SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Type of audit that checks that accounts - groups and roles are correctly assigned
annualized loss expectancy
ISO 17799
privilege
L0phtCrack
2. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
single loss expectancy
john the ripper
escalation
elcomsoft
3. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
network mapping
BS7799
risk catagories
vulnerability scanner
4. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
CISO
firewall
CobiT
ISO/IEC 27799
5. CobiT
Facilitated Risk Analysis Process
Control Objectives for Information and related Technology
security program
firewall
6. IT governance at the operational level
CobiT
risk
security officer
CISO
7. The following tools (Nessus - Qualys - Retina) are ______________ scanners
vulnerability
FRAP
data owner
CobiT
8. Percentage of an asset's value that would be lost in a single incident - (EF)
exposure factor
penetration
network mapping
blueprints
9. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
exposure
physical
performance monitor
port scanner
10. Made up of ten domains - a mechanism to describe security processes
Facilitated Risk Analysis Process
data owner
ISO 17799
OVAL
11. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
elcomsoft
strategic
firewall
ISO/IEC 27004
12. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
administrative
countermeasure
annualized rate of occurrence
CobiT
13. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
OCTAVE
FMEA
threat
risk analysis
14. Number of time the incident might occur annually - (ARO)
fault tree analysis
annualized rate of occurrence
integrity
annualized loss expectancy
15. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
risk analysis
vulnerability scanner
AS/NZS 4360
exposure
16. Focus on service level agreements between IT dept and internal customers
exposure
ITIL
risk analysis
availability
17. Collection of controls an organization must have in place
planning horizon
blueprints
delayed
security program
18. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
ISO/IEC 27799
IRM
ISO/IEC 27004
single loss expectancy
19. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
security program
single loss expectancy
port scanner
due care
20. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
ISO/IEC 27005
strategic
COSO
network mapping
21. Daily goals focused on productivity and task-oriented activities
integrity
ISO/IEC 27799
No events - Errors only - Errors and warnings - All events
operational
22. Mitigates a potential risk
security governanace
countermeasure
john the ripper
Failure Modes and Effect Analysis
23. ISM Standard
Information Security Management
COSO
vulnerability
escalation
24. Provides a cost/benefit comparision
fault tree analysis
penetration
risk analysis
COSO
25. COSO
CISO
vulnerability
physical
Committee of Sponsoring Organizations
26. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
threat
FMEA
administrative
ISO 17799
27. Used to ID failures in a complex systems to understand underlying causes of threats
AS/NZS 4360
qualitative
fault tree analysis
due care
28. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
john the ripper
single loss expectancy
planning horizon
network mapping
29. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
chief information security officer
CobiT
vulnerability scanner
qualitative
30. The asset's value multiplied by the EF percentage - (SLE)
integrity
single loss expectancy
usage
AS/NZS 4360
31. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
vulnerability
security program
COSO
ISO 17799
32. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
security program
ISO/IEC 27001
chief information security officer
CISO
33. Potential danger to information or systems
Information risk management
threat
CobiT
penetration
34. The likelihood of exploitation and the loss potential
ISO 17799
physical
ISO/IEC 27799
risk
35. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
blueprints
COSO
performance monitor
BS7799
36. NIST risk management methodology
SP 800-30
Failure Modes and Effect Analysis
exposure factor
technical
37. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
annualized loss expectancy
risk
strategic
FMEA
38. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
administrative
FRAP
COSO
L0phtCrack
39. __________ loss has a negative effect after a vulnerability is initially exploited
firewall
AS/NZS 4360
delayed
countermeasure
40. Type of audit that checks that network resources - systems and software are used appropriately
usage
strategic
annualized rate of occurrence
corporate security officer
41. Strategic - tactical and operational planning
ISO/IEC 27001
threat
risk
planning horizon
42. A weakness (software - hardware - procedural - human) that can be exploited
qualitative
ISO/IEC 27001
corporate security officer
vulnerability
43. Guide assist in the implemenation of information security based on risk managent approach
ISO/IEC 27005
security governanace
security program
integrity
44. Corporate governance at the strategic level
single loss expectancy
chief information security officer
risk mitigation
COSO
45. Midterm goals
security governanace
ISO/IEC 27799
john the ripper
tactical
46. Risk mgmt method with much broader focus than IT security
risk anlysis
AS/NZS 4360
vulnerability
No events - Errors only - Errors and warnings - All events
47. OCTAVE
CobiT
Operationally Critical Threat - Asset - and Vulnerability Evaluation
protocol analyzer
Information Security Management
48. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
security governanace
L0phtCrack
security officer
Information Security Management
49. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
ITIL
delayed
CobiT
exposure factor
50. FRAP
FMEA
CobiT
Facilitated Risk Analysis Process
corporate security officer