tools (Nessus - Qualys - Retina) are ______________ scanners
confidentiality
ISO/IEC 27799
security program
vulnerability

15. CobiT
blueprints
data owner
security officer
Control Objectives for Information and related Technology

16. Percentage of an asset's value that would be lost in a single incident - (EF)
corporate security officer
exposure factor
AS/NZS 4360
mappers

17. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
CISO
COSO
administrative
Information risk management

18. FRAP
ITIL
corporate security officer
annualized loss expectancy
Facilitated Risk Analysis Process

19. Number of time the incident might occur annually - (ARO)
blueprints
vulnerability
escalation
annualized rate of occurrence

20. IT governance at the operational level
performance baseline
CobiT
L0phtCrack
performance monitor

21. Type of audit that checks procedures and policies for escalating issues to management
vulnerability
confidentiality
No events - Errors only - Errors and warnings - All events
escalation

22. Type of audit that checks information classification and change control procedures
vulnerability
port scanner
planning horizon
administrative

23. Focus on service level agreements between IT dept and internal customers
chief information security officer
ITIL
mappers
FMEA

24. Responsible for communicating to senior mgmt organizational risks and compliance regulations
COSO
CISO
operational
risk analysis

25. Type of audit that checks that network resources - systems and software are used appropriately
usage
FMEA
qualitative
security governanace

26. An open language from mitre.org for determining vulnerabilities and problems on computer systems
qualitative
corporate security officer
OVAL
security officer

27. OCTAVE
CISO
data owner
operational
Operationally Critical Threat - Asset - and Vulnerability Evaluation

28. Risk mgmt method with much broader focus than IT security
AS/NZS 4360
strategic
data owner
operational

29. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
vulnerability
CobiT
Committee of Sponsoring Organizations
operational

30. Daily goals focused on productivity and task-oriented activities
operational
ITIL
exposure factor
CISO

31. The tools - personnel and business processes necessary to ensure that security meets needs
security governanace
protocol analyzer
FMEA
CobiT

32. De facto standard of best practices for IT service mgmt
COSO
Information Technology Infrastructure Library (ITIL)
FMEA
exposure factor

33. Potential danger to information or systems
single loss expectancy
threat
risk anlysis
risk mitigation

34. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
due care
COSO
penetration
risk analysis

35. The asset's value multiplied by the EF percentage - (SLE)
single loss expectancy
performance baseline
vulnerability scanner
risk mitigation

36. CISO
availability
chief information security officer
CobiT
due care

37. Type of audit that checks that accounts - groups and roles are correctly assigned
privilege
security governanace
OVAL
countermeasure

38. __________ loss has a negative effect after a vulnerability is initially exploited
exposure
delayed
network mapping
security program

39. Strategic - tactical and operational planning
elcomsoft
corporate security officer
administrative
planning horizon

40. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
annualized rate of occurrence
network mapping
ISO 17799
L0phtCrack

41. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
administrative
due care
Facilitated Risk Analysis Process
operational

42. CSO
CobiT
L0phtCrack
COSO
corporate security officer

43. Made up of ten domains - a mechanism to describe security processes
physical
ISO 17799
strategic
COSO

44. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
integrity
COSO
strategic
Committee of Sponsoring Organizations

45. A log that can record outgoing requests - incoming traffic - and internet usage
firewall
annualized rate of occurrence
CISO
performance monitor

46. Tools to ID - develop - and design security requirements for business needs
ISO 17799
L0phtCrack
blueprints
privilege

47. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
L0phtCrack
qualitative
FRAP
data owner

48. Assurance of accurancy and reliability of information and systems
security officer
integrity
due care
vulnerability

49. FMEA
CobiT
Failure Modes and Effect Analysis
countermeasure
usage

50. Responsible for information classification and protection
ISO/IEC 27799
availability
data owner
threat