SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
COSO
administrative
port scanner
exposure factor
2. Used to ID failures in a complex systems to understand underlying causes of threats
fault tree analysis
No events - Errors only - Errors and warnings - All events
ISO 17799
Failure Modes and Effect Analysis
3. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
CISO
FMEA
administrative
risk anlysis
4. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
Information Security Management
FMEA
risk analysis
CISO
5. A weakness (software - hardware - procedural - human) that can be exploited
Facilitated Risk Analysis Process
CISO
vulnerability
planning horizon
6. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
FRAP
ISO 17799
annualized rate of occurrence
physical
7. The asset's value multiplied by the EF percentage - (SLE)
security program
physical
threat
single loss expectancy
8. Number of time the incident might occur annually - (ARO)
annualized rate of occurrence
availability
performance monitor
risk
9. Ensures reliable timely access to data/resources to authorized individuals
availability
CobiT
network mapping
risk analysis
10. Percentage of an asset's value that would be lost in a single incident - (EF)
ISO/IEC 27002
exposure factor
risk mitigation
CobiT
11. De facto standard of best practices for IT service mgmt
risk analysis
exposure factor
Information Technology Infrastructure Library (ITIL)
delayed
12. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
risk catagories
ITIL
integrity
availability
13. ISM Standard
risk catagories
Information risk management
Information Security Management
OCTAVE
14. Information security managment measurements
ISO/IEC 27004
exposure factor
operational
Operationally Critical Threat - Asset - and Vulnerability Evaluation
15. Focus on service level agreements between IT dept and internal customers
Failure Modes and Effect Analysis
security governanace
mappers
ITIL
16. Collection of controls an organization must have in place
AS/NZS 4360
security program
risk
BS7799
17. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
ISO/IEC 27001
CISO
operational
physical
18. An open language from mitre.org for determining vulnerabilities and problems on computer systems
OVAL
security officer
COSO
CobiT
19. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
L0phtCrack
technical
network mapping
administrative
20. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
security program
BS7799
operational
performance baseline
21. SLE x ARO - (ALE)
annualized loss expectancy
AS/NZS 4360
risk anlysis
port scanner
22. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
Information Technology Infrastructure Library (ITIL)
availability
CISO
CobiT
23. Made up of ten domains - a mechanism to describe security processes
strategic
Facilitated Risk Analysis Process
ISO 17799
security governanace
24. Midterm goals
L0phtCrack
elcomsoft
ISO/IEC 27001
tactical
25. Tools to ID - develop - and design security requirements for business needs
blueprints
mappers
risk analysis
countermeasure
26. Type of audit that checks that accounts - groups and roles are correctly assigned
Information Technology Infrastructure Library (ITIL)
qualitative
privilege
COSO
27. Assurance of accurancy and reliability of information and systems
Information risk management
mappers
integrity
Operationally Critical Threat - Asset - and Vulnerability Evaluation
28. IRM
Information Security Management
administrative
Failure Modes and Effect Analysis
Information risk management
29. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
fault tree analysis
performance monitor
availability
qualitative
30. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
annualized loss expectancy
exposure
strategic
Control Objectives for Information and related Technology
31. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
security program
ISO/IEC 27002
COSO
availability
32. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
elcomsoft
port scanner
exposure
vulnerability
33. The tools - personnel and business processes necessary to ensure that security meets needs
privilege
security governanace
risk analysis
firewall
34. Derived from the COSO framework
risk catagories
CobiT
ISO 17799
ITIL
35. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
risk mitigation
CobiT
ISO/IEC 27004
john the ripper
36. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
usage
SP 800-30
due care
CISO
37. Potential danger to information or systems
risk mitigation
vulnerability
planning horizon
threat
38. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
elcomsoft
vulnerability
performance baseline
SP 800-30
39. Controls that implement access control - password mangement - identification and authentication methods - configuration
availability
technical
risk catagories
CobiT
40. Provides a cost/benefit comparision
risk analysis
planning horizon
port scanner
CISO
41. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
ISO 17799
security program
port scanner
network mapping
42. Mitigates a potential risk
countermeasure
protocol analyzer
ISO/IEC 27799
CISO
43. CSO
privilege
data owner
corporate security officer
ISO 17799
44. CobiT
annualized rate of occurrence
network mapping
Control Objectives for Information and related Technology
strategic
45. Type of audit that checks procedures and policies for escalating issues to management
strategic
exposure factor
escalation
Information Security Management
46. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
Operationally Critical Threat - Asset - and Vulnerability Evaluation
AS/NZS 4360
annualized rate of occurrence
FMEA
47. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
IRM
single loss expectancy
FRAP
penetration
48. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
CobiT
network mapping
ISO/IEC 27002
No events - Errors only - Errors and warnings - All events
49. Expected or predetermined performance level - developed from policy - performance - requirements
performance baseline
Facilitated Risk Analysis Process
vulnerability
Committee of Sponsoring Organizations
50. __________ loss has a negative effect after a vulnerability is initially exploited
administrative
delayed
escalation
L0phtCrack