SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
performance monitor
ISO/IEC 27002
L0phtCrack
CISO
2. Risk mgmt method with much broader focus than IT security
vulnerability scanner
CobiT
security program
AS/NZS 4360
3. Provides a cost/benefit comparision
vulnerability
risk analysis
exposure factor
performance monitor
4. Guide to illustrate how to protect personal health information
risk analysis
qualitative
ISO/IEC 27799
risk
5. CSO
security governanace
security program
corporate security officer
penetration
6. Midterm goals
tactical
strategic
delayed
CISO
7. CobiT
privilege
blueprints
administrative
Control Objectives for Information and related Technology
8. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
Information Security Management
confidentiality
qualitative
performance monitor
9. An instance of being exposed to losses from a threat
physical
security program
COSO
exposure
10. Responsible for information classification and protection
CobiT
port scanner
ISO 17799
data owner
11. ISM Standard
Information Security Management
security governanace
qualitative
vulnerability
12. Number of time the incident might occur annually - (ARO)
ISO/IEC 27005
annualized rate of occurrence
risk anlysis
Facilitated Risk Analysis Process
13. Strategic - tactical and operational planning
FMEA
planning horizon
delayed
FRAP
14. Derived from the COSO framework
CobiT
protocol analyzer
risk
Information Security Management
15. De facto standard of best practices for IT service mgmt
Information Technology Infrastructure Library (ITIL)
countermeasure
fault tree analysis
ITIL
16. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
ISO/IEC 27004
confidentiality
OCTAVE
CobiT
17. Controls that implement access control - password mangement - identification and authentication methods - configuration
corporate security officer
technical
risk analysis
performance baseline
18. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
due care
network mapping
FRAP
strategic
19. Collection of controls an organization must have in place
single loss expectancy
security officer
security program
ITIL
20. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
Information Security Management
administrative
performance baseline
performance monitor
21. The asset's value multiplied by the EF percentage - (SLE)
threat
risk mitigation
CobiT
single loss expectancy
22. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
integrity
strategic
AS/NZS 4360
CISO
23. The tools - personnel and business processes necessary to ensure that security meets needs
OCTAVE
security governanace
strategic
mappers
24. Ensures managment security directives are fulfilled
technical
ISO 17799
security officer
CobiT
25. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
security program
FMEA
Information risk management
blueprints
26. Possiblity of damage and the ramifications should it occur
FMEA
Committee of Sponsoring Organizations
risk
protocol analyzer
27. Responsible for communicating to senior mgmt organizational risks and compliance regulations
CISO
penetration
corporate security officer
mappers
28. Type of audit that checks procedures and policies for escalating issues to management
escalation
OCTAVE
ISO/IEC 27799
risk
29. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
FMEA
OCTAVE
ISO/IEC 27799
operational
30. Expected or predetermined performance level - developed from policy - performance - requirements
due care
vulnerability
L0phtCrack
performance baseline
31. The likelihood of exploitation and the loss potential
CobiT
firewall
risk
Information Technology Infrastructure Library (ITIL)
32. Daily goals focused on productivity and task-oriented activities
vulnerability scanner
operational
security program
fault tree analysis
33. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
strategic
vulnerability
FRAP
corporate security officer
34. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
data owner
john the ripper
Information Security Management
blueprints
35. FMEA
usage
administrative
COSO
Failure Modes and Effect Analysis
36. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
single loss expectancy
Committee of Sponsoring Organizations
BS7799
operational
37. Focus on service level agreements between IT dept and internal customers
countermeasure
tactical
COSO
ITIL
38. OCTAVE
CobiT
AS/NZS 4360
chief information security officer
Operationally Critical Threat - Asset - and Vulnerability Evaluation
39. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond
COSO
annualized rate of occurrence
countermeasure
fault tree analysis
40. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
CISO
delayed
elcomsoft
AS/NZS 4360
41. Percentage of an asset's value that would be lost in a single incident - (EF)
Information Security Management
risk analysis
blueprints
exposure factor
42. Ensures reliable timely access to data/resources to authorized individuals
integrity
availability
qualitative
exposure
43. FRAP
network mapping
SP 800-30
Facilitated Risk Analysis Process
ISO/IEC 27004
44. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
vulnerability scanner
CobiT
ISO/IEC 27002
security governanace
45. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
ISO 17799
network mapping
FMEA
due care
46. Guide assist in the implemenation of information security based on risk managent approach
AS/NZS 4360
Information Technology Infrastructure Library (ITIL)
ISO/IEC 27005
Control Objectives for Information and related Technology
47. Used to ID failures in a complex systems to understand underlying causes of threats
mappers
fault tree analysis
ITIL
FMEA
48. __________ loss has a negative effect after a vulnerability is initially exploited
usage
integrity
delayed
Information Security Management
49. IT governance at the operational level
L0phtCrack
CobiT
security officer
administrative
50. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
ISO/IEC 27001
technical
planning horizon
security program
