SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
ISO/IEC 27799
physical
risk catagories
administrative
2. Type of audit that checks that network resources - systems and software are used appropriately
port scanner
COSO
usage
No events - Errors only - Errors and warnings - All events
3. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
performance baseline
network mapping
elcomsoft
port scanner
4. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
corporate security officer
risk analysis
COSO
strategic
5. Expected or predetermined performance level - developed from policy - performance - requirements
performance baseline
risk
BS7799
CobiT
6. __________ loss has a negative effect after a vulnerability is initially exploited
ISO 17799
availability
strategic
delayed
7. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
delayed
vulnerability
FRAP
Committee of Sponsoring Organizations
8. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
john the ripper
security program
BS7799
vulnerability
9. Type of audit that checks procedures and policies for escalating issues to management
single loss expectancy
FRAP
escalation
Information Technology Infrastructure Library (ITIL)
10. NIST risk management methodology
technical
physical
SP 800-30
annualized loss expectancy
11. OCTAVE
risk anlysis
COSO
CISO
Operationally Critical Threat - Asset - and Vulnerability Evaluation
12. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
administrative
vulnerability
chief information security officer
COSO
13. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
protocol analyzer
countermeasure
risk analysis
ISO 17799
14. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
ISO/IEC 27005
network mapping
integrity
threat
15. SLE x ARO - (ALE)
corporate security officer
annualized rate of occurrence
FMEA
annualized loss expectancy
16. Tools to ID - develop - and design security requirements for business needs
blueprints
data owner
COSO
vulnerability
17. Assurance of accurancy and reliability of information and systems
AS/NZS 4360
ISO/IEC 27004
integrity
ISO/IEC 27002
18. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
ISO/IEC 27004
network mapping
ISO/IEC 27005
mappers
19. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
Operationally Critical Threat - Asset - and Vulnerability Evaluation
administrative
confidentiality
performance monitor
20. ISM Standard
Information Technology Infrastructure Library (ITIL)
Information Security Management
strategic
ISO/IEC 27002
21. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
mappers
ISO 17799
ISO/IEC 27799
FRAP
22. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
risk analysis
planning horizon
elcomsoft
ISO 17799
23. An instance of being exposed to losses from a threat
due care
annualized loss expectancy
performance monitor
exposure
24. Event levels available for logging in a MS DNS server
risk analysis
due care
No events - Errors only - Errors and warnings - All events
FRAP
25. Corporate governance at the strategic level
COSO
administrative
fault tree analysis
Information risk management
26. Daily goals focused on productivity and task-oriented activities
Committee of Sponsoring Organizations
blueprints
privilege
operational
27. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
security officer
OCTAVE
AS/NZS 4360
penetration
28. IRM
single loss expectancy
risk mitigation
performance monitor
Information risk management
29. The asset's value multiplied by the EF percentage - (SLE)
single loss expectancy
protocol analyzer
vulnerability
CISO
30. The likelihood of exploitation and the loss potential
risk mitigation
Operationally Critical Threat - Asset - and Vulnerability Evaluation
availability
risk
31. Guide to illustrate how to protect personal health information
operational
ISO/IEC 27799
Facilitated Risk Analysis Process
escalation
32. Midterm goals
tactical
Facilitated Risk Analysis Process
data owner
vulnerability scanner
33. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
protocol analyzer
ISO/IEC 27005
ITIL
CobiT
34. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
CobiT
COSO
physical
usage
35. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
blueprints
IRM
ITIL
port scanner
36. Mitigates a potential risk
AS/NZS 4360
ISO/IEC 27799
countermeasure
security governanace
37. Number of time the incident might occur annually - (ARO)
data owner
escalation
annualized rate of occurrence
ISO/IEC 27005
38. An open language from mitre.org for determining vulnerabilities and problems on computer systems
threat
OVAL
physical
penetration
39. A weakness (software - hardware - procedural - human) that can be exploited
escalation
administrative
CobiT
vulnerability
40. Made up of ten domains - a mechanism to describe security processes
BS7799
ISO 17799
delayed
technical
41. Information security managment measurements
administrative
ISO 17799
firewall
ISO/IEC 27004
42. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
privilege
OCTAVE
due care
CobiT
43. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
Information risk management
ISO/IEC 27002
risk catagories
operational
44. Collection of controls an organization must have in place
penetration
ISO/IEC 27004
security program
elcomsoft
45. IT governance at the operational level
CobiT
strategic
Operationally Critical Threat - Asset - and Vulnerability Evaluation
security program
46. FRAP
escalation
No events - Errors only - Errors and warnings - All events
Failure Modes and Effect Analysis
Facilitated Risk Analysis Process
47. Risk mgmt method with much broader focus than IT security
AS/NZS 4360
SP 800-30
single loss expectancy
tactical
48. CISO
security governanace
due care
chief information security officer
Committee of Sponsoring Organizations
49. Provides a cost/benefit comparision
risk analysis
port scanner
No events - Errors only - Errors and warnings - All events
CobiT
50. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
security program
ISO/IEC 27002
mappers
data owner