Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Collection of controls an organization must have in place
OCTAVE
performance baseline
COSO
security program

2. Possiblity of damage and the ramifications should it occur
physical
penetration
CobiT
risk

3. Type of audit that checks that network resources - systems and software are used appropriately
john the ripper
firewall
usage
tactical

4. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
Committee of Sponsoring Organizations
due care
countermeasure
vulnerability

5. FMEA
Failure Modes and Effect Analysis
vulnerability
protocol analyzer
usage

6. Focus on service level agreements between IT dept and internal customers
ITIL
ISO/IEC 27799
single loss expectancy
data owner

7. Assurance of accurancy and reliability of information and systems
integrity
countermeasure
chief information security officer
risk

8. Expected or predetermined performance level - developed from policy - performance - requirements
port scanner
fault tree analysis
performance baseline
planning horizon

9. The following tools (Nessus - Qualys - Retina) are ______________ scanners
ISO 17799
vulnerability
integrity
FRAP

10. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
CISO
FMEA
usage
exposure factor

11. Made up of ten domains - a mechanism to describe security processes
administrative
ISO 17799
CISO
annualized rate of occurrence

12. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
mappers
Information Security Management
ITIL
elcomsoft

13. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
network mapping
Information risk management
ISO 17799
security program

14. An instance of being exposed to losses from a threat
availability
performance monitor
exposure
technical

15. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
ISO/IEC 27004
IRM
qualitative
ISO/IEC 27001

16. Provides a cost/benefit comparision
elcomsoft
risk analysis
vulnerability scanner
CISO

17. Event levels available for logging in a MS DNS server
Information Technology Infrastructure Library (ITIL)
No events - Errors only - Errors and warnings - All events
exposure factor
performance baseline

18. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
security officer
CISO
ITIL
ISO 17799

19. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
security governanace
risk catagories
CobiT
risk mitigation

20. Risk mgmt method with much broader focus than IT security
ISO/IEC 27005
AS/NZS 4360
CISO
tactical

21. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
confidentiality
Information Security Management
vulnerability scanner
COSO

22. Tools to ID - develop - and design security requirements for business needs
elcomsoft
security governanace
blueprints
CobiT

23. Guide assist in the implemenation of information security based on risk managent approach
ISO/IEC 27005
physical
privilege
AS/NZS 4360

24. SLE x ARO - (ALE)
annualized loss expectancy
vulnerability
security officer
john the ripper

25. IRM
Control Objectives for Information and related Technology
FMEA
ISO/IEC 27002
Information risk management

26. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
CobiT
port scanner
ISO/IEC 27005
delayed

27. An open language from mitre.org for determining vulnerabilities and problems on computer systems
FMEA
performance monitor
integrity
OVAL

28. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
risk anlysis
risk analysis
integrity
OCTAVE

29. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
vulnerability
firewall
security officer
qualitative

30. Ensures necessary level of secrecy and prevents unauthorized disclosure
risk anlysis
confidentiality
ISO/IEC 27002
network mapping

31. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
security officer
protocol analyzer
risk analysis
security program

32. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
CISO
Failure Modes and Effect Analysis
FMEA
security program

33. FRAP
Facilitated Risk Analysis Process
Committee of Sponsoring Organizations
FMEA
CobiT

34. The likelihood of exploitation and the loss potential
ISO/IEC 27004
CISO
risk
BS7799

35. Number of time the incident might occur annually - (ARO)
corporate security officer
risk catagories
ISO/IEC 27001
annualized rate of occurrence

36. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
performance baseline
AS/NZS 4360
penetration
data owner

37. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
COSO
data owner
BS7799
Information Technology Infrastructure Library (ITIL)

38. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
COSO
CISO
strategic
ITIL

39. The tools - personnel and business processes necessary to ensure that security meets needs
ISO/IEC 27005
security governanace
FRAP
confidentiality

40. Controls that implement access control - password mangement - identification and authentication methods - configuration
physical
technical
firewall
escalation

41. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
SP 800-30
ISO/IEC 27001
performance monitor
OVAL

42. ISM Standard
CISO
risk analysis
confidentiality
Information Security Management

43. Type of audit that checks procedures and policies for escalating issues to management
administrative
SP 800-30
Information Security Management
escalation

44. Type of audit that checks information classification and change control procedures
administrative
risk anlysis
Operationally Critical Threat - Asset - and Vulnerability Evaluation
AS/NZS 4360

45. Type of audit that checks that accounts - groups and roles are correctly assigned
privilege
COSO
administrative
vulnerability

46. CobiT
OVAL
Control Objectives for Information and related Technology
OCTAVE
planning horizon

47. A weakness (software - hardware - procedural - human) that can be exploited
CobiT
exposure
vulnerability
SP 800-30

48. IT governance at the operational level
CISO
delayed
CobiT
ISO/IEC 27799

49. COSO
ISO 17799
Committee of Sponsoring Organizations
operational
vulnerability

50. Guide to illustrate how to protect personal health information
confidentiality
security officer
ISO/IEC 27799
threat