Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Risk mgmt method with much broader focus than IT security






2. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error






3. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach






4. __________ loss has a negative effect after a vulnerability is initially exploited






5. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk






6. Made up of ten domains - a mechanism to describe security processes






7. IRM






8. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental






9. Responsible for information classification and protection






10. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering






11. The asset's value multiplied by the EF percentage - (SLE)






12. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)






13. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external






14. Used to predict changes based on trends - detect deviations - and watch events across multiple system components






15. Focus on service level agreements between IT dept and internal customers






16. Event levels available for logging in a MS DNS server






17. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard






18. Corporate governance at the strategic level






19. A weakness (software - hardware - procedural - human) that can be exploited






20. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics






21. An instance of being exposed to losses from a threat






22. Guide to illustrate how to protect personal health information






23. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment






24. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)






25. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost






26. The following tools (Nessus - Qualys - Retina) are ______________ scanners






27. Mitigates a potential risk






28. Expected or predetermined performance level - developed from policy - performance - requirements






29. Assurance of accurancy and reliability of information and systems






30. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate






31. Ensures managment security directives are fulfilled






32. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis






33. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards






34. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control






35. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks






36. Tools to ID - develop - and design security requirements for business needs






37. NIST risk management methodology






38. Collection of controls an organization must have in place






39. FMEA






40. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond






41. Guide assist in the implemenation of information security based on risk managent approach






42. Type of audit that checks that network resources - systems and software are used appropriately






43. CobiT






44. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)






45. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)






46. Provides a cost/benefit comparision






47. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers






48. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting






49. SLE x ARO - (ALE)






50. Strategic - tactical and operational planning