SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Provides a cost/benefit comparision
ISO/IEC 27799
risk analysis
usage
annualized rate of occurrence
2. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
network mapping
security program
risk analysis
administrative
3. OCTAVE
Operationally Critical Threat - Asset - and Vulnerability Evaluation
chief information security officer
protocol analyzer
Failure Modes and Effect Analysis
4. Midterm goals
tactical
risk anlysis
vulnerability
vulnerability
5. IRM
COSO
Information risk management
privilege
CobiT
6. Information security managment measurements
ITIL
risk catagories
planning horizon
ISO/IEC 27004
7. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
risk mitigation
vulnerability scanner
confidentiality
COSO
8. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
single loss expectancy
risk anlysis
countermeasure
corporate security officer
9. CobiT
qualitative
Control Objectives for Information and related Technology
CobiT
Failure Modes and Effect Analysis
10. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
administrative
mappers
Operationally Critical Threat - Asset - and Vulnerability Evaluation
security program
11. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
vulnerability scanner
vulnerability
usage
CobiT
12. Daily goals focused on productivity and task-oriented activities
operational
vulnerability
ITIL
ISO/IEC 27799
13. An instance of being exposed to losses from a threat
AS/NZS 4360
exposure
network mapping
mappers
14. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
network mapping
annualized loss expectancy
ISO/IEC 27002
performance monitor
15. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
privilege
due care
performance monitor
risk analysis
16. Collection of controls an organization must have in place
security program
corporate security officer
risk anlysis
performance baseline
17. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
port scanner
Facilitated Risk Analysis Process
OCTAVE
threat
18. De facto standard of best practices for IT service mgmt
technical
Committee of Sponsoring Organizations
CobiT
Information Technology Infrastructure Library (ITIL)
19. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
usage
delayed
single loss expectancy
FMEA
20. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
integrity
AS/NZS 4360
administrative
data owner
21. Controls that implement access control - password mangement - identification and authentication methods - configuration
port scanner
security program
exposure factor
technical
22. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
mappers
elcomsoft
Control Objectives for Information and related Technology
vulnerability
23. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
BS7799
administrative
FMEA
fault tree analysis
24. Tools to ID - develop - and design security requirements for business needs
blueprints
FRAP
fault tree analysis
vulnerability
25. Expected or predetermined performance level - developed from policy - performance - requirements
technical
performance baseline
SP 800-30
integrity
26. Derived from the COSO framework
COSO
risk catagories
CobiT
annualized loss expectancy
27. Type of audit that checks that accounts - groups and roles are correctly assigned
Committee of Sponsoring Organizations
Failure Modes and Effect Analysis
COSO
privilege
28. Corporate governance at the strategic level
COSO
due care
corporate security officer
vulnerability
29. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
COSO
Failure Modes and Effect Analysis
qualitative
Control Objectives for Information and related Technology
30. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond
Information risk management
FMEA
COSO
chief information security officer
31. ISM Standard
Information Security Management
chief information security officer
penetration
risk catagories
32. The likelihood of exploitation and the loss potential
elcomsoft
vulnerability
risk
strategic
33. Type of audit that checks procedures and policies for escalating issues to management
escalation
usage
fault tree analysis
chief information security officer
34. CSO
ISO/IEC 27001
corporate security officer
security governanace
strategic
35. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
L0phtCrack
administrative
security program
exposure factor
36. Type of audit that checks that network resources - systems and software are used appropriately
CISO
privilege
exposure
usage
37. Type of audit that checks information classification and change control procedures
Information Security Management
administrative
CobiT
corporate security officer
38. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
network mapping
physical
vulnerability scanner
fault tree analysis
39. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
security officer
CobiT
CISO
vulnerability
40. The following tools (Nessus - Qualys - Retina) are ______________ scanners
risk
vulnerability
security governanace
annualized loss expectancy
41. NIST risk management methodology
vulnerability scanner
SP 800-30
FMEA
administrative
42. Responsible for communicating to senior mgmt organizational risks and compliance regulations
integrity
CISO
john the ripper
Information Technology Infrastructure Library (ITIL)
43. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
risk catagories
COSO
annualized rate of occurrence
SP 800-30
44. Focus on service level agreements between IT dept and internal customers
annualized rate of occurrence
CobiT
ITIL
exposure factor
45. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
countermeasure
FMEA
ISO 17799
vulnerability
46. IT governance at the operational level
CobiT
single loss expectancy
vulnerability
administrative
47. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
COSO
ISO/IEC 27002
ISO/IEC 27004
administrative
48. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
CobiT
mappers
Failure Modes and Effect Analysis
BS7799
49. __________ loss has a negative effect after a vulnerability is initially exploited
planning horizon
chief information security officer
exposure
delayed
50. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
vulnerability
penetration
ISO 17799
administrative