Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. __________ loss has a negative effect after a vulnerability is initially exploited






2. Focus on service level agreements between IT dept and internal customers






3. ISM Standard






4. Daily goals focused on productivity and task-oriented activities






5. OCTAVE






6. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)






7. Provides a cost/benefit comparision






8. Type of audit that checks that network resources - systems and software are used appropriately






9. A weakness (software - hardware - procedural - human) that can be exploited






10. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)






11. An instance of being exposed to losses from a threat






12. NIST risk management methodology






13. Made up of ten domains - a mechanism to describe security processes






14. Event levels available for logging in a MS DNS server






15. Information security managment measurements






16. SLE x ARO - (ALE)






17. Percentage of an asset's value that would be lost in a single incident - (EF)






18. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment






19. Responsible for communicating to senior mgmt organizational risks and compliance regulations






20. A log that can record outgoing requests - incoming traffic - and internet usage






21. Guide to illustrate how to protect personal health information






22. COSO






23. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis






24. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond






25. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation






26. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk






27. CSO






28. Collection of controls an organization must have in place






29. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers






30. Possiblity of damage and the ramifications should it occur






31. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach






32. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external






33. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs






34. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)






35. CobiT






36. Used to predict changes based on trends - detect deviations - and watch events across multiple system components






37. The likelihood of exploitation and the loss potential






38. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion






39. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________






40. Assurance of accurancy and reliability of information and systems






41. CISO






42. The asset's value multiplied by the EF percentage - (SLE)






43. Tools to ID - develop - and design security requirements for business needs






44. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental






45. Risk mgmt method with much broader focus than IT security






46. Responsible for information classification and protection






47. The tools - personnel and business processes necessary to ensure that security meets needs






48. Number of time the incident might occur annually - (ARO)






49. Mitigates a potential risk






50. Ensures managment security directives are fulfilled