Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond






2. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs






3. IRM






4. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk






5. Tools to ID - develop - and design security requirements for business needs






6. Type of audit that checks information classification and change control procedures






7. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate






8. CISO






9. Corporate governance at the strategic level






10. Strategic - tactical and operational planning






11. Provides a cost/benefit comparision






12. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate






13. Number of time the incident might occur annually - (ARO)






14. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics






15. SLE x ARO - (ALE)






16. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error






17. Type of audit that checks that accounts - groups and roles are correctly assigned






18. Ensures reliable timely access to data/resources to authorized individuals






19. The likelihood of exploitation and the loss potential






20. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks






21. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)






22. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting






23. CobiT






24. Controls that implement access control - password mangement - identification and authentication methods - configuration






25. The tools - personnel and business processes necessary to ensure that security meets needs






26. FMEA






27. Used to predict changes based on trends - detect deviations - and watch events across multiple system components






28. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost






29. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)






30. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)






31. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation






32. The following tools (Nessus - Qualys - Retina) are ______________ scanners






33. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________






34. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards






35. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental






36. Daily goals focused on productivity and task-oriented activities






37. Ensures managment security directives are fulfilled






38. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits






39. An instance of being exposed to losses from a threat






40. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company






41. Made up of ten domains - a mechanism to describe security processes






42. A log that can record outgoing requests - incoming traffic - and internet usage






43. Collection of controls an organization must have in place






44. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate






45. Derived from the COSO framework






46. Used to ID failures in a complex systems to understand underlying causes of threats






47. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)






48. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion






49. The asset's value multiplied by the EF percentage - (SLE)






50. ISM Standard