SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A weakness (software - hardware - procedural - human) that can be exploited
BS7799
CobiT
vulnerability
performance baseline
2. SLE x ARO - (ALE)
firewall
network mapping
security program
annualized loss expectancy
3. FRAP
vulnerability
delayed
COSO
Facilitated Risk Analysis Process
4. Event levels available for logging in a MS DNS server
port scanner
COSO
No events - Errors only - Errors and warnings - All events
Information Technology Infrastructure Library (ITIL)
5. Tools to ID - develop - and design security requirements for business needs
ITIL
annualized loss expectancy
blueprints
security officer
6. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
physical
tactical
FRAP
CISO
7. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
ISO/IEC 27002
availability
network mapping
strategic
8. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
qualitative
risk
ISO 17799
escalation
9. The tools - personnel and business processes necessary to ensure that security meets needs
administrative
FMEA
annualized loss expectancy
security governanace
10. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
countermeasure
physical
L0phtCrack
john the ripper
11. Strategic - tactical and operational planning
usage
exposure factor
mappers
planning horizon
12. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
Failure Modes and Effect Analysis
risk anlysis
vulnerability
single loss expectancy
13. The asset's value multiplied by the EF percentage - (SLE)
qualitative
ISO/IEC 27005
single loss expectancy
Control Objectives for Information and related Technology
14. Made up of ten domains - a mechanism to describe security processes
ISO 17799
planning horizon
IRM
firewall
15. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
planning horizon
L0phtCrack
FMEA
escalation
16. IT governance at the operational level
Information Security Management
CobiT
fault tree analysis
risk
17. Expected or predetermined performance level - developed from policy - performance - requirements
network mapping
physical
performance monitor
performance baseline
18. Type of audit that checks that network resources - systems and software are used appropriately
Facilitated Risk Analysis Process
ITIL
usage
No events - Errors only - Errors and warnings - All events
19. IRM
CISO
corporate security officer
Information risk management
security program
20. The likelihood of exploitation and the loss potential
strategic
delayed
administrative
risk
21. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
ISO/IEC 27002
protocol analyzer
vulnerability
blueprints
22. Type of audit that checks information classification and change control procedures
john the ripper
availability
administrative
Operationally Critical Threat - Asset - and Vulnerability Evaluation
23. CISO
administrative
delayed
chief information security officer
escalation
24. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
mappers
corporate security officer
firewall
integrity
25. Derived from the COSO framework
CobiT
penetration
AS/NZS 4360
IRM
26. Guide to illustrate how to protect personal health information
technical
strategic
ISO/IEC 27799
risk mitigation
27. COSO
escalation
COSO
integrity
Committee of Sponsoring Organizations
28. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
IRM
threat
security officer
BS7799
29. Possiblity of damage and the ramifications should it occur
risk
network mapping
FRAP
countermeasure
30. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
ISO 17799
technical
vulnerability scanner
port scanner
31. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
CobiT
Control Objectives for Information and related Technology
performance monitor
tactical
32. Focus on service level agreements between IT dept and internal customers
network mapping
L0phtCrack
FMEA
ITIL
33. FMEA
Failure Modes and Effect Analysis
administrative
ISO/IEC 27799
ISO/IEC 27005
34. Risk mgmt method with much broader focus than IT security
performance monitor
strategic
vulnerability
AS/NZS 4360
35. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
annualized loss expectancy
risk anlysis
CobiT
ITIL
36. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
FMEA
risk mitigation
chief information security officer
CISO
37. OCTAVE
ISO 17799
delayed
technical
Operationally Critical Threat - Asset - and Vulnerability Evaluation
38. CSO
performance monitor
corporate security officer
Failure Modes and Effect Analysis
ISO 17799
39. Percentage of an asset's value that would be lost in a single incident - (EF)
fault tree analysis
Information risk management
exposure factor
Committee of Sponsoring Organizations
40. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
john the ripper
FMEA
strategic
single loss expectancy
41. De facto standard of best practices for IT service mgmt
network mapping
L0phtCrack
Information Technology Infrastructure Library (ITIL)
Operationally Critical Threat - Asset - and Vulnerability Evaluation
42. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
OCTAVE
availability
risk catagories
CobiT
43. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
FMEA
risk catagories
technical
availability
44. Guide assist in the implemenation of information security based on risk managent approach
delayed
ISO/IEC 27799
ISO/IEC 27005
corporate security officer
45. Midterm goals
tactical
annualized rate of occurrence
delayed
ISO 17799
46. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
Failure Modes and Effect Analysis
AS/NZS 4360
ISO/IEC 27001
CISO
47. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
physical
Control Objectives for Information and related Technology
administrative
Information risk management
48. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
CISO
protocol analyzer
security program
exposure
49. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
OCTAVE
CobiT
AS/NZS 4360
availability
50. Mitigates a potential risk
ISO 17799
delayed
countermeasure
planning horizon