SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
ISO/IEC 27001
strategic
ITIL
performance monitor
2. An open language from mitre.org for determining vulnerabilities and problems on computer systems
security governanace
ISO/IEC 27799
usage
OVAL
3. Type of audit that checks procedures and policies for escalating issues to management
threat
Failure Modes and Effect Analysis
security officer
escalation
4. Percentage of an asset's value that would be lost in a single incident - (EF)
vulnerability
exposure factor
administrative
integrity
5. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
vulnerability scanner
ISO 17799
tactical
Committee of Sponsoring Organizations
6. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
security officer
vulnerability
CISO
FMEA
7. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
performance baseline
ISO 17799
john the ripper
threat
8. Ensures necessary level of secrecy and prevents unauthorized disclosure
confidentiality
CobiT
chief information security officer
blueprints
9. A log that can record outgoing requests - incoming traffic - and internet usage
firewall
OCTAVE
ITIL
countermeasure
10. IT governance at the operational level
CobiT
security officer
risk
usage
11. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
network mapping
IRM
ISO/IEC 27799
security program
12. A weakness (software - hardware - procedural - human) that can be exploited
performance baseline
strategic
vulnerability
AS/NZS 4360
13. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
OVAL
IRM
ISO/IEC 27001
FMEA
14. Type of audit that checks that network resources - systems and software are used appropriately
risk catagories
performance monitor
risk analysis
usage
15. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
port scanner
FMEA
ITIL
performance baseline
16. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
protocol analyzer
elcomsoft
administrative
vulnerability
17. Controls that implement access control - password mangement - identification and authentication methods - configuration
risk catagories
FRAP
vulnerability
technical
18. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
data owner
john the ripper
COSO
CISO
19. An instance of being exposed to losses from a threat
exposure
data owner
ISO 17799
qualitative
20. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
elcomsoft
ISO/IEC 27002
risk
No events - Errors only - Errors and warnings - All events
21. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
risk analysis
risk mitigation
administrative
ISO 17799
22. __________ loss has a negative effect after a vulnerability is initially exploited
exposure
OCTAVE
confidentiality
delayed
23. Collection of controls an organization must have in place
technical
security program
FRAP
L0phtCrack
24. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
FRAP
risk
annualized rate of occurrence
administrative
25. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
COSO
planning horizon
CobiT
exposure factor
26. COSO
exposure
security officer
ITIL
Committee of Sponsoring Organizations
27. Type of audit that checks that accounts - groups and roles are correctly assigned
COSO
privilege
ISO/IEC 27004
risk anlysis
28. Ensures reliable timely access to data/resources to authorized individuals
planning horizon
IRM
availability
corporate security officer
29. Mitigates a potential risk
countermeasure
elcomsoft
CobiT
risk catagories
30. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
elcomsoft
Failure Modes and Effect Analysis
risk catagories
IRM
31. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
CobiT
physical
strategic
COSO
32. Guide assist in the implemenation of information security based on risk managent approach
ISO 17799
ISO/IEC 27005
due care
exposure factor
33. CISO
ISO/IEC 27005
chief information security officer
delayed
elcomsoft
34. Corporate governance at the strategic level
confidentiality
COSO
Operationally Critical Threat - Asset - and Vulnerability Evaluation
technical
35. Responsible for information classification and protection
usage
data owner
ISO/IEC 27001
performance baseline
36. De facto standard of best practices for IT service mgmt
Information Technology Infrastructure Library (ITIL)
SP 800-30
due care
CobiT
37. Derived from the COSO framework
protocol analyzer
CobiT
john the ripper
risk mitigation
38. FRAP
exposure
Facilitated Risk Analysis Process
CobiT
Operationally Critical Threat - Asset - and Vulnerability Evaluation
39. The asset's value multiplied by the EF percentage - (SLE)
single loss expectancy
OCTAVE
corporate security officer
ISO 17799
40. Focus on service level agreements between IT dept and internal customers
ITIL
risk catagories
ISO/IEC 27001
risk analysis
41. Tools to ID - develop - and design security requirements for business needs
CobiT
ITIL
blueprints
exposure factor
42. Guide to illustrate how to protect personal health information
blueprints
ISO/IEC 27799
planning horizon
risk anlysis
43. Event levels available for logging in a MS DNS server
No events - Errors only - Errors and warnings - All events
strategic
ISO/IEC 27002
integrity
44. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
CISO
ISO/IEC 27002
AS/NZS 4360
No events - Errors only - Errors and warnings - All events
45. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
security officer
risk mitigation
Information Security Management
john the ripper
46. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
physical
security officer
network mapping
risk
47. Potential danger to information or systems
operational
blueprints
threat
availability
48. Risk mgmt method with much broader focus than IT security
escalation
security program
AS/NZS 4360
risk analysis
49. Provides a cost/benefit comparision
ISO/IEC 27005
vulnerability
tactical
risk analysis
50. Type of audit that checks information classification and change control procedures
annualized rate of occurrence
administrative
threat
Facilitated Risk Analysis Process