SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Midterm goals
No events - Errors only - Errors and warnings - All events
COSO
penetration
tactical
2. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
administrative
L0phtCrack
escalation
confidentiality
3. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
confidentiality
risk
administrative
technical
4. De facto standard of best practices for IT service mgmt
technical
FMEA
Information Technology Infrastructure Library (ITIL)
exposure factor
5. Corporate governance at the strategic level
IRM
technical
privilege
COSO
6. Percentage of an asset's value that would be lost in a single incident - (EF)
countermeasure
OCTAVE
ISO/IEC 27799
exposure factor
7. The tools - personnel and business processes necessary to ensure that security meets needs
security governanace
risk anlysis
fault tree analysis
Information Security Management
8. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
FMEA
blueprints
BS7799
exposure
9. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
CobiT
protocol analyzer
ITIL
security governanace
10. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
risk
risk anlysis
CobiT
escalation
11. Guide to illustrate how to protect personal health information
vulnerability scanner
corporate security officer
ISO/IEC 27799
CobiT
12. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
Information Security Management
risk
CobiT
network mapping
13. Event levels available for logging in a MS DNS server
Failure Modes and Effect Analysis
security program
No events - Errors only - Errors and warnings - All events
performance baseline
14. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
exposure
administrative
elcomsoft
network mapping
15. Ensures necessary level of secrecy and prevents unauthorized disclosure
due care
confidentiality
elcomsoft
qualitative
16. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
usage
planning horizon
FRAP
CobiT
17. Type of audit that checks that network resources - systems and software are used appropriately
blueprints
OVAL
usage
ITIL
18. Ensures managment security directives are fulfilled
AS/NZS 4360
security officer
annualized loss expectancy
CobiT
19. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
CobiT
Operationally Critical Threat - Asset - and Vulnerability Evaluation
john the ripper
integrity
20. Type of audit that checks information classification and change control procedures
confidentiality
network mapping
risk
administrative
21. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
IRM
risk analysis
performance baseline
administrative
22. Potential danger to information or systems
threat
ISO/IEC 27002
planning horizon
physical
23. FRAP
Facilitated Risk Analysis Process
risk analysis
exposure factor
AS/NZS 4360
24. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
availability
administrative
ISO 17799
security program
25. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
ISO 17799
FMEA
ISO/IEC 27001
ISO/IEC 27002
26. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
CISO
ITIL
CobiT
technical
27. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
availability
vulnerability scanner
administrative
L0phtCrack
28. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
BS7799
mappers
COSO
data owner
29. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
Failure Modes and Effect Analysis
countermeasure
COSO
delayed
30. An open language from mitre.org for determining vulnerabilities and problems on computer systems
vulnerability
data owner
ISO 17799
OVAL
31. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
qualitative
ISO/IEC 27799
performance baseline
ISO/IEC 27005
32. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
SP 800-30
data owner
elcomsoft
penetration
33. Derived from the COSO framework
Committee of Sponsoring Organizations
delayed
L0phtCrack
CobiT
34. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
availability
ISO/IEC 27799
Failure Modes and Effect Analysis
risk catagories
35. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
operational
Failure Modes and Effect Analysis
risk catagories
port scanner
36. An instance of being exposed to losses from a threat
annualized rate of occurrence
ISO 17799
exposure
due care
37. CISO
CISO
confidentiality
vulnerability scanner
chief information security officer
38. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
administrative
CISO
physical
single loss expectancy
39. The following tools (Nessus - Qualys - Retina) are ______________ scanners
risk
john the ripper
strategic
vulnerability
40. The asset's value multiplied by the EF percentage - (SLE)
ISO/IEC 27001
confidentiality
CobiT
single loss expectancy
41. Type of audit that checks that accounts - groups and roles are correctly assigned
risk
privilege
data owner
FMEA
42. Possiblity of damage and the ramifications should it occur
elcomsoft
ISO 17799
risk
Information Security Management
43. Guide assist in the implemenation of information security based on risk managent approach
ISO/IEC 27005
risk anlysis
ISO 17799
qualitative
44. The likelihood of exploitation and the loss potential
CobiT
exposure factor
risk
FMEA
45. Focus on service level agreements between IT dept and internal customers
security governanace
ITIL
COSO
Information risk management
46. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
FRAP
mappers
ISO/IEC 27002
risk analysis
47. COSO
performance baseline
Committee of Sponsoring Organizations
Control Objectives for Information and related Technology
operational
48. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
tactical
risk anlysis
vulnerability
Information Security Management
49. Strategic - tactical and operational planning
ISO/IEC 27004
Committee of Sponsoring Organizations
privilege
planning horizon
50. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond
COSO
Committee of Sponsoring Organizations
exposure factor
risk