SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Expected or predetermined performance level - developed from policy - performance - requirements
performance baseline
physical
technical
annualized loss expectancy
2. Ensures managment security directives are fulfilled
security program
security officer
Information risk management
Committee of Sponsoring Organizations
3. FMEA
ISO 17799
Failure Modes and Effect Analysis
annualized rate of occurrence
escalation
4. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
CobiT
vulnerability
exposure
vulnerability scanner
5. ISM Standard
Information Security Management
BS7799
risk mitigation
privilege
6. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
exposure
vulnerability
network mapping
ISO/IEC 27799
7. Type of audit that checks that network resources - systems and software are used appropriately
usage
vulnerability
exposure factor
administrative
8. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
FMEA
administrative
ISO/IEC 27005
risk analysis
9. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
ISO/IEC 27002
CobiT
administrative
risk anlysis
10. Ensures necessary level of secrecy and prevents unauthorized disclosure
integrity
fault tree analysis
vulnerability
confidentiality
11. Number of time the incident might occur annually - (ARO)
chief information security officer
annualized rate of occurrence
FRAP
ISO/IEC 27001
12. Information security managment measurements
AS/NZS 4360
ISO/IEC 27004
CISO
ISO/IEC 27799
13. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
SP 800-30
security governanace
elcomsoft
fault tree analysis
14. Guide to illustrate how to protect personal health information
tactical
Failure Modes and Effect Analysis
ISO/IEC 27799
CobiT
15. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
L0phtCrack
CobiT
OCTAVE
chief information security officer
16. Assurance of accurancy and reliability of information and systems
CobiT
integrity
risk
network mapping
17. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
strategic
risk catagories
ISO/IEC 27799
exposure
18. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
FRAP
operational
OCTAVE
FMEA
19. Collection of controls an organization must have in place
Failure Modes and Effect Analysis
security program
exposure factor
Control Objectives for Information and related Technology
20. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
qualitative
COSO
IRM
confidentiality
21. OCTAVE
risk
Committee of Sponsoring Organizations
network mapping
Operationally Critical Threat - Asset - and Vulnerability Evaluation
22. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
SP 800-30
IRM
administrative
availability
23. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
CobiT
security governanace
No events - Errors only - Errors and warnings - All events
security officer
24. Used to ID failures in a complex systems to understand underlying causes of threats
risk analysis
OVAL
fault tree analysis
IRM
25. An instance of being exposed to losses from a threat
COSO
performance monitor
L0phtCrack
exposure
26. Provides a cost/benefit comparision
AS/NZS 4360
protocol analyzer
elcomsoft
risk analysis
27. Tools to ID - develop - and design security requirements for business needs
blueprints
SP 800-30
CobiT
fault tree analysis
28. Type of audit that checks information classification and change control procedures
OVAL
CobiT
administrative
port scanner
29. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
port scanner
due care
risk
physical
30. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
ITIL
integrity
john the ripper
AS/NZS 4360
31. Guide assist in the implemenation of information security based on risk managent approach
ISO 17799
confidentiality
ISO/IEC 27005
vulnerability
32. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
exposure factor
network mapping
CobiT
privilege
33. COSO
usage
Committee of Sponsoring Organizations
ISO/IEC 27799
john the ripper
34. Derived from the COSO framework
CobiT
No events - Errors only - Errors and warnings - All events
risk
mappers
35. Potential danger to information or systems
qualitative
Information Security Management
threat
single loss expectancy
36. FRAP
Facilitated Risk Analysis Process
due care
fault tree analysis
administrative
37. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
security program
security officer
ISO 17799
blueprints
38. Possiblity of damage and the ramifications should it occur
risk
vulnerability
ISO 17799
Information Security Management
39. Strategic - tactical and operational planning
Facilitated Risk Analysis Process
fault tree analysis
planning horizon
security program
40. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
vulnerability
exposure
port scanner
OCTAVE
41. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
protocol analyzer
risk
ISO/IEC 27001
network mapping
42. An open language from mitre.org for determining vulnerabilities and problems on computer systems
OVAL
COSO
risk catagories
Failure Modes and Effect Analysis
43. Risk mgmt method with much broader focus than IT security
AS/NZS 4360
risk mitigation
administrative
privilege
44. Type of audit that checks procedures and policies for escalating issues to management
risk anlysis
administrative
escalation
physical
45. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
CISO
risk analysis
administrative
strategic
46. Made up of ten domains - a mechanism to describe security processes
Information risk management
ISO 17799
CobiT
CobiT
47. Event levels available for logging in a MS DNS server
No events - Errors only - Errors and warnings - All events
firewall
security program
FMEA
48. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
Information Technology Infrastructure Library (ITIL)
performance baseline
BS7799
network mapping
49. The tools - personnel and business processes necessary to ensure that security meets needs
CobiT
Information risk management
qualitative
security governanace
50. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
ISO/IEC 27004
risk analysis
Facilitated Risk Analysis Process
port scanner