Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. The following tools (Nessus - Qualys - Retina) are ______________ scanners
ISO/IEC 27001
CobiT
performance baseline
vulnerability

2. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
risk analysis
confidentiality
AS/NZS 4360
corporate security officer

3. Guide assist in the implemenation of information security based on risk managent approach
risk mitigation
ISO/IEC 27005
administrative
planning horizon

4. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond
fault tree analysis
COSO
administrative
vulnerability scanner

5. OCTAVE
ISO/IEC 27001
fault tree analysis
Operationally Critical Threat - Asset - and Vulnerability Evaluation
operational

6. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
operational
privilege
network mapping
Failure Modes and Effect Analysis

7. CISO
CobiT
fault tree analysis
chief information security officer
security program

8. Ensures necessary level of secrecy and prevents unauthorized disclosure
CISO
confidentiality
Information Technology Infrastructure Library (ITIL)
tactical

9. SLE x ARO - (ALE)
fault tree analysis
ISO 17799
annualized loss expectancy
Information Technology Infrastructure Library (ITIL)

10. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
CobiT
protocol analyzer
risk
risk analysis

11. Guide to illustrate how to protect personal health information
risk analysis
ISO/IEC 27002
ISO/IEC 27004
ISO/IEC 27799

12. The asset's value multiplied by the EF percentage - (SLE)
CISO
single loss expectancy
No events - Errors only - Errors and warnings - All events
exposure factor

13. Responsible for information classification and protection
data owner
exposure factor
BS7799
annualized loss expectancy

14. Strategic - tactical and operational planning
exposure factor
IRM
planning horizon
technical

15. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
performance monitor
CISO
ISO/IEC 27001
OVAL

16. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
OVAL
annualized loss expectancy
john the ripper
COSO

17. COSO
data owner
risk mitigation
Committee of Sponsoring Organizations
penetration

18. ISM Standard
AS/NZS 4360
Information Security Management
mappers
COSO

19. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
Facilitated Risk Analysis Process
risk catagories
ISO/IEC 27005
CobiT

20. Collection of controls an organization must have in place
risk anlysis
privilege
security program
Committee of Sponsoring Organizations

21. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
network mapping
firewall
risk catagories
CISO

22. Tools to ID - develop - and design security requirements for business needs
privilege
COSO
CISO
blueprints

23. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
risk anlysis
vulnerability
FMEA
BS7799

24. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
exposure
FRAP
CISO
OVAL

25. Controls that implement access control - password mangement - identification and authentication methods - configuration
chief information security officer
ISO/IEC 27799
technical
planning horizon

26. __________ loss has a negative effect after a vulnerability is initially exploited
delayed
Information risk management
chief information security officer
CISO

27. Assurance of accurancy and reliability of information and systems
BS7799
CobiT
integrity
L0phtCrack

28. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
risk anlysis
john the ripper
privilege
network mapping

29. Number of time the incident might occur annually - (ARO)
annualized rate of occurrence
FMEA
network mapping
ISO 17799

30. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
FMEA
ISO 17799
annualized loss expectancy
ISO/IEC 27002

31. De facto standard of best practices for IT service mgmt
ISO/IEC 27799
risk mitigation
COSO
Information Technology Infrastructure Library (ITIL)

32. CSO
protocol analyzer
security governanace
corporate security officer
ISO/IEC 27004

33. Midterm goals
security governanace
tactical
ISO/IEC 27799
No events - Errors only - Errors and warnings - All events

34. NIST risk management methodology
SP 800-30
Information Security Management
performance monitor
chief information security officer

35. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
risk anlysis
IRM
FMEA
ISO/IEC 27004

36. Made up of ten domains - a mechanism to describe security processes
CobiT
ISO 17799
BS7799
ISO/IEC 27001

37. Expected or predetermined performance level - developed from policy - performance - requirements
technical
exposure factor
performance baseline
risk mitigation

38. A log that can record outgoing requests - incoming traffic - and internet usage
single loss expectancy
firewall
annualized loss expectancy
protocol analyzer

39. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
mappers
IRM
security program
risk analysis

40. The likelihood of exploitation and the loss potential
risk
Facilitated Risk Analysis Process
COSO
L0phtCrack

41. Ensures managment security directives are fulfilled
CISO
security officer
risk mitigation
tactical

42. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
CobiT
performance monitor
network mapping
Information Technology Infrastructure Library (ITIL)

43. Provides a cost/benefit comparision
risk analysis
CobiT
exposure factor
security program

44. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
network mapping
FMEA
L0phtCrack
performance monitor

45. Possiblity of damage and the ramifications should it occur
risk
fault tree analysis
CobiT
risk anlysis

46. Responsible for communicating to senior mgmt organizational risks and compliance regulations
CobiT
CISO
risk anlysis
Information Technology Infrastructure Library (ITIL)

47. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
ISO/IEC 27004
physical
ITIL
data owner

48. Event levels available for logging in a MS DNS server
SP 800-30
No events - Errors only - Errors and warnings - All events
countermeasure
qualitative

49. IT governance at the operational level
performance monitor
network mapping
CobiT
vulnerability

50. IRM
exposure
qualitative
Information risk management
escalation