SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Type of audit that checks that network resources - systems and software are used appropriately
usage
COSO
administrative
data owner
2. Possiblity of damage and the ramifications should it occur
ISO/IEC 27005
corporate security officer
risk catagories
risk
3. Potential danger to information or systems
elcomsoft
ISO/IEC 27799
threat
CISO
4. Made up of ten domains - a mechanism to describe security processes
Information Technology Infrastructure Library (ITIL)
ISO/IEC 27004
BS7799
ISO 17799
5. OCTAVE
OVAL
security program
usage
Operationally Critical Threat - Asset - and Vulnerability Evaluation
6. Ensures reliable timely access to data/resources to authorized individuals
risk
elcomsoft
physical
availability
7. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
john the ripper
data owner
administrative
Operationally Critical Threat - Asset - and Vulnerability Evaluation
8. CSO
corporate security officer
delayed
Information Security Management
ISO/IEC 27005
9. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
operational
availability
ISO/IEC 27001
penetration
10. CobiT
security program
Control Objectives for Information and related Technology
escalation
Information Technology Infrastructure Library (ITIL)
11. Mitigates a potential risk
fault tree analysis
countermeasure
data owner
CobiT
12. IRM
Information risk management
vulnerability
risk analysis
vulnerability
13. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
mappers
FMEA
qualitative
Operationally Critical Threat - Asset - and Vulnerability Evaluation
14. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
security program
ISO 17799
delayed
network mapping
15. FRAP
administrative
port scanner
Facilitated Risk Analysis Process
privilege
16. The tools - personnel and business processes necessary to ensure that security meets needs
security governanace
security officer
planning horizon
operational
17. De facto standard of best practices for IT service mgmt
Information Technology Infrastructure Library (ITIL)
ISO/IEC 27799
CobiT
due care
18. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
port scanner
annualized loss expectancy
penetration
COSO
19. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
network mapping
L0phtCrack
vulnerability
protocol analyzer
20. Tools to ID - develop - and design security requirements for business needs
blueprints
security program
annualized loss expectancy
COSO
21. An open language from mitre.org for determining vulnerabilities and problems on computer systems
vulnerability
OVAL
administrative
security program
22. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
vulnerability scanner
risk analysis
fault tree analysis
risk catagories
23. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
risk anlysis
risk catagories
network mapping
corporate security officer
24. Collection of controls an organization must have in place
FMEA
security program
privilege
strategic
25. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
CobiT
threat
ISO/IEC 27799
vulnerability scanner
26. Responsible for information classification and protection
protocol analyzer
Information risk management
data owner
annualized rate of occurrence
27. Corporate governance at the strategic level
annualized rate of occurrence
security governanace
elcomsoft
COSO
28. Derived from the COSO framework
protocol analyzer
physical
ISO/IEC 27005
CobiT
29. The likelihood of exploitation and the loss potential
ISO/IEC 27005
corporate security officer
protocol analyzer
risk
30. __________ loss has a negative effect after a vulnerability is initially exploited
ISO/IEC 27002
FMEA
delayed
CISO
31. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
technical
ISO/IEC 27799
Failure Modes and Effect Analysis
ISO/IEC 27001
32. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
risk anlysis
port scanner
annualized loss expectancy
ISO 17799
33. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
COSO
FMEA
IRM
Operationally Critical Threat - Asset - and Vulnerability Evaluation
34. Type of audit that checks procedures and policies for escalating issues to management
escalation
Information Security Management
performance baseline
OCTAVE
35. Number of time the incident might occur annually - (ARO)
ISO/IEC 27004
security officer
annualized rate of occurrence
operational
36. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
Committee of Sponsoring Organizations
FRAP
CISO
CobiT
37. A log that can record outgoing requests - incoming traffic - and internet usage
firewall
OCTAVE
Operationally Critical Threat - Asset - and Vulnerability Evaluation
FMEA
38. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
qualitative
administrative
threat
confidentiality
39. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
usage
FMEA
BS7799
IRM
40. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
Information Technology Infrastructure Library (ITIL)
ISO/IEC 27799
security program
strategic
41. Expected or predetermined performance level - developed from policy - performance - requirements
FRAP
delayed
vulnerability
performance baseline
42. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
BS7799
delayed
security program
john the ripper
43. Ensures necessary level of secrecy and prevents unauthorized disclosure
COSO
COSO
confidentiality
ISO/IEC 27001
44. Guide to illustrate how to protect personal health information
data owner
ISO/IEC 27799
chief information security officer
OCTAVE
45. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
physical
Control Objectives for Information and related Technology
CISO
countermeasure
46. Focus on service level agreements between IT dept and internal customers
risk
confidentiality
OVAL
ITIL
47. Midterm goals
Committee of Sponsoring Organizations
firewall
tactical
vulnerability
48. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
network mapping
vulnerability
threat
COSO
49. Ensures managment security directives are fulfilled
single loss expectancy
vulnerability scanner
protocol analyzer
security officer
50. Controls that implement access control - password mangement - identification and authentication methods - configuration
annualized loss expectancy
physical
chief information security officer
technical