SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Strategic - tactical and operational planning
performance baseline
planning horizon
single loss expectancy
ISO/IEC 27001
2. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
annualized rate of occurrence
ISO/IEC 27002
network mapping
privilege
3. Percentage of an asset's value that would be lost in a single incident - (EF)
exposure factor
risk anlysis
ISO/IEC 27001
delayed
4. IRM
Information risk management
exposure factor
ISO/IEC 27001
ISO/IEC 27002
5. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
IRM
strategic
SP 800-30
vulnerability
6. Information security managment measurements
ISO/IEC 27004
COSO
single loss expectancy
tactical
7. The asset's value multiplied by the EF percentage - (SLE)
ISO/IEC 27799
single loss expectancy
No events - Errors only - Errors and warnings - All events
availability
8. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
tactical
network mapping
SP 800-30
confidentiality
9. Midterm goals
FMEA
COSO
tactical
security program
10. CISO
security officer
chief information security officer
annualized loss expectancy
risk
11. A log that can record outgoing requests - incoming traffic - and internet usage
Committee of Sponsoring Organizations
security governanace
data owner
firewall
12. Mitigates a potential risk
countermeasure
exposure factor
privilege
security program
13. De facto standard of best practices for IT service mgmt
threat
security governanace
fault tree analysis
Information Technology Infrastructure Library (ITIL)
14. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
chief information security officer
qualitative
Operationally Critical Threat - Asset - and Vulnerability Evaluation
risk mitigation
15. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
administrative
qualitative
vulnerability
corporate security officer
16. Made up of ten domains - a mechanism to describe security processes
usage
delayed
Information Technology Infrastructure Library (ITIL)
ISO 17799
17. A weakness (software - hardware - procedural - human) that can be exploited
risk mitigation
confidentiality
vulnerability
security governanace
18. The following tools (Nessus - Qualys - Retina) are ______________ scanners
Facilitated Risk Analysis Process
ISO/IEC 27005
vulnerability
FMEA
19. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
mappers
SP 800-30
CobiT
ISO 17799
20. Potential danger to information or systems
vulnerability
Operationally Critical Threat - Asset - and Vulnerability Evaluation
threat
risk anlysis
21. An open language from mitre.org for determining vulnerabilities and problems on computer systems
CobiT
OVAL
ISO/IEC 27001
fault tree analysis
22. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
strategic
integrity
FRAP
CobiT
23. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
operational
ISO/IEC 27799
physical
port scanner
24. Guide assist in the implemenation of information security based on risk managent approach
Operationally Critical Threat - Asset - and Vulnerability Evaluation
john the ripper
FRAP
ISO/IEC 27005
25. Type of audit that checks that network resources - systems and software are used appropriately
CobiT
L0phtCrack
usage
risk analysis
26. Guide to illustrate how to protect personal health information
administrative
single loss expectancy
ISO/IEC 27799
FMEA
27. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
CobiT
CobiT
FMEA
administrative
28. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
L0phtCrack
data owner
physical
risk analysis
29. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
performance baseline
Information Security Management
annualized loss expectancy
ISO/IEC 27001
30. Number of time the incident might occur annually - (ARO)
annualized rate of occurrence
Committee of Sponsoring Organizations
Information Security Management
data owner
31. Responsible for communicating to senior mgmt organizational risks and compliance regulations
vulnerability scanner
escalation
CISO
FRAP
32. IT governance at the operational level
qualitative
CobiT
fault tree analysis
Information Security Management
33. FMEA
security program
Failure Modes and Effect Analysis
privilege
due care
34. The tools - personnel and business processes necessary to ensure that security meets needs
CobiT
security governanace
risk analysis
mappers
35. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
risk
Failure Modes and Effect Analysis
risk anlysis
Facilitated Risk Analysis Process
36. __________ loss has a negative effect after a vulnerability is initially exploited
corporate security officer
Failure Modes and Effect Analysis
physical
delayed
37. Risk mgmt method with much broader focus than IT security
AS/NZS 4360
penetration
COSO
IRM
38. Possiblity of damage and the ramifications should it occur
risk mitigation
exposure factor
risk
vulnerability
39. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
Control Objectives for Information and related Technology
CISO
firewall
countermeasure
40. CSO
Operationally Critical Threat - Asset - and Vulnerability Evaluation
CISO
corporate security officer
risk catagories
41. OCTAVE
Operationally Critical Threat - Asset - and Vulnerability Evaluation
firewall
ISO/IEC 27002
operational
42. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
john the ripper
risk mitigation
risk analysis
strategic
43. SLE x ARO - (ALE)
tactical
security program
annualized loss expectancy
physical
44. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
COSO
ISO/IEC 27004
ISO 17799
due care
45. COSO
annualized rate of occurrence
Committee of Sponsoring Organizations
risk mitigation
firewall
46. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
CobiT
penetration
network mapping
technical
47. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
ISO/IEC 27005
risk
network mapping
FMEA
48. Type of audit that checks information classification and change control procedures
ISO/IEC 27799
CobiT
administrative
exposure
49. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
physical
john the ripper
FMEA
annualized loss expectancy
50. The likelihood of exploitation and the loss potential
single loss expectancy
Information Technology Infrastructure Library (ITIL)
risk
Information Security Management