Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. CISO
chief information security officer
annualized loss expectancy
single loss expectancy
OVAL

2. The likelihood of exploitation and the loss potential
FRAP
risk
countermeasure
risk analysis

3. Ensures reliable timely access to data/resources to authorized individuals
CobiT
qualitative
availability
vulnerability

4. Ensures necessary level of secrecy and prevents unauthorized disclosure
tactical
Information Technology Infrastructure Library (ITIL)
confidentiality
blueprints

5. Percentage of an asset's value that would be lost in a single incident - (EF)
ISO/IEC 27005
ISO 17799
annualized loss expectancy
exposure factor

6. FRAP
Facilitated Risk Analysis Process
security officer
due care
integrity

7. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
ISO/IEC 27001
SP 800-30
qualitative
COSO

8. Possiblity of damage and the ramifications should it occur
corporate security officer
tactical
integrity
risk

9. Provides a cost/benefit comparision
due care
administrative
COSO
risk analysis

10. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
administrative
integrity
risk analysis
protocol analyzer

11. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
ISO 17799
due care
SP 800-30
AS/NZS 4360

12. The asset's value multiplied by the EF percentage - (SLE)
operational
firewall
COSO
single loss expectancy

13. Corporate governance at the strategic level
risk catagories
administrative
COSO
administrative

14. FMEA
ISO/IEC 27799
exposure
firewall
Failure Modes and Effect Analysis

15. SLE x ARO - (ALE)
annualized loss expectancy
CobiT
integrity
CISO

16. Daily goals focused on productivity and task-oriented activities
tactical
operational
CobiT
L0phtCrack

17. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
physical
technical
IRM
No events - Errors only - Errors and warnings - All events

18. NIST risk management methodology
ISO 17799
network mapping
SP 800-30
operational

19. Guide assist in the implemenation of information security based on risk managent approach
ISO/IEC 27005
FMEA
CobiT
L0phtCrack

20. An instance of being exposed to losses from a threat
Committee of Sponsoring Organizations
exposure
operational
risk anlysis

21. ISM Standard
CobiT
BS7799
Failure Modes and Effect Analysis
Information Security Management

22. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
mappers
Control Objectives for Information and related Technology
CISO
exposure

23. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
technical
network mapping
blueprints
CobiT

24. Assurance of accurancy and reliability of information and systems
risk
qualitative
performance monitor
integrity

25. IRM
FMEA
Information risk management
CobiT
firewall

26. __________ loss has a negative effect after a vulnerability is initially exploited
security governanace
countermeasure
elcomsoft
delayed

27. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
exposure factor
corporate security officer
qualitative
due care

28. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
administrative
port scanner
ISO/IEC 27004
vulnerability

29. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
AS/NZS 4360
risk mitigation
strategic
L0phtCrack

30. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
security governanace
tactical
risk catagories
penetration

31. Type of audit that checks that network resources - systems and software are used appropriately
security officer
usage
risk catagories
ISO/IEC 27799

32. Potential danger to information or systems
vulnerability
ISO/IEC 27005
threat
CobiT

33. An open language from mitre.org for determining vulnerabilities and problems on computer systems
escalation
data owner
OVAL
Information risk management

34. Made up of ten domains - a mechanism to describe security processes
ISO 17799
john the ripper
blueprints
Information Technology Infrastructure Library (ITIL)

35. Ensures managment security directives are fulfilled
ISO 17799
security officer
qualitative
countermeasure

36. Collection of controls an organization must have in place
security program
elcomsoft
risk
Information Technology Infrastructure Library (ITIL)

37. Risk mgmt method with much broader focus than IT security
AS/NZS 4360
fault tree analysis
exposure
vulnerability

38. A log that can record outgoing requests - incoming traffic - and internet usage
OVAL
firewall
vulnerability
FMEA

39. The following tools (Nessus - Qualys - Retina) are ______________ scanners
performance baseline
COSO
administrative
vulnerability

40. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
exposure factor
vulnerability
john the ripper
availability

41. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
FMEA
OVAL
Facilitated Risk Analysis Process
administrative

42. Guide to illustrate how to protect personal health information
blueprints
ISO/IEC 27799
vulnerability
annualized loss expectancy

43. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
IRM
L0phtCrack
john the ripper
technical

44. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
ISO/IEC 27001
availability
risk mitigation
ISO/IEC 27004

45. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
network mapping
performance monitor
operational
Operationally Critical Threat - Asset - and Vulnerability Evaluation

46. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
protocol analyzer
FMEA
No events - Errors only - Errors and warnings - All events
Facilitated Risk Analysis Process

47. A weakness (software - hardware - procedural - human) that can be exploited
fault tree analysis
vulnerability
exposure factor
risk analysis

48. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
FRAP
IRM
Operationally Critical Threat - Asset - and Vulnerability Evaluation
annualized loss expectancy

49. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
ISO/IEC 27001
COSO
security program
CISO

50. Used to ID failures in a complex systems to understand underlying causes of threats
fault tree analysis
risk
escalation
vulnerability