Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond






2. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards






3. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________






4. Corporate governance at the strategic level






5. Assurance of accurancy and reliability of information and systems






6. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits






7. Focus on service level agreements between IT dept and internal customers






8. CSO






9. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost






10. IT governance at the operational level






11. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external






12. Expected or predetermined performance level - developed from policy - performance - requirements






13. Tools to ID - develop - and design security requirements for business needs






14. Ensures necessary level of secrecy and prevents unauthorized disclosure






15. Provides a cost/benefit comparision






16. The likelihood of exploitation and the loss potential






17. Potential danger to information or systems






18. Event levels available for logging in a MS DNS server






19. Percentage of an asset's value that would be lost in a single incident - (EF)






20. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)






21. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)






22. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)






23. IRM






24. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis






25. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental






26. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation






27. ISM Standard






28. Used to ID failures in a complex systems to understand underlying causes of threats






29. SLE x ARO - (ALE)






30. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control






31. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product






32. An instance of being exposed to losses from a threat






33. Derived from the COSO framework






34. CISO






35. Made up of ten domains - a mechanism to describe security processes






36. Mitigates a potential risk






37. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks






38. Ensures managment security directives are fulfilled






39. The following tools (Nessus - Qualys - Retina) are ______________ scanners






40. Controls that implement access control - password mangement - identification and authentication methods - configuration






41. Used to predict changes based on trends - detect deviations - and watch events across multiple system components






42. Risk mgmt method with much broader focus than IT security






43. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate






44. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach






45. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics






46. OCTAVE






47. Type of audit that checks that network resources - systems and software are used appropriately






48. Guide to illustrate how to protect personal health information






49. Collection of controls an organization must have in place






50. Midterm goals