Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)






2. The likelihood of exploitation and the loss potential






3. Type of audit that checks that accounts - groups and roles are correctly assigned






4. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers






5. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control






6. Event levels available for logging in a MS DNS server






7. Ensures reliable timely access to data/resources to authorized individuals






8. FMEA






9. Percentage of an asset's value that would be lost in a single incident - (EF)






10. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis






11. Type of audit that checks procedures and policies for escalating issues to management






12. Risk mgmt method with much broader focus than IT security






13. Mitigates a potential risk






14. Ensures managment security directives are fulfilled






15. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate






16. Type of audit that checks information classification and change control procedures






17. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate






18. Daily goals focused on productivity and task-oriented activities






19. OCTAVE






20. Information security managment measurements






21. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________






22. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks






23. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product






24. De facto standard of best practices for IT service mgmt






25. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)






26. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards






27. Used to ID failures in a complex systems to understand underlying causes of threats






28. Responsible for communicating to senior mgmt organizational risks and compliance regulations






29. The asset's value multiplied by the EF percentage - (SLE)






30. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files






31. Assurance of accurancy and reliability of information and systems






32. The tools - personnel and business processes necessary to ensure that security meets needs






33. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk






34. Collection of controls an organization must have in place






35. __________ loss has a negative effect after a vulnerability is initially exploited






36. SLE x ARO - (ALE)






37. A log that can record outgoing requests - incoming traffic - and internet usage






38. CobiT






39. Tools to ID - develop - and design security requirements for business needs






40. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach






41. Number of time the incident might occur annually - (ARO)






42. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering






43. Possiblity of damage and the ramifications should it occur






44. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits






45. IRM






46. The following tools (Nessus - Qualys - Retina) are ______________ scanners






47. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard






48. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.






49. Used to predict changes based on trends - detect deviations - and watch events across multiple system components






50. A weakness (software - hardware - procedural - human) that can be exploited