Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. FRAP
performance baseline
Facilitated Risk Analysis Process
physical
performance monitor

2. Strategic - tactical and operational planning
ITIL
planning horizon
risk
COSO

3. Event levels available for logging in a MS DNS server
network mapping
Control Objectives for Information and related Technology
delayed
No events - Errors only - Errors and warnings - All events

4. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
network mapping
planning horizon
security officer
FMEA

5. SLE x ARO - (ALE)
security program
annualized loss expectancy
due care
threat

6. Responsible for information classification and protection
OVAL
CISO
vulnerability
data owner

7. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
ITIL
performance monitor
ISO/IEC 27005
CISO

8. The following tools (Nessus - Qualys - Retina) are ______________ scanners
vulnerability
OCTAVE
performance baseline
OVAL

9. Tools to ID - develop - and design security requirements for business needs
blueprints
security program
single loss expectancy
ISO 17799

10. IRM
Failure Modes and Effect Analysis
qualitative
security governanace
Information risk management

11. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
performance baseline
vulnerability scanner
security governanace
CobiT

12. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
elcomsoft
risk analysis
risk anlysis
administrative

13. CSO
OCTAVE
annualized rate of occurrence
ISO/IEC 27005
corporate security officer

14. A weakness (software - hardware - procedural - human) that can be exploited
vulnerability
penetration
CobiT
L0phtCrack

15. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
administrative
performance monitor
ISO 17799
IRM

16. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
Failure Modes and Effect Analysis
vulnerability
risk catagories
integrity

17. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
BS7799
OCTAVE
operational
risk catagories

18. Information security managment measurements
ISO/IEC 27004
integrity
administrative
data owner

19. Derived from the COSO framework
ISO/IEC 27001
Information Security Management
vulnerability
CobiT

20. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
operational
qualitative
risk analysis
due care

21. Type of audit that checks information classification and change control procedures
confidentiality
BS7799
availability
administrative

22. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
administrative
exposure
security program
FRAP

23. Type of audit that checks that accounts - groups and roles are correctly assigned
OCTAVE
chief information security officer
risk
privilege

24. The asset's value multiplied by the EF percentage - (SLE)
single loss expectancy
security program
OVAL
exposure

25. A log that can record outgoing requests - incoming traffic - and internet usage
OCTAVE
tactical
IRM
firewall

26. An open language from mitre.org for determining vulnerabilities and problems on computer systems
OVAL
countermeasure
tactical
CobiT

27. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
physical
AS/NZS 4360
strategic
risk anlysis

28. Expected or predetermined performance level - developed from policy - performance - requirements
risk catagories
performance baseline
COSO
firewall

29. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
performance monitor
port scanner
mappers
ISO/IEC 27002

30. Type of audit that checks that network resources - systems and software are used appropriately
COSO
FRAP
risk mitigation
usage

31. Provides a cost/benefit comparision
risk analysis
availability
CobiT
firewall

32. Number of time the incident might occur annually - (ARO)
tactical
SP 800-30
annualized rate of occurrence
john the ripper

33. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
ISO/IEC 27002
Information risk management
FRAP
OCTAVE

34. Potential danger to information or systems
threat
COSO
fault tree analysis
ISO/IEC 27005

35. NIST risk management methodology
BS7799
physical
SP 800-30
network mapping

36. Ensures necessary level of secrecy and prevents unauthorized disclosure
data owner
ISO/IEC 27005
confidentiality
network mapping

37. Guide assist in the implemenation of information security based on risk managent approach
performance baseline
COSO
ISO/IEC 27005
CobiT

38. CISO
risk analysis
planning horizon
threat
chief information security officer

39. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
risk
Information Security Management
L0phtCrack
FMEA

40. Midterm goals
tactical
mappers
Information risk management
administrative

41. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
usage
integrity
ISO/IEC 27004
port scanner

42. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
COSO
Committee of Sponsoring Organizations
performance monitor
john the ripper

43. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
vulnerability scanner
network mapping
security program
risk catagories

44. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
penetration
CobiT
Information Technology Infrastructure Library (ITIL)
ITIL

45. Controls that implement access control - password mangement - identification and authentication methods - configuration
countermeasure
CISO
technical
BS7799

46. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
ISO 17799
Committee of Sponsoring Organizations
security program
tactical

47. Daily goals focused on productivity and task-oriented activities
security officer
confidentiality
chief information security officer
operational

48. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
ISO/IEC 27001
ISO 17799
tactical
due care

49. Corporate governance at the strategic level
COSO
threat
FMEA
FRAP

50. Used to ID failures in a complex systems to understand underlying causes of threats
Facilitated Risk Analysis Process
network mapping
risk analysis
fault tree analysis