SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. IRM
delayed
Information risk management
threat
Operationally Critical Threat - Asset - and Vulnerability Evaluation
2. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
FMEA
IRM
corporate security officer
vulnerability
3. Corporate governance at the strategic level
security program
vulnerability
COSO
CobiT
4. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
network mapping
FMEA
escalation
ITIL
5. CobiT
data owner
Control Objectives for Information and related Technology
strategic
COSO
6. Type of audit that checks that network resources - systems and software are used appropriately
security program
network mapping
usage
AS/NZS 4360
7. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
vulnerability
SP 800-30
FRAP
Information Security Management
8. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
CobiT
Control Objectives for Information and related Technology
ISO/IEC 27002
security program
9. Ensures reliable timely access to data/resources to authorized individuals
COSO
exposure
availability
risk mitigation
10. FRAP
Facilitated Risk Analysis Process
performance baseline
OVAL
risk
11. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
port scanner
ITIL
qualitative
network mapping
12. Provides a cost/benefit comparision
COSO
exposure factor
risk analysis
single loss expectancy
13. Potential danger to information or systems
threat
risk analysis
ISO/IEC 27005
ISO/IEC 27799
14. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
penetration
risk mitigation
CobiT
SP 800-30
15. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
CISO
IRM
annualized rate of occurrence
COSO
16. Ensures necessary level of secrecy and prevents unauthorized disclosure
COSO
vulnerability
confidentiality
operational
17. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
corporate security officer
threat
CobiT
performance monitor
18. Used to ID failures in a complex systems to understand underlying causes of threats
BS7799
risk
fault tree analysis
blueprints
19. An open language from mitre.org for determining vulnerabilities and problems on computer systems
OVAL
security program
blueprints
escalation
20. Strategic - tactical and operational planning
security officer
risk analysis
ISO/IEC 27001
planning horizon
21. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
risk catagories
tactical
IRM
administrative
22. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
risk analysis
penetration
Control Objectives for Information and related Technology
physical
23. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
FRAP
due care
blueprints
escalation
24. COSO
Committee of Sponsoring Organizations
COSO
annualized rate of occurrence
ITIL
25. The tools - personnel and business processes necessary to ensure that security meets needs
confidentiality
security governanace
administrative
OCTAVE
26. Information security managment measurements
network mapping
CobiT
ISO/IEC 27004
Control Objectives for Information and related Technology
27. Percentage of an asset's value that would be lost in a single incident - (EF)
risk catagories
elcomsoft
administrative
exposure factor
28. IT governance at the operational level
annualized loss expectancy
ISO/IEC 27005
CobiT
security program
29. Midterm goals
tactical
ISO/IEC 27001
Control Objectives for Information and related Technology
FMEA
30. Expected or predetermined performance level - developed from policy - performance - requirements
Information risk management
security program
firewall
performance baseline
31. Guide assist in the implemenation of information security based on risk managent approach
delayed
qualitative
network mapping
ISO/IEC 27005
32. Risk mgmt method with much broader focus than IT security
OVAL
AS/NZS 4360
physical
availability
33. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
ISO/IEC 27001
corporate security officer
CobiT
exposure factor
34. Event levels available for logging in a MS DNS server
OVAL
administrative
availability
No events - Errors only - Errors and warnings - All events
35. De facto standard of best practices for IT service mgmt
Facilitated Risk Analysis Process
Information Technology Infrastructure Library (ITIL)
Operationally Critical Threat - Asset - and Vulnerability Evaluation
risk
36. The asset's value multiplied by the EF percentage - (SLE)
ISO 17799
BS7799
single loss expectancy
COSO
37. OCTAVE
security program
technical
Operationally Critical Threat - Asset - and Vulnerability Evaluation
privilege
38. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
technical
FMEA
single loss expectancy
due care
39. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
countermeasure
Control Objectives for Information and related Technology
ISO 17799
security officer
40. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
vulnerability
delayed
planning horizon
vulnerability scanner
41. Possiblity of damage and the ramifications should it occur
technical
risk
risk mitigation
ISO 17799
42. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
data owner
strategic
annualized loss expectancy
COSO
43. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
Information Security Management
risk catagories
annualized loss expectancy
ISO/IEC 27001
44. CISO
chief information security officer
planning horizon
security program
ISO/IEC 27005
45. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
port scanner
administrative
ISO/IEC 27004
protocol analyzer
46. Collection of controls an organization must have in place
ISO/IEC 27799
security program
physical
annualized loss expectancy
47. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
ISO/IEC 27004
risk anlysis
tactical
network mapping
48. An instance of being exposed to losses from a threat
security program
ISO/IEC 27799
exposure
usage
49. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
network mapping
mappers
firewall
operational
50. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
vulnerability
administrative
performance baseline
network mapping