SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Guide to illustrate how to protect personal health information
ISO/IEC 27799
network mapping
risk anlysis
confidentiality
2. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
OCTAVE
security program
security governanace
Information risk management
3. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
physical
annualized loss expectancy
john the ripper
Information risk management
4. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
risk analysis
ISO/IEC 27004
port scanner
fault tree analysis
5. FMEA
annualized loss expectancy
Failure Modes and Effect Analysis
corporate security officer
ISO/IEC 27004
6. OCTAVE
exposure
Operationally Critical Threat - Asset - and Vulnerability Evaluation
vulnerability
tactical
7. __________ loss has a negative effect after a vulnerability is initially exploited
risk mitigation
IRM
performance monitor
delayed
8. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
operational
elcomsoft
data owner
corporate security officer
9. FRAP
vulnerability
No events - Errors only - Errors and warnings - All events
Facilitated Risk Analysis Process
due care
10. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
corporate security officer
network mapping
FMEA
performance baseline
11. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
risk anlysis
Information Technology Infrastructure Library (ITIL)
security program
CobiT
12. Made up of ten domains - a mechanism to describe security processes
risk anlysis
annualized loss expectancy
usage
ISO 17799
13. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
BS7799
threat
risk anlysis
Information Technology Infrastructure Library (ITIL)
14. Assurance of accurancy and reliability of information and systems
COSO
port scanner
integrity
Operationally Critical Threat - Asset - and Vulnerability Evaluation
15. Used to ID failures in a complex systems to understand underlying causes of threats
vulnerability scanner
vulnerability
CobiT
fault tree analysis
16. Ensures necessary level of secrecy and prevents unauthorized disclosure
Facilitated Risk Analysis Process
confidentiality
CISO
elcomsoft
17. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
ITIL
IRM
risk anlysis
FMEA
18. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
mappers
ISO/IEC 27799
risk
ISO/IEC 27002
19. Tools to ID - develop - and design security requirements for business needs
blueprints
vulnerability
Facilitated Risk Analysis Process
FMEA
20. SLE x ARO - (ALE)
escalation
ISO 17799
annualized loss expectancy
annualized rate of occurrence
21. Ensures reliable timely access to data/resources to authorized individuals
FMEA
Failure Modes and Effect Analysis
ISO/IEC 27005
availability
22. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
CobiT
risk mitigation
elcomsoft
network mapping
23. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
Operationally Critical Threat - Asset - and Vulnerability Evaluation
operational
ISO/IEC 27001
availability
24. Responsible for communicating to senior mgmt organizational risks and compliance regulations
data owner
ISO 17799
qualitative
CISO
25. Information security managment measurements
ISO/IEC 27004
COSO
CobiT
john the ripper
26. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond
Committee of Sponsoring Organizations
delayed
COSO
security governanace
27. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
ISO 17799
risk
risk mitigation
network mapping
28. Number of time the incident might occur annually - (ARO)
FMEA
annualized rate of occurrence
john the ripper
security governanace
29. Type of audit that checks that accounts - groups and roles are correctly assigned
Operationally Critical Threat - Asset - and Vulnerability Evaluation
privilege
strategic
penetration
30. Possiblity of damage and the ramifications should it occur
due care
risk
CobiT
qualitative
31. Event levels available for logging in a MS DNS server
COSO
No events - Errors only - Errors and warnings - All events
Failure Modes and Effect Analysis
usage
32. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
physical
john the ripper
chief information security officer
exposure factor
33. Focus on service level agreements between IT dept and internal customers
ITIL
vulnerability
SP 800-30
exposure
34. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
risk
mappers
security program
COSO
35. The following tools (Nessus - Qualys - Retina) are ______________ scanners
administrative
vulnerability
security program
No events - Errors only - Errors and warnings - All events
36. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
performance baseline
usage
qualitative
CobiT
37. Derived from the COSO framework
fault tree analysis
vulnerability
security governanace
CobiT
38. ISM Standard
Committee of Sponsoring Organizations
Information Security Management
Control Objectives for Information and related Technology
vulnerability scanner
39. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
risk
Committee of Sponsoring Organizations
strategic
administrative
40. Daily goals focused on productivity and task-oriented activities
COSO
operational
No events - Errors only - Errors and warnings - All events
security governanace
41. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
technical
exposure factor
exposure
network mapping
42. The asset's value multiplied by the EF percentage - (SLE)
port scanner
technical
SP 800-30
single loss expectancy
43. A weakness (software - hardware - procedural - human) that can be exploited
risk analysis
Control Objectives for Information and related Technology
vulnerability
performance monitor
44. An instance of being exposed to losses from a threat
exposure
delayed
annualized loss expectancy
ITIL
45. The tools - personnel and business processes necessary to ensure that security meets needs
security governanace
physical
risk
port scanner
46. Strategic - tactical and operational planning
Information risk management
chief information security officer
vulnerability
planning horizon
47. Collection of controls an organization must have in place
security program
CISO
due care
risk
48. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
FRAP
L0phtCrack
Operationally Critical Threat - Asset - and Vulnerability Evaluation
CobiT
49. Midterm goals
FMEA
tactical
physical
CobiT
50. IT governance at the operational level
network mapping
CobiT
SP 800-30
exposure factor