SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An open language from mitre.org for determining vulnerabilities and problems on computer systems
ISO/IEC 27002
tactical
OVAL
Control Objectives for Information and related Technology
2. An instance of being exposed to losses from a threat
vulnerability
exposure factor
ISO/IEC 27799
exposure
3. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
usage
BS7799
penetration
COSO
4. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
security program
COSO
FMEA
CobiT
5. Assurance of accurancy and reliability of information and systems
mappers
privilege
ITIL
integrity
6. NIST risk management methodology
risk anlysis
SP 800-30
COSO
mappers
7. CISO
chief information security officer
CISO
delayed
ISO/IEC 27799
8. Daily goals focused on productivity and task-oriented activities
Information Security Management
ITIL
OVAL
operational
9. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
Committee of Sponsoring Organizations
security officer
port scanner
risk analysis
10. CobiT
firewall
mappers
COSO
Control Objectives for Information and related Technology
11. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
security program
threat
vulnerability
OCTAVE
12. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
protocol analyzer
ISO 17799
COSO
network mapping
13. A weakness (software - hardware - procedural - human) that can be exploited
vulnerability
Failure Modes and Effect Analysis
performance baseline
firewall
14. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
administrative
CISO
FRAP
port scanner
15. ISM Standard
Information Security Management
due care
administrative
FMEA
16. Guide to illustrate how to protect personal health information
annualized loss expectancy
threat
delayed
ISO/IEC 27799
17. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond
strategic
risk catagories
Failure Modes and Effect Analysis
COSO
18. IT governance at the operational level
CobiT
privilege
risk
risk mitigation
19. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
administrative
vulnerability scanner
security program
john the ripper
20. De facto standard of best practices for IT service mgmt
ISO/IEC 27004
ISO 17799
Information Technology Infrastructure Library (ITIL)
risk catagories
21. Risk mgmt method with much broader focus than IT security
blueprints
AS/NZS 4360
escalation
ISO 17799
22. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
CobiT
delayed
vulnerability scanner
ISO/IEC 27005
23. FMEA
FMEA
security officer
Information Technology Infrastructure Library (ITIL)
Failure Modes and Effect Analysis
24. Controls that implement access control - password mangement - identification and authentication methods - configuration
technical
security governanace
Operationally Critical Threat - Asset - and Vulnerability Evaluation
firewall
25. SLE x ARO - (ALE)
qualitative
annualized loss expectancy
exposure
L0phtCrack
26. Type of audit that checks that accounts - groups and roles are correctly assigned
privilege
john the ripper
Information risk management
OCTAVE
27. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
vulnerability scanner
Information Technology Infrastructure Library (ITIL)
port scanner
FMEA
28. Guide assist in the implemenation of information security based on risk managent approach
Information Technology Infrastructure Library (ITIL)
ISO/IEC 27005
Committee of Sponsoring Organizations
Operationally Critical Threat - Asset - and Vulnerability Evaluation
29. Type of audit that checks procedures and policies for escalating issues to management
port scanner
escalation
Operationally Critical Threat - Asset - and Vulnerability Evaluation
BS7799
30. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
vulnerability
protocol analyzer
risk mitigation
Facilitated Risk Analysis Process
31. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
planning horizon
annualized rate of occurrence
CISO
L0phtCrack
32. The tools - personnel and business processes necessary to ensure that security meets needs
vulnerability
CobiT
administrative
security governanace
33. Made up of ten domains - a mechanism to describe security processes
ISO 17799
privilege
john the ripper
BS7799
34. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
risk catagories
mappers
FMEA
qualitative
35. __________ loss has a negative effect after a vulnerability is initially exploited
availability
network mapping
integrity
delayed
36. Type of audit that checks information classification and change control procedures
annualized rate of occurrence
chief information security officer
administrative
privilege
37. FRAP
Facilitated Risk Analysis Process
Operationally Critical Threat - Asset - and Vulnerability Evaluation
ISO/IEC 27799
mappers
38. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
Control Objectives for Information and related Technology
FMEA
security program
confidentiality
39. Potential danger to information or systems
risk
performance monitor
risk analysis
threat
40. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
security program
ISO/IEC 27002
COSO
firewall
41. The likelihood of exploitation and the loss potential
chief information security officer
Information Security Management
availability
risk
42. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
vulnerability
confidentiality
IRM
integrity
43. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
OCTAVE
risk analysis
threat
Operationally Critical Threat - Asset - and Vulnerability Evaluation
44. Ensures necessary level of secrecy and prevents unauthorized disclosure
mappers
confidentiality
risk
network mapping
45. Responsible for information classification and protection
OVAL
data owner
Failure Modes and Effect Analysis
security program
46. Event levels available for logging in a MS DNS server
administrative
ISO/IEC 27005
No events - Errors only - Errors and warnings - All events
vulnerability
47. IRM
strategic
vulnerability
Information risk management
firewall
48. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
protocol analyzer
network mapping
single loss expectancy
delayed
49. CSO
FMEA
security officer
corporate security officer
ISO 17799
50. Used to ID failures in a complex systems to understand underlying causes of threats
corporate security officer
fault tree analysis
vulnerability
port scanner