SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Type of audit that checks procedures and policies for escalating issues to management
escalation
No events - Errors only - Errors and warnings - All events
protocol analyzer
network mapping
2. Strategic - tactical and operational planning
planning horizon
OCTAVE
john the ripper
single loss expectancy
3. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
OCTAVE
No events - Errors only - Errors and warnings - All events
network mapping
port scanner
4. Guide to illustrate how to protect personal health information
Control Objectives for Information and related Technology
risk analysis
ISO/IEC 27799
corporate security officer
5. Derived from the COSO framework
CobiT
CISO
availability
Information risk management
6. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
risk analysis
ITIL
CobiT
risk catagories
7. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
security program
ISO/IEC 27002
vulnerability scanner
FMEA
8. FRAP
annualized loss expectancy
Facilitated Risk Analysis Process
ISO 17799
john the ripper
9. CISO
chief information security officer
SP 800-30
confidentiality
ITIL
10. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
Failure Modes and Effect Analysis
security officer
CobiT
administrative
11. IT governance at the operational level
performance baseline
CobiT
Failure Modes and Effect Analysis
risk analysis
12. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
No events - Errors only - Errors and warnings - All events
due care
corporate security officer
risk
13. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
CobiT
qualitative
OCTAVE
fault tree analysis
14. The tools - personnel and business processes necessary to ensure that security meets needs
security governanace
data owner
risk anlysis
COSO
15. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
port scanner
corporate security officer
security officer
vulnerability
16. Ensures managment security directives are fulfilled
firewall
administrative
Committee of Sponsoring Organizations
security officer
17. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
CISO
FMEA
planning horizon
john the ripper
18. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
FMEA
OVAL
OCTAVE
mappers
19. The asset's value multiplied by the EF percentage - (SLE)
single loss expectancy
network mapping
ISO/IEC 27005
planning horizon
20. De facto standard of best practices for IT service mgmt
Information Technology Infrastructure Library (ITIL)
vulnerability
data owner
Facilitated Risk Analysis Process
21. OCTAVE
Operationally Critical Threat - Asset - and Vulnerability Evaluation
risk catagories
privilege
technical
22. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
risk
due care
FMEA
network mapping
23. Ensures necessary level of secrecy and prevents unauthorized disclosure
exposure factor
AS/NZS 4360
mappers
confidentiality
24. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
SP 800-30
ISO/IEC 27001
due care
ISO/IEC 27004
25. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
exposure factor
risk
ISO/IEC 27002
OCTAVE
26. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
Operationally Critical Threat - Asset - and Vulnerability Evaluation
risk catagories
protocol analyzer
port scanner
27. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
CISO
OVAL
ISO/IEC 27799
risk analysis
28. Number of time the incident might occur annually - (ARO)
ISO/IEC 27005
due care
annualized rate of occurrence
vulnerability
29. Midterm goals
chief information security officer
Failure Modes and Effect Analysis
tactical
port scanner
30. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
BS7799
FRAP
elcomsoft
CobiT
31. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
CobiT
exposure factor
AS/NZS 4360
network mapping
32. Corporate governance at the strategic level
ISO/IEC 27005
CISO
ITIL
COSO
33. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
risk analysis
tactical
risk mitigation
security officer
34. Guide assist in the implemenation of information security based on risk managent approach
firewall
Control Objectives for Information and related Technology
ISO/IEC 27005
IRM
35. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
IRM
exposure factor
strategic
CobiT
36. Made up of ten domains - a mechanism to describe security processes
CobiT
ISO 17799
data owner
security program
37. Type of audit that checks that accounts - groups and roles are correctly assigned
privilege
technical
SP 800-30
ISO 17799
38. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
FMEA
fault tree analysis
performance baseline
OVAL
39. __________ loss has a negative effect after a vulnerability is initially exploited
CISO
ISO/IEC 27002
delayed
network mapping
40. Type of audit that checks that network resources - systems and software are used appropriately
due care
Information risk management
usage
SP 800-30
41. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
ISO/IEC 27002
FRAP
ISO 17799
blueprints
42. An instance of being exposed to losses from a threat
IRM
Information Security Management
operational
exposure
43. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
IRM
risk catagories
ISO/IEC 27799
network mapping
44. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
vulnerability
Information risk management
mappers
ITIL
45. IRM
Information risk management
AS/NZS 4360
availability
COSO
46. Expected or predetermined performance level - developed from policy - performance - requirements
countermeasure
No events - Errors only - Errors and warnings - All events
performance baseline
Failure Modes and Effect Analysis
47. Collection of controls an organization must have in place
Information Technology Infrastructure Library (ITIL)
security program
annualized loss expectancy
risk anlysis
48. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
risk anlysis
operational
ISO/IEC 27001
firewall
49. Risk mgmt method with much broader focus than IT security
risk anlysis
AS/NZS 4360
elcomsoft
Information risk management
50. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
Committee of Sponsoring Organizations
FMEA
penetration
countermeasure