SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
qualitative
CobiT
integrity
tactical
2. Type of audit that checks that network resources - systems and software are used appropriately
Failure Modes and Effect Analysis
Operationally Critical Threat - Asset - and Vulnerability Evaluation
security officer
usage
3. Corporate governance at the strategic level
CISO
risk analysis
COSO
ISO/IEC 27799
4. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
due care
security program
vulnerability
protocol analyzer
5. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
vulnerability
mappers
COSO
CISO
6. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
penetration
CISO
annualized loss expectancy
risk mitigation
7. Type of audit that checks procedures and policies for escalating issues to management
mappers
escalation
security officer
risk analysis
8. The likelihood of exploitation and the loss potential
physical
Failure Modes and Effect Analysis
risk
performance monitor
9. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
due care
strategic
technical
COSO
10. FRAP
Facilitated Risk Analysis Process
No events - Errors only - Errors and warnings - All events
vulnerability
administrative
11. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
ITIL
network mapping
port scanner
AS/NZS 4360
12. CobiT
qualitative
threat
Control Objectives for Information and related Technology
AS/NZS 4360
13. Risk mgmt method with much broader focus than IT security
vulnerability
risk analysis
technical
AS/NZS 4360
14. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
risk analysis
Committee of Sponsoring Organizations
CobiT
Information Security Management
15. Assurance of accurancy and reliability of information and systems
ISO 17799
Operationally Critical Threat - Asset - and Vulnerability Evaluation
fault tree analysis
integrity
16. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
network mapping
risk analysis
COSO
penetration
17. Event levels available for logging in a MS DNS server
Facilitated Risk Analysis Process
risk analysis
No events - Errors only - Errors and warnings - All events
risk
18. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
elcomsoft
OCTAVE
CISO
Failure Modes and Effect Analysis
19. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
qualitative
FMEA
COSO
Information Technology Infrastructure Library (ITIL)
20. Responsible for information classification and protection
data owner
risk catagories
integrity
john the ripper
21. FMEA
Failure Modes and Effect Analysis
network mapping
network mapping
delayed
22. CISO
COSO
CISO
countermeasure
chief information security officer
23. De facto standard of best practices for IT service mgmt
vulnerability
risk
Information Technology Infrastructure Library (ITIL)
security program
24. COSO
risk
Committee of Sponsoring Organizations
AS/NZS 4360
IRM
25. Responsible for communicating to senior mgmt organizational risks and compliance regulations
IRM
CISO
FRAP
single loss expectancy
26. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
performance monitor
OCTAVE
CISO
risk analysis
27. Used to ID failures in a complex systems to understand underlying causes of threats
fault tree analysis
risk
Operationally Critical Threat - Asset - and Vulnerability Evaluation
tactical
28. Information security managment measurements
usage
COSO
ISO/IEC 27004
administrative
29. Potential danger to information or systems
privilege
BS7799
threat
FRAP
30. IRM
Information risk management
risk catagories
privilege
ISO 17799
31. CSO
corporate security officer
chief information security officer
protocol analyzer
escalation
32. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
CobiT
Information Security Management
FMEA
privilege
33. IT governance at the operational level
strategic
administrative
risk anlysis
CobiT
34. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
administrative
CISO
vulnerability
COSO
35. Tools to ID - develop - and design security requirements for business needs
Failure Modes and Effect Analysis
blueprints
L0phtCrack
planning horizon
36. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
Information Security Management
security program
mappers
ISO/IEC 27001
37. Guide to illustrate how to protect personal health information
Failure Modes and Effect Analysis
OCTAVE
security program
ISO/IEC 27799
38. An open language from mitre.org for determining vulnerabilities and problems on computer systems
usage
OCTAVE
OVAL
CobiT
39. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
port scanner
john the ripper
security program
Information risk management
40. Type of audit that checks information classification and change control procedures
administrative
elcomsoft
SP 800-30
L0phtCrack
41. OCTAVE
FMEA
Operationally Critical Threat - Asset - and Vulnerability Evaluation
COSO
port scanner
42. Ensures necessary level of secrecy and prevents unauthorized disclosure
confidentiality
protocol analyzer
availability
Facilitated Risk Analysis Process
43. NIST risk management methodology
SP 800-30
exposure factor
CobiT
performance baseline
44. The tools - personnel and business processes necessary to ensure that security meets needs
availability
FRAP
CISO
security governanace
45. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
security program
ISO/IEC 27001
ITIL
protocol analyzer
46. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
risk analysis
IRM
availability
vulnerability scanner
47. Mitigates a potential risk
COSO
risk analysis
countermeasure
integrity
48. Derived from the COSO framework
Information risk management
CobiT
mappers
security program
49. A log that can record outgoing requests - incoming traffic - and internet usage
ISO/IEC 27004
firewall
OVAL
ISO 17799
50. ISM Standard
AS/NZS 4360
penetration
CobiT
Information Security Management