SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond
mappers
COSO
CobiT
administrative
2. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
AS/NZS 4360
vulnerability
annualized loss expectancy
CobiT
3. IRM
SP 800-30
CISO
network mapping
Information risk management
4. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
SP 800-30
ISO/IEC 27002
exposure
risk mitigation
5. Tools to ID - develop - and design security requirements for business needs
blueprints
delayed
COSO
Information Technology Infrastructure Library (ITIL)
6. Type of audit that checks information classification and change control procedures
blueprints
administrative
single loss expectancy
operational
7. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
physical
Information risk management
fault tree analysis
CobiT
8. CISO
chief information security officer
COSO
performance baseline
OVAL
9. Corporate governance at the strategic level
availability
performance monitor
COSO
vulnerability
10. Strategic - tactical and operational planning
network mapping
annualized loss expectancy
risk mitigation
planning horizon
11. Provides a cost/benefit comparision
FRAP
corporate security officer
escalation
risk analysis
12. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
network mapping
risk mitigation
Operationally Critical Threat - Asset - and Vulnerability Evaluation
AS/NZS 4360
13. Number of time the incident might occur annually - (ARO)
Committee of Sponsoring Organizations
fault tree analysis
planning horizon
annualized rate of occurrence
14. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
exposure
IRM
data owner
CISO
15. SLE x ARO - (ALE)
strategic
COSO
confidentiality
annualized loss expectancy
16. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
risk catagories
strategic
planning horizon
performance baseline
17. Type of audit that checks that accounts - groups and roles are correctly assigned
risk
elcomsoft
privilege
BS7799
18. Ensures reliable timely access to data/resources to authorized individuals
network mapping
availability
ISO/IEC 27004
risk analysis
19. The likelihood of exploitation and the loss potential
elcomsoft
delayed
risk
blueprints
20. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
elcomsoft
BS7799
OVAL
technical
21. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
vulnerability
port scanner
ISO/IEC 27004
annualized rate of occurrence
22. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
COSO
risk mitigation
Information Technology Infrastructure Library (ITIL)
annualized loss expectancy
23. CobiT
Control Objectives for Information and related Technology
COSO
escalation
delayed
24. Controls that implement access control - password mangement - identification and authentication methods - configuration
integrity
technical
COSO
security officer
25. The tools - personnel and business processes necessary to ensure that security meets needs
chief information security officer
vulnerability scanner
security governanace
ITIL
26. FMEA
Failure Modes and Effect Analysis
confidentiality
Information Technology Infrastructure Library (ITIL)
elcomsoft
27. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
performance monitor
privilege
escalation
protocol analyzer
28. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
technical
risk anlysis
administrative
ISO/IEC 27004
29. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
L0phtCrack
ISO/IEC 27002
OVAL
ISO 17799
30. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
ISO/IEC 27001
IRM
administrative
qualitative
31. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
chief information security officer
vulnerability
ISO 17799
COSO
32. The following tools (Nessus - Qualys - Retina) are ______________ scanners
BS7799
security program
vulnerability
SP 800-30
33. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
ISO 17799
mappers
ISO/IEC 27799
Information Security Management
34. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
CISO
performance monitor
risk analysis
vulnerability scanner
35. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
chief information security officer
integrity
physical
Operationally Critical Threat - Asset - and Vulnerability Evaluation
36. Daily goals focused on productivity and task-oriented activities
L0phtCrack
countermeasure
annualized rate of occurrence
operational
37. Ensures managment security directives are fulfilled
BS7799
security officer
threat
elcomsoft
38. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
vulnerability scanner
risk
CobiT
ISO/IEC 27001
39. An instance of being exposed to losses from a threat
exposure
risk mitigation
risk anlysis
chief information security officer
40. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
vulnerability
ISO/IEC 27004
network mapping
OCTAVE
41. Made up of ten domains - a mechanism to describe security processes
IRM
ISO 17799
security program
vulnerability scanner
42. A log that can record outgoing requests - incoming traffic - and internet usage
single loss expectancy
security governanace
firewall
annualized rate of occurrence
43. Collection of controls an organization must have in place
OCTAVE
risk mitigation
security program
countermeasure
44. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
security program
single loss expectancy
vulnerability
L0phtCrack
45. Derived from the COSO framework
CobiT
COSO
risk
Facilitated Risk Analysis Process
46. Used to ID failures in a complex systems to understand underlying causes of threats
planning horizon
AS/NZS 4360
ITIL
fault tree analysis
47. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
CobiT
risk analysis
FMEA
risk mitigation
48. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
Operationally Critical Threat - Asset - and Vulnerability Evaluation
qualitative
protocol analyzer
tactical
49. The asset's value multiplied by the EF percentage - (SLE)
security officer
ITIL
single loss expectancy
threat
50. ISM Standard
FMEA
qualitative
john the ripper
Information Security Management