Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Guide to illustrate how to protect personal health information
confidentiality
ISO/IEC 27799
exposure
mappers

2. Potential danger to information or systems
FMEA
threat
escalation
CobiT

3. Expected or predetermined performance level - developed from policy - performance - requirements
tactical
performance baseline
performance monitor
CobiT

4. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
administrative
ISO/IEC 27001
qualitative
planning horizon

5. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
technical
security officer
security program
vulnerability

6. Type of audit that checks information classification and change control procedures
port scanner
ISO/IEC 27001
CobiT
administrative

7. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
CobiT
FRAP
OVAL
Committee of Sponsoring Organizations

8. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
ISO/IEC 27001
protocol analyzer
usage
Information Technology Infrastructure Library (ITIL)

9. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
ISO/IEC 27799
CobiT
ISO/IEC 27005
ISO/IEC 27004

10. Percentage of an asset's value that would be lost in a single incident - (EF)
mappers
network mapping
exposure factor
risk analysis

11. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
Operationally Critical Threat - Asset - and Vulnerability Evaluation
CobiT
due care
CISO

12. CISO
risk analysis
chief information security officer
Facilitated Risk Analysis Process
ISO/IEC 27004

13. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
Committee of Sponsoring Organizations
john the ripper
CISO
administrative

14. ISM Standard
Committee of Sponsoring Organizations
ISO/IEC 27004
Information Security Management
fault tree analysis

15. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
network mapping
risk analysis
Control Objectives for Information and related Technology
CISO

16. COSO
Committee of Sponsoring Organizations
physical
mappers
ISO 17799

17. Strategic - tactical and operational planning
Failure Modes and Effect Analysis
planning horizon
annualized loss expectancy
exposure

18. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
risk catagories
Control Objectives for Information and related Technology
risk analysis
ISO 17799

19. Possiblity of damage and the ramifications should it occur
network mapping
ISO 17799
risk
OVAL

20. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
FMEA
ISO/IEC 27001
firewall
vulnerability

21. Provides a cost/benefit comparision
risk analysis
integrity
CobiT
Failure Modes and Effect Analysis

22. A weakness (software - hardware - procedural - human) that can be exploited
CISO
performance monitor
confidentiality
vulnerability

23. Derived from the COSO framework
risk
CobiT
usage
operational

24. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
Information risk management
fault tree analysis
risk catagories
john the ripper

25. Number of time the incident might occur annually - (ARO)
IRM
annualized rate of occurrence
CobiT
performance monitor

26. Risk mgmt method with much broader focus than IT security
due care
risk analysis
AS/NZS 4360
technical

27. Midterm goals
tactical
chief information security officer
Control Objectives for Information and related Technology
security program

28. FMEA
CobiT
FRAP
ISO 17799
Failure Modes and Effect Analysis

29. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
mappers
administrative
COSO
risk

30. Mitigates a potential risk
FMEA
countermeasure
OCTAVE
protocol analyzer

31. An open language from mitre.org for determining vulnerabilities and problems on computer systems
AS/NZS 4360
ISO/IEC 27002
OVAL
Information Technology Infrastructure Library (ITIL)

32. Corporate governance at the strategic level
FMEA
Information Technology Infrastructure Library (ITIL)
COSO
firewall

33. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
risk mitigation
fault tree analysis
ITIL
firewall

34. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
technical
CISO
performance baseline
john the ripper

35. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
BS7799
risk analysis
risk catagories
L0phtCrack

36. An instance of being exposed to losses from a threat
single loss expectancy
exposure
fault tree analysis
AS/NZS 4360

37. Ensures necessary level of secrecy and prevents unauthorized disclosure
performance baseline
usage
risk anlysis
confidentiality

38. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
port scanner
risk mitigation
annualized rate of occurrence
risk analysis

39. Responsible for information classification and protection
availability
data owner
OCTAVE
CISO

40. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
risk mitigation
privilege
blueprints
ISO/IEC 27002

41. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
penetration
CISO
COSO
OCTAVE

42. OCTAVE
vulnerability
blueprints
network mapping
Operationally Critical Threat - Asset - and Vulnerability Evaluation

43. Daily goals focused on productivity and task-oriented activities
FMEA
OCTAVE
operational
availability

44. Ensures managment security directives are fulfilled
security officer
firewall
tactical
blueprints

45. The tools - personnel and business processes necessary to ensure that security meets needs
Committee of Sponsoring Organizations
administrative
john the ripper
security governanace

46. De facto standard of best practices for IT service mgmt
Information Technology Infrastructure Library (ITIL)
security officer
CobiT
administrative

47. SLE x ARO - (ALE)
administrative
CobiT
annualized loss expectancy
threat

48. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
COSO
penetration
blueprints
Information Technology Infrastructure Library (ITIL)

49. Tools to ID - develop - and design security requirements for business needs
risk anlysis
privilege
L0phtCrack
blueprints

50. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
CISO
IRM
CobiT
security program