SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Event levels available for logging in a MS DNS server
No events - Errors only - Errors and warnings - All events
FRAP
risk
OCTAVE
2. Focus on service level agreements between IT dept and internal customers
ITIL
risk anlysis
network mapping
FRAP
3. An instance of being exposed to losses from a threat
port scanner
annualized rate of occurrence
exposure
Control Objectives for Information and related Technology
4. The following tools (Nessus - Qualys - Retina) are ______________ scanners
single loss expectancy
COSO
ISO 17799
vulnerability
5. Collection of controls an organization must have in place
OCTAVE
blueprints
security program
OVAL
6. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
performance baseline
escalation
network mapping
AS/NZS 4360
7. The likelihood of exploitation and the loss potential
Operationally Critical Threat - Asset - and Vulnerability Evaluation
BS7799
protocol analyzer
risk
8. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
technical
usage
vulnerability
ISO/IEC 27002
9. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
performance baseline
Committee of Sponsoring Organizations
annualized rate of occurrence
vulnerability
10. CobiT
Control Objectives for Information and related Technology
annualized loss expectancy
qualitative
FMEA
11. Potential danger to information or systems
corporate security officer
threat
CISO
security program
12. Type of audit that checks information classification and change control procedures
COSO
tactical
ISO/IEC 27799
administrative
13. COSO
confidentiality
port scanner
Committee of Sponsoring Organizations
penetration
14. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
security program
due care
port scanner
OVAL
15. Strategic - tactical and operational planning
blueprints
annualized rate of occurrence
planning horizon
escalation
16. Ensures necessary level of secrecy and prevents unauthorized disclosure
confidentiality
Information Security Management
blueprints
OCTAVE
17. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
ISO 17799
risk
CobiT
risk analysis
18. OCTAVE
Operationally Critical Threat - Asset - and Vulnerability Evaluation
OVAL
CISO
Information risk management
19. The tools - personnel and business processes necessary to ensure that security meets needs
CobiT
CobiT
security governanace
mappers
20. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
usage
CobiT
exposure factor
john the ripper
21. An open language from mitre.org for determining vulnerabilities and problems on computer systems
qualitative
single loss expectancy
data owner
OVAL
22. CISO
port scanner
usage
risk catagories
chief information security officer
23. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
OVAL
ISO/IEC 27005
risk
ISO 17799
24. Corporate governance at the strategic level
Information Technology Infrastructure Library (ITIL)
COSO
OCTAVE
administrative
25. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
SP 800-30
IRM
ISO/IEC 27004
exposure
26. Percentage of an asset's value that would be lost in a single incident - (EF)
protocol analyzer
exposure factor
Control Objectives for Information and related Technology
BS7799
27. FMEA
risk
Failure Modes and Effect Analysis
physical
operational
28. Derived from the COSO framework
No events - Errors only - Errors and warnings - All events
data owner
CobiT
AS/NZS 4360
29. Type of audit that checks procedures and policies for escalating issues to management
integrity
escalation
Facilitated Risk Analysis Process
CISO
30. Guide assist in the implemenation of information security based on risk managent approach
SP 800-30
ISO/IEC 27005
ISO/IEC 27002
delayed
31. Midterm goals
risk analysis
administrative
tactical
ISO 17799
32. Used to ID failures in a complex systems to understand underlying causes of threats
mappers
fault tree analysis
Facilitated Risk Analysis Process
CobiT
33. A log that can record outgoing requests - incoming traffic - and internet usage
firewall
risk
ISO 17799
physical
34. Daily goals focused on productivity and task-oriented activities
operational
qualitative
ITIL
ISO 17799
35. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
single loss expectancy
COSO
CISO
technical
36. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
strategic
COSO
tactical
L0phtCrack
37. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
COSO
network mapping
FRAP
CobiT
38. __________ loss has a negative effect after a vulnerability is initially exploited
Failure Modes and Effect Analysis
delayed
ISO/IEC 27799
qualitative
39. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
FMEA
Operationally Critical Threat - Asset - and Vulnerability Evaluation
privilege
strategic
40. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
elcomsoft
usage
exposure factor
risk analysis
41. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
risk anlysis
ISO/IEC 27004
COSO
single loss expectancy
42. Guide to illustrate how to protect personal health information
OVAL
ISO/IEC 27799
single loss expectancy
FMEA
43. Responsible for information classification and protection
FMEA
data owner
vulnerability
AS/NZS 4360
44. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
L0phtCrack
performance baseline
Facilitated Risk Analysis Process
exposure
45. Type of audit that checks that network resources - systems and software are used appropriately
ISO/IEC 27001
administrative
usage
strategic
46. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
performance monitor
due care
network mapping
planning horizon
47. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
Committee of Sponsoring Organizations
usage
vulnerability scanner
Control Objectives for Information and related Technology
48. ISM Standard
security officer
ISO 17799
risk mitigation
Information Security Management
49. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
FMEA
vulnerability
penetration
strategic
50. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
administrative
No events - Errors only - Errors and warnings - All events
data owner
ISO/IEC 27005