SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Midterm goals
ISO/IEC 27005
vulnerability
tactical
risk
2. Controls that implement access control - password mangement - identification and authentication methods - configuration
corporate security officer
ISO/IEC 27002
SP 800-30
technical
3. Responsible for communicating to senior mgmt organizational risks and compliance regulations
firewall
blueprints
escalation
CISO
4. Type of audit that checks that network resources - systems and software are used appropriately
ISO/IEC 27005
usage
firewall
confidentiality
5. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
BS7799
risk anlysis
FMEA
ITIL
6. Provides a cost/benefit comparision
ISO/IEC 27002
risk analysis
FRAP
risk catagories
7. FMEA
ISO/IEC 27005
Failure Modes and Effect Analysis
security governanace
No events - Errors only - Errors and warnings - All events
8. Strategic - tactical and operational planning
planning horizon
CobiT
ISO/IEC 27005
security officer
9. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
COSO
CobiT
vulnerability
due care
10. Type of audit that checks procedures and policies for escalating issues to management
single loss expectancy
COSO
FRAP
escalation
11. Event levels available for logging in a MS DNS server
No events - Errors only - Errors and warnings - All events
security program
mappers
security governanace
12. The asset's value multiplied by the EF percentage - (SLE)
Facilitated Risk Analysis Process
risk mitigation
ITIL
single loss expectancy
13. Potential danger to information or systems
threat
ISO/IEC 27001
elcomsoft
administrative
14. Used to ID failures in a complex systems to understand underlying causes of threats
fault tree analysis
technical
vulnerability
strategic
15. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
ISO/IEC 27001
blueprints
ISO 17799
annualized rate of occurrence
16. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
BS7799
firewall
network mapping
penetration
17. Percentage of an asset's value that would be lost in a single incident - (EF)
vulnerability
network mapping
strategic
exposure factor
18. Corporate governance at the strategic level
COSO
ISO/IEC 27002
ISO/IEC 27004
FMEA
19. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
COSO
administrative
CobiT
network mapping
20. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
qualitative
integrity
threat
mappers
21. Number of time the incident might occur annually - (ARO)
annualized rate of occurrence
fault tree analysis
integrity
technical
22. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
CobiT
performance monitor
risk catagories
Information risk management
23. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
security governanace
Information Security Management
vulnerability
CobiT
24. Assurance of accurancy and reliability of information and systems
integrity
ISO/IEC 27001
qualitative
risk catagories
25. COSO
penetration
Committee of Sponsoring Organizations
risk catagories
vulnerability scanner
26. Tools to ID - develop - and design security requirements for business needs
penetration
blueprints
ISO/IEC 27002
AS/NZS 4360
27. NIST risk management methodology
Information Security Management
ISO/IEC 27004
chief information security officer
SP 800-30
28. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
CISO
security program
security officer
FMEA
29. Guide to illustrate how to protect personal health information
vulnerability
vulnerability scanner
ISO/IEC 27799
protocol analyzer
30. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
security program
chief information security officer
qualitative
exposure
31. The tools - personnel and business processes necessary to ensure that security meets needs
exposure
performance monitor
mappers
security governanace
32. ISM Standard
CISO
technical
vulnerability
Information Security Management
33. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
CobiT
ISO 17799
vulnerability scanner
john the ripper
34. A log that can record outgoing requests - incoming traffic - and internet usage
risk
IRM
firewall
OCTAVE
35. A weakness (software - hardware - procedural - human) that can be exploited
corporate security officer
vulnerability
ISO 17799
ISO/IEC 27002
36. IRM
Information Security Management
Information Technology Infrastructure Library (ITIL)
Operationally Critical Threat - Asset - and Vulnerability Evaluation
Information risk management
37. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
OVAL
risk catagories
Information risk management
operational
38. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
OVAL
ISO/IEC 27005
security governanace
protocol analyzer
39. Ensures managment security directives are fulfilled
L0phtCrack
risk analysis
security officer
escalation
40. An instance of being exposed to losses from a threat
exposure
ISO 17799
tactical
fault tree analysis
41. Collection of controls an organization must have in place
technical
COSO
performance baseline
security program
42. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
security officer
FMEA
OCTAVE
risk catagories
43. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
IRM
vulnerability
availability
exposure
44. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
IRM
FRAP
planning horizon
qualitative
45. Responsible for information classification and protection
Facilitated Risk Analysis Process
ISO/IEC 27799
FMEA
data owner
46. Possiblity of damage and the ramifications should it occur
L0phtCrack
tactical
mappers
risk
47. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
CISO
network mapping
L0phtCrack
exposure
48. Made up of ten domains - a mechanism to describe security processes
risk
AS/NZS 4360
ISO 17799
risk
49. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
security program
Operationally Critical Threat - Asset - and Vulnerability Evaluation
strategic
CobiT
50. The likelihood of exploitation and the loss potential
risk
chief information security officer
IRM
ITIL