Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. __________ loss has a negative effect after a vulnerability is initially exploited






2. The likelihood of exploitation and the loss potential






3. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk






4. IT governance at the operational level






5. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard






6. Type of audit that checks procedures and policies for escalating issues to management






7. De facto standard of best practices for IT service mgmt






8. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment






9. FMEA






10. An instance of being exposed to losses from a threat






11. OCTAVE






12. Ensures managment security directives are fulfilled






13. The tools - personnel and business processes necessary to ensure that security meets needs






14. Ensures necessary level of secrecy and prevents unauthorized disclosure






15. Type of audit that checks that accounts - groups and roles are correctly assigned






16. NIST risk management methodology






17. Provides a cost/benefit comparision






18. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards






19. Percentage of an asset's value that would be lost in a single incident - (EF)






20. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation






21. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product






22. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)






23. Type of audit that checks information classification and change control procedures






24. Corporate governance at the strategic level






25. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks






26. Used to predict changes based on trends - detect deviations - and watch events across multiple system components






27. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics






28. Event levels available for logging in a MS DNS server






29. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost






30. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs






31. SLE x ARO - (ALE)






32. Used to ID failures in a complex systems to understand underlying causes of threats






33. Midterm goals






34. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company






35. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting






36. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)






37. A weakness (software - hardware - procedural - human) that can be exploited






38. Assurance of accurancy and reliability of information and systems






39. Made up of ten domains - a mechanism to describe security processes






40. Mitigates a potential risk






41. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external






42. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files






43. The following tools (Nessus - Qualys - Retina) are ______________ scanners






44. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error






45. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks






46. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate






47. IRM






48. CSO






49. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis






50. Guide to illustrate how to protect personal health information