SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
L0phtCrack
vulnerability scanner
delayed
FMEA
2. An instance of being exposed to losses from a threat
security officer
fault tree analysis
elcomsoft
exposure
3. CSO
corporate security officer
risk mitigation
strategic
OCTAVE
4. Focus on service level agreements between IT dept and internal customers
Committee of Sponsoring Organizations
strategic
ITIL
risk
5. Type of audit that checks information classification and change control procedures
vulnerability
Facilitated Risk Analysis Process
administrative
corporate security officer
6. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
availability
physical
annualized loss expectancy
elcomsoft
7. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
COSO
protocol analyzer
port scanner
Facilitated Risk Analysis Process
8. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
ISO/IEC 27004
ITIL
ISO/IEC 27001
performance monitor
9. Provides a cost/benefit comparision
qualitative
penetration
risk analysis
performance monitor
10. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
Information Technology Infrastructure Library (ITIL)
availability
data owner
network mapping
11. Strategic - tactical and operational planning
AS/NZS 4360
risk catagories
confidentiality
planning horizon
12. Assurance of accurancy and reliability of information and systems
SP 800-30
CobiT
integrity
Control Objectives for Information and related Technology
13. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
integrity
single loss expectancy
BS7799
ISO/IEC 27001
14. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond
SP 800-30
chief information security officer
john the ripper
COSO
15. De facto standard of best practices for IT service mgmt
single loss expectancy
risk catagories
CobiT
Information Technology Infrastructure Library (ITIL)
16. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
CobiT
firewall
risk
risk analysis
17. ISM Standard
ISO 17799
integrity
COSO
Information Security Management
18. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
performance monitor
tactical
CISO
No events - Errors only - Errors and warnings - All events
19. A log that can record outgoing requests - incoming traffic - and internet usage
firewall
CISO
OVAL
technical
20. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
technical
firewall
risk mitigation
tactical
21. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
strategic
confidentiality
privilege
planning horizon
22. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
COSO
administrative
risk analysis
administrative
23. Corporate governance at the strategic level
COSO
network mapping
planning horizon
delayed
24. __________ loss has a negative effect after a vulnerability is initially exploited
delayed
vulnerability
COSO
penetration
25. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
ISO/IEC 27799
ISO/IEC 27001
ISO/IEC 27002
chief information security officer
26. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
exposure
risk mitigation
OCTAVE
ISO/IEC 27002
27. An open language from mitre.org for determining vulnerabilities and problems on computer systems
technical
CobiT
OVAL
risk mitigation
28. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
Failure Modes and Effect Analysis
ISO 17799
risk anlysis
CobiT
29. SLE x ARO - (ALE)
operational
mappers
annualized loss expectancy
Committee of Sponsoring Organizations
30. NIST risk management methodology
risk anlysis
ISO/IEC 27005
COSO
SP 800-30
31. Mitigates a potential risk
planning horizon
countermeasure
annualized loss expectancy
Operationally Critical Threat - Asset - and Vulnerability Evaluation
32. Midterm goals
tactical
blueprints
confidentiality
ISO/IEC 27001
33. IRM
annualized rate of occurrence
Information risk management
Committee of Sponsoring Organizations
CobiT
34. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
qualitative
elcomsoft
ISO/IEC 27799
BS7799
35. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
COSO
usage
OCTAVE
vulnerability scanner
36. Possiblity of damage and the ramifications should it occur
vulnerability
risk
ISO/IEC 27004
exposure factor
37. FMEA
administrative
Failure Modes and Effect Analysis
Committee of Sponsoring Organizations
ISO/IEC 27001
38. Number of time the incident might occur annually - (ARO)
COSO
annualized rate of occurrence
CobiT
COSO
39. Tools to ID - develop - and design security requirements for business needs
administrative
blueprints
performance baseline
No events - Errors only - Errors and warnings - All events
40. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
security program
qualitative
BS7799
network mapping
41. Type of audit that checks that accounts - groups and roles are correctly assigned
COSO
privilege
FRAP
ISO 17799
42. Responsible for communicating to senior mgmt organizational risks and compliance regulations
ISO/IEC 27002
CISO
exposure factor
risk analysis
43. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
risk
mappers
security governanace
john the ripper
44. Type of audit that checks procedures and policies for escalating issues to management
ISO 17799
security officer
escalation
risk mitigation
45. The likelihood of exploitation and the loss potential
risk
exposure factor
planning horizon
CISO
46. Type of audit that checks that network resources - systems and software are used appropriately
protocol analyzer
CobiT
operational
usage
47. Used to ID failures in a complex systems to understand underlying causes of threats
fault tree analysis
performance baseline
port scanner
escalation
48. The tools - personnel and business processes necessary to ensure that security meets needs
risk catagories
vulnerability
CobiT
security governanace
49. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
Facilitated Risk Analysis Process
ISO/IEC 27001
due care
risk catagories
50. Potential danger to information or systems
annualized rate of occurrence
FRAP
threat
Information Technology Infrastructure Library (ITIL)