Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Collection of controls an organization must have in place






2. Provides a cost/benefit comparision






3. An instance of being exposed to losses from a threat






4. FRAP






5. Mitigates a potential risk






6. Assurance of accurancy and reliability of information and systems






7. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion






8. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control






9. Daily goals focused on productivity and task-oriented activities






10. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate






11. Type of audit that checks that network resources - systems and software are used appropriately






12. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)






13. Strategic - tactical and operational planning






14. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)






15. Corporate governance at the strategic level






16. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate






17. Expected or predetermined performance level - developed from policy - performance - requirements






18. Potential danger to information or systems






19. Guide to illustrate how to protect personal health information






20. The asset's value multiplied by the EF percentage - (SLE)






21. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external






22. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach






23. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk






24. COSO






25. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering






26. Responsible for information classification and protection






27. ISM Standard






28. Midterm goals






29. A log that can record outgoing requests - incoming traffic - and internet usage






30. CobiT






31. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation






32. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company






33. Used to predict changes based on trends - detect deviations - and watch events across multiple system components






34. Tools to ID - develop - and design security requirements for business needs






35. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost






36. FMEA






37. A weakness (software - hardware - procedural - human) that can be exploited






38. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate






39. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting






40. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs






41. Made up of ten domains - a mechanism to describe security processes






42. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits






43. Possiblity of damage and the ramifications should it occur






44. NIST risk management methodology






45. Number of time the incident might occur annually - (ARO)






46. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks






47. Percentage of an asset's value that would be lost in a single incident - (EF)






48. Used to ID failures in a complex systems to understand underlying causes of threats






49. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.






50. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)