Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An instance of being exposed to losses from a threat






2. Controls that implement access control - password mangement - identification and authentication methods - configuration






3. Number of time the incident might occur annually - (ARO)






4. A log that can record outgoing requests - incoming traffic - and internet usage






5. Responsible for communicating to senior mgmt organizational risks and compliance regulations






6. Possiblity of damage and the ramifications should it occur






7. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________






8. Responsible for information classification and protection






9. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)






10. Midterm goals






11. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control






12. Guide assist in the implemenation of information security based on risk managent approach






13. Expected or predetermined performance level - developed from policy - performance - requirements






14. The following tools (Nessus - Qualys - Retina) are ______________ scanners






15. CSO






16. __________ loss has a negative effect after a vulnerability is initially exploited






17. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond






18. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards






19. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach






20. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis






21. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk






22. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks






23. Daily goals focused on productivity and task-oriented activities






24. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate






25. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product






26. Type of audit that checks information classification and change control procedures






27. Used to predict changes based on trends - detect deviations - and watch events across multiple system components






28. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate






29. Ensures necessary level of secrecy and prevents unauthorized disclosure






30. A weakness (software - hardware - procedural - human) that can be exploited






31. Made up of ten domains - a mechanism to describe security processes






32. Percentage of an asset's value that would be lost in a single incident - (EF)






33. Type of audit that checks that network resources - systems and software are used appropriately






34. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error






35. Collection of controls an organization must have in place






36. Guide to illustrate how to protect personal health information






37. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering






38. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)






39. Mitigates a potential risk






40. Provides a cost/benefit comparision






41. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs






42. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion






43. ISM Standard






44. Focus on service level agreements between IT dept and internal customers






45. Strategic - tactical and operational planning






46. Type of audit that checks procedures and policies for escalating issues to management






47. Type of audit that checks that accounts - groups and roles are correctly assigned






48. Information security managment measurements






49. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external






50. CISO







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests