Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Strategic - tactical and operational planning






2. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)






3. Percentage of an asset's value that would be lost in a single incident - (EF)






4. IRM






5. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.






6. Information security managment measurements






7. The asset's value multiplied by the EF percentage - (SLE)






8. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks






9. Midterm goals






10. CISO






11. A log that can record outgoing requests - incoming traffic - and internet usage






12. Mitigates a potential risk






13. De facto standard of best practices for IT service mgmt






14. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion






15. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment






16. Made up of ten domains - a mechanism to describe security processes






17. A weakness (software - hardware - procedural - human) that can be exploited






18. The following tools (Nessus - Qualys - Retina) are ______________ scanners






19. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________






20. Potential danger to information or systems






21. An open language from mitre.org for determining vulnerabilities and problems on computer systems






22. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis






23. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)






24. Guide assist in the implemenation of information security based on risk managent approach






25. Type of audit that checks that network resources - systems and software are used appropriately






26. Guide to illustrate how to protect personal health information






27. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering






28. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product






29. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)






30. Number of time the incident might occur annually - (ARO)






31. Responsible for communicating to senior mgmt organizational risks and compliance regulations






32. IT governance at the operational level






33. FMEA






34. The tools - personnel and business processes necessary to ensure that security meets needs






35. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost






36. __________ loss has a negative effect after a vulnerability is initially exploited






37. Risk mgmt method with much broader focus than IT security






38. Possiblity of damage and the ramifications should it occur






39. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics






40. CSO






41. OCTAVE






42. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files






43. SLE x ARO - (ALE)






44. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach






45. COSO






46. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external






47. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate






48. Type of audit that checks information classification and change control procedures






49. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental






50. The likelihood of exploitation and the loss potential