Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. SLE x ARO - (ALE)






2. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company






3. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)






4. Corporate governance at the strategic level






5. Type of audit that checks that network resources - systems and software are used appropriately






6. Strategic - tactical and operational planning






7. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering






8. FRAP






9. IT governance at the operational level






10. Ensures necessary level of secrecy and prevents unauthorized disclosure






11. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control






12. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.






13. The following tools (Nessus - Qualys - Retina) are ______________ scanners






14. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)






15. Type of audit that checks that accounts - groups and roles are correctly assigned






16. The likelihood of exploitation and the loss potential






17. Derived from the COSO framework






18. The asset's value multiplied by the EF percentage - (SLE)






19. CSO






20. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation






21. Responsible for communicating to senior mgmt organizational risks and compliance regulations






22. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment






23. Ensures reliable timely access to data/resources to authorized individuals






24. COSO






25. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)






26. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate






27. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics






28. Provides a cost/benefit comparision






29. A log that can record outgoing requests - incoming traffic - and internet usage






30. Expected or predetermined performance level - developed from policy - performance - requirements






31. Guide to illustrate how to protect personal health information






32. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product






33. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards






34. An instance of being exposed to losses from a threat






35. Type of audit that checks information classification and change control procedures






36. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk






37. De facto standard of best practices for IT service mgmt






38. FMEA






39. Used to predict changes based on trends - detect deviations - and watch events across multiple system components






40. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond






41. Tools to ID - develop - and design security requirements for business needs






42. Assurance of accurancy and reliability of information and systems






43. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files






44. Made up of ten domains - a mechanism to describe security processes






45. Event levels available for logging in a MS DNS server






46. A weakness (software - hardware - procedural - human) that can be exploited






47. Midterm goals






48. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)






49. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion






50. ISM Standard