Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. IRM






2. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering






3. Corporate governance at the strategic level






4. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks






5. CobiT






6. Type of audit that checks that network resources - systems and software are used appropriately






7. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment






8. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)






9. Ensures reliable timely access to data/resources to authorized individuals






10. FRAP






11. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)






12. Provides a cost/benefit comparision






13. Potential danger to information or systems






14. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external






15. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics






16. Ensures necessary level of secrecy and prevents unauthorized disclosure






17. Used to predict changes based on trends - detect deviations - and watch events across multiple system components






18. Used to ID failures in a complex systems to understand underlying causes of threats






19. An open language from mitre.org for determining vulnerabilities and problems on computer systems






20. Strategic - tactical and operational planning






21. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.






22. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental






23. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis






24. COSO






25. The tools - personnel and business processes necessary to ensure that security meets needs






26. Information security managment measurements






27. Percentage of an asset's value that would be lost in a single incident - (EF)






28. IT governance at the operational level






29. Midterm goals






30. Expected or predetermined performance level - developed from policy - performance - requirements






31. Guide assist in the implemenation of information security based on risk managent approach






32. Risk mgmt method with much broader focus than IT security






33. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)






34. Event levels available for logging in a MS DNS server






35. De facto standard of best practices for IT service mgmt






36. The asset's value multiplied by the EF percentage - (SLE)






37. OCTAVE






38. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach






39. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation






40. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits






41. Possiblity of damage and the ramifications should it occur






42. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers






43. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error






44. CISO






45. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)






46. Collection of controls an organization must have in place






47. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate






48. An instance of being exposed to losses from a threat






49. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________






50. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control