SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
fault tree analysis
penetration
SP 800-30
risk analysis
2. OCTAVE
Operationally Critical Threat - Asset - and Vulnerability Evaluation
fault tree analysis
confidentiality
countermeasure
3. De facto standard of best practices for IT service mgmt
ISO/IEC 27799
penetration
Information Technology Infrastructure Library (ITIL)
ISO 17799
4. CISO
CobiT
chief information security officer
OCTAVE
delayed
5. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
network mapping
FMEA
OCTAVE
ISO/IEC 27001
6. An open language from mitre.org for determining vulnerabilities and problems on computer systems
OVAL
BS7799
ISO/IEC 27002
IRM
7. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
CISO
due care
corporate security officer
confidentiality
8. Number of time the incident might occur annually - (ARO)
annualized rate of occurrence
ISO/IEC 27799
OCTAVE
CISO
9. IT governance at the operational level
risk anlysis
L0phtCrack
due care
CobiT
10. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
due care
Information Technology Infrastructure Library (ITIL)
network mapping
usage
11. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
risk anlysis
Information Technology Infrastructure Library (ITIL)
qualitative
vulnerability
12. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
IRM
privilege
ISO 17799
COSO
13. CSO
integrity
COSO
ISO 17799
corporate security officer
14. The tools - personnel and business processes necessary to ensure that security meets needs
FMEA
security governanace
firewall
vulnerability
15. Type of audit that checks information classification and change control procedures
CISO
CobiT
technical
administrative
16. Guide assist in the implemenation of information security based on risk managent approach
ISO/IEC 27001
ISO/IEC 27005
administrative
countermeasure
17. Information security managment measurements
CobiT
vulnerability scanner
blueprints
ISO/IEC 27004
18. ISM Standard
Information Security Management
risk mitigation
exposure
security program
19. Corporate governance at the strategic level
COSO
FMEA
BS7799
Information Security Management
20. SLE x ARO - (ALE)
security governanace
annualized loss expectancy
BS7799
port scanner
21. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
Operationally Critical Threat - Asset - and Vulnerability Evaluation
vulnerability scanner
usage
Committee of Sponsoring Organizations
22. Guide to illustrate how to protect personal health information
exposure factor
ISO/IEC 27799
CISO
data owner
23. A log that can record outgoing requests - incoming traffic - and internet usage
exposure factor
ISO/IEC 27004
firewall
risk analysis
24. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
protocol analyzer
Information Security Management
risk catagories
vulnerability
25. Assurance of accurancy and reliability of information and systems
planning horizon
security program
integrity
elcomsoft
26. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
security program
CISO
annualized rate of occurrence
elcomsoft
27. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
Information risk management
john the ripper
chief information security officer
availability
28. Provides a cost/benefit comparision
ISO/IEC 27799
risk analysis
Operationally Critical Threat - Asset - and Vulnerability Evaluation
CobiT
29. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
exposure
strategic
technical
CobiT
30. Midterm goals
CobiT
COSO
ISO/IEC 27005
tactical
31. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
ISO/IEC 27002
ISO 17799
due care
security program
32. CobiT
Control Objectives for Information and related Technology
tactical
ISO/IEC 27005
L0phtCrack
33. The asset's value multiplied by the EF percentage - (SLE)
single loss expectancy
operational
firewall
Operationally Critical Threat - Asset - and Vulnerability Evaluation
34. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
L0phtCrack
CISO
OVAL
ISO/IEC 27799
35. Collection of controls an organization must have in place
Control Objectives for Information and related Technology
FRAP
security program
performance monitor
36. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond
FRAP
COSO
network mapping
CobiT
37. Tools to ID - develop - and design security requirements for business needs
blueprints
data owner
network mapping
Operationally Critical Threat - Asset - and Vulnerability Evaluation
38. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
planning horizon
vulnerability
administrative
risk analysis
39. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
planning horizon
physical
fault tree analysis
AS/NZS 4360
40. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
network mapping
Information risk management
data owner
BS7799
41. Risk mgmt method with much broader focus than IT security
Facilitated Risk Analysis Process
CobiT
network mapping
AS/NZS 4360
42. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
Operationally Critical Threat - Asset - and Vulnerability Evaluation
FMEA
confidentiality
blueprints
43. Possiblity of damage and the ramifications should it occur
risk
IRM
security officer
CISO
44. Ensures managment security directives are fulfilled
security officer
technical
ISO/IEC 27799
escalation
45. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
CobiT
corporate security officer
elcomsoft
CobiT
46. FRAP
CobiT
COSO
FRAP
Facilitated Risk Analysis Process
47. Type of audit that checks that network resources - systems and software are used appropriately
OCTAVE
blueprints
usage
exposure
48. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
L0phtCrack
performance baseline
CobiT
penetration
49. Mitigates a potential risk
exposure
countermeasure
vulnerability
risk analysis
50. Potential danger to information or systems
security governanace
threat
FRAP
ISO/IEC 27004