Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. COSO
IRM
L0phtCrack
Committee of Sponsoring Organizations
penetration

2. Ensures reliable timely access to data/resources to authorized individuals
availability
risk mitigation
AS/NZS 4360
risk anlysis

3. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
CISO
L0phtCrack
ISO 17799
risk analysis

4. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
risk mitigation
FMEA
ISO 17799
risk analysis

5. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
ISO 17799
qualitative
operational
confidentiality

6. Made up of ten domains - a mechanism to describe security processes
ISO 17799
ISO/IEC 27799
OCTAVE
Information risk management

7. Guide assist in the implemenation of information security based on risk managent approach
ISO/IEC 27005
ITIL
ISO 17799
risk analysis

8. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
security program
Information risk management
technical
single loss expectancy

9. CISO
chief information security officer
COSO
exposure
ITIL

10. The likelihood of exploitation and the loss potential
risk
SP 800-30
usage
ISO/IEC 27001

11. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
port scanner
network mapping
annualized loss expectancy
ISO 17799

12. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
ISO/IEC 27002
network mapping
administrative
L0phtCrack

13. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
tactical
single loss expectancy
BS7799
Information risk management

14. The following tools (Nessus - Qualys - Retina) are ______________ scanners
ISO/IEC 27799
privilege
vulnerability
COSO

15. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
escalation
protocol analyzer
L0phtCrack
technical

16. Controls that implement access control - password mangement - identification and authentication methods - configuration
privilege
technical
ISO/IEC 27005
due care

17. De facto standard of best practices for IT service mgmt
ISO/IEC 27002
ISO/IEC 27004
Information Technology Infrastructure Library (ITIL)
john the ripper

18. FRAP
CobiT
Facilitated Risk Analysis Process
CISO
security program

19. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
exposure factor
protocol analyzer
administrative
administrative

20. Responsible for communicating to senior mgmt organizational risks and compliance regulations
ISO/IEC 27005
CobiT
CISO
countermeasure

21. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
CobiT
mappers
Information Technology Infrastructure Library (ITIL)
risk catagories

22. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
ISO 17799
blueprints
port scanner
ISO/IEC 27799

23. Daily goals focused on productivity and task-oriented activities
vulnerability scanner
COSO
privilege
operational

24. ISM Standard
protocol analyzer
Committee of Sponsoring Organizations
technical
Information Security Management

25. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
availability
administrative
blueprints
due care

26. Responsible for information classification and protection
data owner
firewall
confidentiality
single loss expectancy

27. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
COSO
risk analysis
ISO/IEC 27001
OVAL

28. Possiblity of damage and the ramifications should it occur
physical
countermeasure
risk
single loss expectancy

29. Risk mgmt method with much broader focus than IT security
AS/NZS 4360
integrity
Facilitated Risk Analysis Process
escalation

30. IT governance at the operational level
vulnerability
CobiT
FMEA
ISO/IEC 27799

31. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
tactical
IRM
physical
privilege

32. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
risk mitigation
risk analysis
COSO
administrative

33. Type of audit that checks information classification and change control procedures
availability
administrative
AS/NZS 4360
FMEA

34. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
FMEA
risk mitigation
qualitative
AS/NZS 4360

35. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
chief information security officer
vulnerability
elcomsoft
CobiT

36. Mitigates a potential risk
threat
due care
countermeasure
integrity

37. Expected or predetermined performance level - developed from policy - performance - requirements
john the ripper
performance baseline
confidentiality
security program

38. SLE x ARO - (ALE)
privilege
CISO
CISO
annualized loss expectancy

39. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
firewall
physical
ITIL
CobiT

40. Strategic - tactical and operational planning
operational
AS/NZS 4360
mappers
planning horizon

41. IRM
Information Security Management
FMEA
ISO/IEC 27005
Information risk management

42. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
vulnerability
performance baseline
risk catagories
COSO

43. __________ loss has a negative effect after a vulnerability is initially exploited
elcomsoft
vulnerability
delayed
security officer

44. FMEA
Failure Modes and Effect Analysis
planning horizon
protocol analyzer
performance baseline

45. Provides a cost/benefit comparision
performance monitor
usage
network mapping
risk analysis

46. The asset's value multiplied by the EF percentage - (SLE)
john the ripper
protocol analyzer
single loss expectancy
planning horizon

47. Assurance of accurancy and reliability of information and systems
COSO
integrity
due care
ISO/IEC 27005

48. Type of audit that checks that network resources - systems and software are used appropriately
usage
data owner
vulnerability
ISO/IEC 27001

49. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
exposure factor
risk analysis
L0phtCrack
performance monitor

50. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
FMEA
risk anlysis
threat
Facilitated Risk Analysis Process