SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
vulnerability
OCTAVE
BS7799
CobiT
2. CSO
delayed
corporate security officer
risk analysis
data owner
3. Responsible for information classification and protection
strategic
CobiT
integrity
data owner
4. The tools - personnel and business processes necessary to ensure that security meets needs
AS/NZS 4360
penetration
security governanace
elcomsoft
5. IRM
firewall
Information risk management
risk anlysis
FMEA
6. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
countermeasure
risk analysis
physical
CobiT
7. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
escalation
due care
ISO 17799
Information Technology Infrastructure Library (ITIL)
8. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
No events - Errors only - Errors and warnings - All events
single loss expectancy
strategic
COSO
9. Guide assist in the implemenation of information security based on risk managent approach
security officer
fault tree analysis
ISO/IEC 27005
annualized rate of occurrence
10. Mitigates a potential risk
due care
risk analysis
CISO
countermeasure
11. Type of audit that checks that network resources - systems and software are used appropriately
physical
mappers
usage
firewall
12. Derived from the COSO framework
CISO
COSO
CobiT
vulnerability
13. Ensures necessary level of secrecy and prevents unauthorized disclosure
vulnerability
confidentiality
vulnerability
administrative
14. Assurance of accurancy and reliability of information and systems
Information Security Management
annualized loss expectancy
integrity
OVAL
15. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
chief information security officer
confidentiality
port scanner
vulnerability scanner
16. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
network mapping
AS/NZS 4360
vulnerability
IRM
17. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
mappers
john the ripper
threat
availability
18. FRAP
Facilitated Risk Analysis Process
ISO/IEC 27004
No events - Errors only - Errors and warnings - All events
corporate security officer
19. ISM Standard
CobiT
Information Security Management
annualized rate of occurrence
countermeasure
20. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
usage
Information Technology Infrastructure Library (ITIL)
L0phtCrack
CISO
21. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
administrative
COSO
mappers
chief information security officer
22. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
risk
single loss expectancy
performance monitor
fault tree analysis
23. Type of audit that checks information classification and change control procedures
technical
administrative
tactical
threat
24. Ensures reliable timely access to data/resources to authorized individuals
No events - Errors only - Errors and warnings - All events
availability
network mapping
security program
25. A log that can record outgoing requests - incoming traffic - and internet usage
exposure factor
FMEA
Information Technology Infrastructure Library (ITIL)
firewall
26. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
risk anlysis
security program
vulnerability
availability
27. Provides a cost/benefit comparision
risk mitigation
risk analysis
CISO
COSO
28. Information security managment measurements
CISO
risk
ISO/IEC 27004
single loss expectancy
29. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
CobiT
ISO/IEC 27005
technical
delayed
30. The asset's value multiplied by the EF percentage - (SLE)
single loss expectancy
corporate security officer
Information Technology Infrastructure Library (ITIL)
COSO
31. Daily goals focused on productivity and task-oriented activities
threat
annualized loss expectancy
ISO/IEC 27002
operational
32. Percentage of an asset's value that would be lost in a single incident - (EF)
tactical
exposure factor
due care
CobiT
33. De facto standard of best practices for IT service mgmt
Information Technology Infrastructure Library (ITIL)
COSO
Control Objectives for Information and related Technology
security program
34. A weakness (software - hardware - procedural - human) that can be exploited
SP 800-30
usage
vulnerability
security governanace
35. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
ISO/IEC 27001
exposure
technical
ISO 17799
36. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
operational
annualized rate of occurrence
network mapping
IRM
37. __________ loss has a negative effect after a vulnerability is initially exploited
COSO
countermeasure
FMEA
delayed
38. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
port scanner
FMEA
privilege
risk analysis
39. Controls that implement access control - password mangement - identification and authentication methods - configuration
technical
CISO
CISO
CobiT
40. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
CISO
ISO 17799
COSO
FRAP
41. NIST risk management methodology
data owner
AS/NZS 4360
SP 800-30
physical
42. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
strategic
exposure
physical
ISO/IEC 27002
43. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
Committee of Sponsoring Organizations
integrity
penetration
vulnerability scanner
44. Type of audit that checks procedures and policies for escalating issues to management
FMEA
escalation
FMEA
administrative
45. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
planning horizon
strategic
tactical
protocol analyzer
46. Responsible for communicating to senior mgmt organizational risks and compliance regulations
CISO
risk mitigation
security officer
tactical
47. Collection of controls an organization must have in place
security program
Failure Modes and Effect Analysis
annualized loss expectancy
vulnerability
48. CobiT
BS7799
Control Objectives for Information and related Technology
usage
ISO/IEC 27005
49. Ensures managment security directives are fulfilled
privilege
security officer
vulnerability scanner
COSO
50. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
threat
security program
FMEA
Failure Modes and Effect Analysis