SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Possiblity of damage and the ramifications should it occur
Information Technology Infrastructure Library (ITIL)
security governanace
COSO
risk
2. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
FRAP
delayed
CobiT
chief information security officer
3. Event levels available for logging in a MS DNS server
L0phtCrack
No events - Errors only - Errors and warnings - All events
ISO/IEC 27002
chief information security officer
4. Midterm goals
tactical
ISO/IEC 27002
planning horizon
BS7799
5. An open language from mitre.org for determining vulnerabilities and problems on computer systems
BS7799
elcomsoft
OVAL
Information risk management
6. Type of audit that checks that network resources - systems and software are used appropriately
corporate security officer
performance monitor
usage
CobiT
7. IRM
Information risk management
FMEA
CobiT
integrity
8. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
security program
administrative
vulnerability scanner
CISO
9. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
ISO/IEC 27001
risk
COSO
mappers
10. Type of audit that checks procedures and policies for escalating issues to management
security officer
Facilitated Risk Analysis Process
escalation
AS/NZS 4360
11. An instance of being exposed to losses from a threat
technical
security officer
strategic
exposure
12. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
Information Security Management
CISO
IRM
AS/NZS 4360
13. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
COSO
data owner
performance monitor
security officer
14. Ensures reliable timely access to data/resources to authorized individuals
availability
risk
Information Security Management
FMEA
15. NIST risk management methodology
ISO 17799
protocol analyzer
usage
SP 800-30
16. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
risk mitigation
risk analysis
annualized rate of occurrence
threat
17. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond
ISO/IEC 27004
IRM
security governanace
COSO
18. Used to ID failures in a complex systems to understand underlying causes of threats
chief information security officer
tactical
fault tree analysis
data owner
19. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
integrity
CobiT
protocol analyzer
OCTAVE
20. Derived from the COSO framework
CobiT
Operationally Critical Threat - Asset - and Vulnerability Evaluation
OVAL
planning horizon
21. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
network mapping
AS/NZS 4360
data owner
security program
22. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
CobiT
COSO
ISO/IEC 27004
due care
23. Assurance of accurancy and reliability of information and systems
firewall
FMEA
integrity
CobiT
24. CSO
qualitative
ISO/IEC 27799
corporate security officer
vulnerability
25. Mitigates a potential risk
tactical
administrative
threat
countermeasure
26. FRAP
security program
Information Security Management
Facilitated Risk Analysis Process
ITIL
27. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
technical
BS7799
FMEA
performance baseline
28. Expected or predetermined performance level - developed from policy - performance - requirements
ISO/IEC 27002
security program
performance baseline
network mapping
29. The asset's value multiplied by the EF percentage - (SLE)
single loss expectancy
delayed
security officer
mappers
30. IT governance at the operational level
CobiT
Information risk management
technical
protocol analyzer
31. A log that can record outgoing requests - incoming traffic - and internet usage
firewall
strategic
risk analysis
due care
32. Responsible for information classification and protection
ISO 17799
CISO
security officer
data owner
33. Type of audit that checks information classification and change control procedures
administrative
security governanace
network mapping
due care
34. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
strategic
COSO
risk anlysis
annualized loss expectancy
35. Number of time the incident might occur annually - (ARO)
annualized rate of occurrence
threat
risk mitigation
risk catagories
36. CobiT
CobiT
risk mitigation
Control Objectives for Information and related Technology
SP 800-30
37. Percentage of an asset's value that would be lost in a single incident - (EF)
exposure factor
CobiT
mappers
countermeasure
38. Type of audit that checks that accounts - groups and roles are correctly assigned
vulnerability
L0phtCrack
planning horizon
privilege
39. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
ISO 17799
risk analysis
CobiT
CobiT
40. The likelihood of exploitation and the loss potential
security governanace
risk
ISO 17799
FRAP
41. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
OCTAVE
COSO
FMEA
Operationally Critical Threat - Asset - and Vulnerability Evaluation
42. Strategic - tactical and operational planning
OCTAVE
security program
ISO/IEC 27002
planning horizon
43. ISM Standard
Information Security Management
ITIL
L0phtCrack
Control Objectives for Information and related Technology
44. Guide assist in the implemenation of information security based on risk managent approach
administrative
Failure Modes and Effect Analysis
ISO/IEC 27001
ISO/IEC 27005
45. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
due care
FRAP
risk anlysis
vulnerability
46. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
blueprints
OCTAVE
FMEA
BS7799
47. Controls that implement access control - password mangement - identification and authentication methods - configuration
technical
COSO
security program
vulnerability
48. __________ loss has a negative effect after a vulnerability is initially exploited
risk analysis
physical
delayed
single loss expectancy
49. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
physical
mappers
ISO 17799
ISO 17799
50. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
elcomsoft
ISO/IEC 27002
performance baseline
ISO 17799
