Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Possiblity of damage and the ramifications should it occur
security governanace
risk
ISO/IEC 27005
chief information security officer

2. Focus on service level agreements between IT dept and internal customers
OVAL
annualized loss expectancy
ITIL
data owner

3. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
CISO
BS7799
ISO/IEC 27001
ITIL

4. Risk mgmt method with much broader focus than IT security
AS/NZS 4360
performance baseline
Committee of Sponsoring Organizations
vulnerability

5. Midterm goals
data owner
performance monitor
vulnerability scanner
tactical

6. Type of audit that checks that accounts - groups and roles are correctly assigned
administrative
exposure factor
privilege
security program

7. COSO
Committee of Sponsoring Organizations
administrative
single loss expectancy
CISO

8. Type of audit that checks that network resources - systems and software are used appropriately
usage
Information risk management
CobiT
risk

9. Made up of ten domains - a mechanism to describe security processes
OCTAVE
security governanace
exposure factor
ISO 17799

10. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
vulnerability scanner
CobiT
risk catagories
corporate security officer

11. Daily goals focused on productivity and task-oriented activities
operational
risk anlysis
administrative
ISO 17799

12. Ensures reliable timely access to data/resources to authorized individuals
availability
risk
CobiT
CISO

13. Assurance of accurancy and reliability of information and systems
integrity
ISO 17799
risk analysis
risk

14. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
exposure
privilege
physical
CobiT

15. Potential danger to information or systems
threat
usage
risk analysis
security program

16. De facto standard of best practices for IT service mgmt
Information Technology Infrastructure Library (ITIL)
administrative
Committee of Sponsoring Organizations
mappers

17. Mitigates a potential risk
countermeasure
data owner
risk analysis
security governanace

18. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
IRM
network mapping
ISO/IEC 27799
exposure factor

19. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
ISO/IEC 27002
network mapping
exposure
Information Security Management

20. Event levels available for logging in a MS DNS server
Information Technology Infrastructure Library (ITIL)
availability
vulnerability
No events - Errors only - Errors and warnings - All events

21. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
risk analysis
elcomsoft
CobiT
vulnerability scanner

22. Type of audit that checks information classification and change control procedures
Committee of Sponsoring Organizations
privilege
administrative
Control Objectives for Information and related Technology

23. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
L0phtCrack
No events - Errors only - Errors and warnings - All events
security program
planning horizon

24. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
single loss expectancy
tactical
due care
L0phtCrack

25. Strategic - tactical and operational planning
vulnerability
risk
planning horizon
Facilitated Risk Analysis Process

26. Number of time the incident might occur annually - (ARO)
risk analysis
blueprints
annualized rate of occurrence
penetration

27. Information security managment measurements
No events - Errors only - Errors and warnings - All events
ISO/IEC 27004
security officer
CobiT

28. Derived from the COSO framework
security program
CobiT
chief information security officer
protocol analyzer

29. Ensures necessary level of secrecy and prevents unauthorized disclosure
confidentiality
risk
Committee of Sponsoring Organizations
CISO

30. An instance of being exposed to losses from a threat
annualized loss expectancy
CISO
exposure
privilege

31. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
security program
technical
corporate security officer
FMEA

32. SLE x ARO - (ALE)
single loss expectancy
annualized loss expectancy
exposure factor
operational

33. Type of audit that checks procedures and policies for escalating issues to management
escalation
risk anlysis
Information Security Management
FMEA

34. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond
corporate security officer
network mapping
COSO
BS7799

35. FMEA
Failure Modes and Effect Analysis
IRM
threat
ISO/IEC 27799

36. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
network mapping
FRAP
CobiT
chief information security officer

37. The asset's value multiplied by the EF percentage - (SLE)
availability
CISO
exposure factor
single loss expectancy

38. Corporate governance at the strategic level
availability
data owner
CobiT
COSO

39. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
delayed
network mapping
due care
FMEA

40. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
COSO
elcomsoft
performance baseline
OCTAVE

41. Expected or predetermined performance level - developed from policy - performance - requirements
AS/NZS 4360
performance baseline
blueprints
SP 800-30

42. The following tools (Nessus - Qualys - Retina) are ______________ scanners
ISO/IEC 27005
vulnerability
firewall
technical

43. Responsible for information classification and protection
IRM
data owner
threat
risk

44. NIST risk management methodology
SP 800-30
ISO 17799
ISO/IEC 27004
due care

45. The tools - personnel and business processes necessary to ensure that security meets needs
vulnerability
Information Security Management
security governanace
due care

46. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
OVAL
risk mitigation
FMEA
elcomsoft

47. __________ loss has a negative effect after a vulnerability is initially exploited
firewall
delayed
performance monitor
port scanner

48. CISO
vulnerability scanner
chief information security officer
security officer
risk mitigation

49. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
single loss expectancy
ISO/IEC 27002
No events - Errors only - Errors and warnings - All events
elcomsoft

50. IRM
Information risk management
ISO/IEC 27002
security program
usage