SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
performance monitor
vulnerability
IRM
Failure Modes and Effect Analysis
2. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
risk analysis
ISO/IEC 27002
protocol analyzer
port scanner
3. Expected or predetermined performance level - developed from policy - performance - requirements
penetration
ISO/IEC 27004
protocol analyzer
performance baseline
4. Type of audit that checks procedures and policies for escalating issues to management
escalation
ITIL
COSO
ISO/IEC 27799
5. Guide assist in the implemenation of information security based on risk managent approach
ISO/IEC 27005
risk analysis
security program
Failure Modes and Effect Analysis
6. Type of audit that checks that network resources - systems and software are used appropriately
threat
ISO 17799
Information Security Management
usage
7. OCTAVE
Operationally Critical Threat - Asset - and Vulnerability Evaluation
security officer
FMEA
ISO/IEC 27002
8. A weakness (software - hardware - procedural - human) that can be exploited
performance monitor
vulnerability
risk analysis
ISO/IEC 27002
9. Type of audit that checks that accounts - groups and roles are correctly assigned
physical
countermeasure
corporate security officer
privilege
10. Type of audit that checks information classification and change control procedures
administrative
due care
AS/NZS 4360
planning horizon
11. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
CobiT
ISO/IEC 27001
mappers
confidentiality
12. CSO
qualitative
port scanner
single loss expectancy
corporate security officer
13. Number of time the incident might occur annually - (ARO)
john the ripper
annualized rate of occurrence
risk catagories
due care
14. Ensures managment security directives are fulfilled
firewall
FMEA
Facilitated Risk Analysis Process
security officer
15. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
ISO/IEC 27799
CISO
risk anlysis
data owner
16. __________ loss has a negative effect after a vulnerability is initially exploited
delayed
SP 800-30
tactical
COSO
17. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
protocol analyzer
security governanace
SP 800-30
FMEA
18. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
COSO
threat
usage
due care
19. Mitigates a potential risk
administrative
countermeasure
risk anlysis
planning horizon
20. The asset's value multiplied by the EF percentage - (SLE)
FRAP
corporate security officer
single loss expectancy
fault tree analysis
21. Midterm goals
tactical
risk
ISO 17799
CISO
22. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
administrative
performance monitor
ISO 17799
single loss expectancy
23. Tools to ID - develop - and design security requirements for business needs
ISO/IEC 27005
strategic
usage
blueprints
24. Collection of controls an organization must have in place
No events - Errors only - Errors and warnings - All events
L0phtCrack
security program
ISO/IEC 27005
25. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
strategic
network mapping
ISO/IEC 27001
OCTAVE
26. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
network mapping
ISO/IEC 27005
CobiT
vulnerability scanner
27. Guide to illustrate how to protect personal health information
ISO/IEC 27799
Committee of Sponsoring Organizations
john the ripper
FRAP
28. Controls that implement access control - password mangement - identification and authentication methods - configuration
technical
COSO
CobiT
risk catagories
29. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
SP 800-30
penetration
integrity
administrative
30. Possiblity of damage and the ramifications should it occur
penetration
risk
ISO/IEC 27004
vulnerability
31. De facto standard of best practices for IT service mgmt
SP 800-30
due care
FRAP
Information Technology Infrastructure Library (ITIL)
32. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
penetration
single loss expectancy
BS7799
availability
33. Percentage of an asset's value that would be lost in a single incident - (EF)
No events - Errors only - Errors and warnings - All events
exposure factor
administrative
security governanace
34. Corporate governance at the strategic level
strategic
ISO 17799
COSO
CISO
35. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
vulnerability
planning horizon
elcomsoft
availability
36. Ensures reliable timely access to data/resources to authorized individuals
risk catagories
penetration
vulnerability
availability
37. Assurance of accurancy and reliability of information and systems
countermeasure
security program
Committee of Sponsoring Organizations
integrity
38. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
Information risk management
privilege
vulnerability
risk anlysis
39. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
availability
security program
planning horizon
privilege
40. The following tools (Nessus - Qualys - Retina) are ______________ scanners
network mapping
OCTAVE
protocol analyzer
vulnerability
41. Made up of ten domains - a mechanism to describe security processes
ISO 17799
delayed
ISO/IEC 27005
security program
42. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
Failure Modes and Effect Analysis
john the ripper
risk analysis
security governanace
43. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
penetration
port scanner
strategic
security officer
44. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
OCTAVE
strategic
COSO
FMEA
45. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
Committee of Sponsoring Organizations
performance monitor
delayed
physical
46. ISM Standard
Committee of Sponsoring Organizations
Information Security Management
usage
FMEA
47. NIST risk management methodology
AS/NZS 4360
blueprints
physical
SP 800-30
48. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
L0phtCrack
IRM
single loss expectancy
fault tree analysis
49. Strategic - tactical and operational planning
ISO/IEC 27005
availability
planning horizon
escalation
50. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
delayed
CobiT
ISO/IEC 27799
vulnerability