Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Percentage of an asset's value that would be lost in a single incident - (EF)
strategic
FRAP
Failure Modes and Effect Analysis
exposure factor

2. Responsible for information classification and protection
security governanace
BS7799
data owner
tactical

3. Possiblity of damage and the ramifications should it occur
CISO
CobiT
penetration
risk

4. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
network mapping
exposure
FRAP
risk

5. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
CISO
ISO/IEC 27004
COSO
OCTAVE

6. A log that can record outgoing requests - incoming traffic - and internet usage
CISO
Operationally Critical Threat - Asset - and Vulnerability Evaluation
firewall
FMEA

7. Responsible for communicating to senior mgmt organizational risks and compliance regulations
exposure factor
elcomsoft
FRAP
CISO

8. CISO
physical
ISO 17799
john the ripper
chief information security officer

9. Number of time the incident might occur annually - (ARO)
Failure Modes and Effect Analysis
Facilitated Risk Analysis Process
data owner
annualized rate of occurrence

10. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
CISO
tactical
ISO 17799
security governanace

11. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
strategic
elcomsoft
risk
performance monitor

12. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
CISO
CobiT
protocol analyzer
exposure

13. COSO
Committee of Sponsoring Organizations
Information Technology Infrastructure Library (ITIL)
performance monitor
Information risk management

14. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
risk analysis
BS7799
blueprints
risk anlysis

15. The likelihood of exploitation and the loss potential
risk
blueprints
IRM
network mapping

16. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
risk analysis
operational
availability
escalation

17. Ensures managment security directives are fulfilled
fault tree analysis
tactical
security officer
ITIL

18. __________ loss has a negative effect after a vulnerability is initially exploited
delayed
Failure Modes and Effect Analysis
AS/NZS 4360
tactical

19. Assurance of accurancy and reliability of information and systems
ITIL
ISO/IEC 27005
integrity
operational

20. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
port scanner
single loss expectancy
ISO/IEC 27002
ISO/IEC 27004

21. Type of audit that checks that network resources - systems and software are used appropriately
BS7799
risk
CobiT
usage

22. Provides a cost/benefit comparision
COSO
performance monitor
risk analysis
operational

23. Used to ID failures in a complex systems to understand underlying causes of threats
availability
SP 800-30
Failure Modes and Effect Analysis
fault tree analysis

24. Mitigates a potential risk
security program
network mapping
countermeasure
COSO

25. Daily goals focused on productivity and task-oriented activities
operational
data owner
annualized loss expectancy
mappers

26. NIST risk management methodology
john the ripper
SP 800-30
security program
usage

27. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
qualitative
escalation
security program
FRAP

28. An open language from mitre.org for determining vulnerabilities and problems on computer systems
annualized loss expectancy
Information Technology Infrastructure Library (ITIL)
OVAL
risk

29. CobiT
Failure Modes and Effect Analysis
COSO
vulnerability
Control Objectives for Information and related Technology

30. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
SP 800-30
planning horizon
Failure Modes and Effect Analysis
vulnerability scanner

31. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
planning horizon
elcomsoft
confidentiality
due care

32. Controls that implement access control - password mangement - identification and authentication methods - configuration
fault tree analysis
due care
technical
vulnerability

33. De facto standard of best practices for IT service mgmt
port scanner
Information Technology Infrastructure Library (ITIL)
FMEA
SP 800-30

34. An instance of being exposed to losses from a threat
L0phtCrack
exposure
vulnerability scanner
risk catagories

35. Strategic - tactical and operational planning
planning horizon
john the ripper
usage
risk catagories

36. A weakness (software - hardware - procedural - human) that can be exploited
performance baseline
vulnerability
SP 800-30
AS/NZS 4360

37. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
No events - Errors only - Errors and warnings - All events
due care
FRAP
delayed

38. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
network mapping
john the ripper
ISO/IEC 27002
SP 800-30

39. The tools - personnel and business processes necessary to ensure that security meets needs
Information Technology Infrastructure Library (ITIL)
confidentiality
security governanace
network mapping

40. IT governance at the operational level
delayed
ISO/IEC 27799
CobiT
security program

41. Guide to illustrate how to protect personal health information
CobiT
performance baseline
security officer
ISO/IEC 27799

42. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
OCTAVE
FMEA
Operationally Critical Threat - Asset - and Vulnerability Evaluation
Facilitated Risk Analysis Process

43. CSO
threat
confidentiality
ISO/IEC 27005
corporate security officer

44. Derived from the COSO framework
CobiT
mappers
privilege
confidentiality

45. Potential danger to information or systems
FMEA
Information Security Management
blueprints
threat

46. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
Information risk management
qualitative
integrity
security governanace

47. Event levels available for logging in a MS DNS server
No events - Errors only - Errors and warnings - All events
CobiT
john the ripper
fault tree analysis

48. Guide assist in the implemenation of information security based on risk managent approach
IRM
performance baseline
ISO/IEC 27005
vulnerability

49. Corporate governance at the strategic level
ISO/IEC 27004
COSO
ISO/IEC 27005
CobiT

50. Focus on service level agreements between IT dept and internal customers
performance monitor
ITIL
Information risk management
security program