Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Ensures reliable timely access to data/resources to authorized individuals
network mapping
port scanner
availability
risk mitigation

2. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
threat
vulnerability
delayed
ISO 17799

3. Assurance of accurancy and reliability of information and systems
threat
network mapping
john the ripper
integrity

4. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
physical
ISO/IEC 27799
OVAL
CobiT

5. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
Committee of Sponsoring Organizations
security program
performance baseline
FMEA

6. The asset's value multiplied by the EF percentage - (SLE)
No events - Errors only - Errors and warnings - All events
single loss expectancy
threat
ISO 17799

7. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
elcomsoft
Committee of Sponsoring Organizations
OVAL
privilege

8. Ensures necessary level of secrecy and prevents unauthorized disclosure
confidentiality
Facilitated Risk Analysis Process
security program
usage

9. IRM
elcomsoft
security officer
ISO/IEC 27002
Information risk management

10. __________ loss has a negative effect after a vulnerability is initially exploited
ISO 17799
delayed
ISO 17799
tactical

11. IT governance at the operational level
countermeasure
ISO/IEC 27799
CobiT
L0phtCrack

12. Information security managment measurements
performance monitor
CISO
integrity
ISO/IEC 27004

13. FMEA
fault tree analysis
risk anlysis
qualitative
Failure Modes and Effect Analysis

14. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
ISO/IEC 27005
CobiT
elcomsoft
risk

15. Guide assist in the implemenation of information security based on risk managent approach
vulnerability scanner
chief information security officer
SP 800-30
ISO/IEC 27005

16. Midterm goals
tactical
ISO/IEC 27005
john the ripper
network mapping

17. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
usage
strategic
administrative
port scanner

18. Daily goals focused on productivity and task-oriented activities
No events - Errors only - Errors and warnings - All events
operational
single loss expectancy
security program

19. CISO
FRAP
exposure factor
chief information security officer
ISO/IEC 27002

20. Responsible for communicating to senior mgmt organizational risks and compliance regulations
technical
IRM
CISO
vulnerability scanner

21. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
strategic
delayed
Control Objectives for Information and related Technology
FMEA

22. Used to ID failures in a complex systems to understand underlying causes of threats
integrity
fault tree analysis
Committee of Sponsoring Organizations
physical

23. Possiblity of damage and the ramifications should it occur
ISO/IEC 27799
risk
Control Objectives for Information and related Technology
escalation

24. Provides a cost/benefit comparision
countermeasure
CISO
risk analysis
availability

25. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
risk analysis
performance baseline
COSO
BS7799

26. Tools to ID - develop - and design security requirements for business needs
tactical
security program
blueprints
technical

27. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
CISO
exposure factor
corporate security officer
qualitative

28. CobiT
usage
Control Objectives for Information and related Technology
physical
FMEA

29. Made up of ten domains - a mechanism to describe security processes
ISO 17799
No events - Errors only - Errors and warnings - All events
integrity
vulnerability

30. An open language from mitre.org for determining vulnerabilities and problems on computer systems
exposure factor
network mapping
strategic
OVAL

31. CSO
john the ripper
delayed
corporate security officer
ITIL

32. The likelihood of exploitation and the loss potential
Control Objectives for Information and related Technology
elcomsoft
risk
qualitative

33. NIST risk management methodology
countermeasure
performance monitor
SP 800-30
single loss expectancy

34. Controls that implement access control - password mangement - identification and authentication methods - configuration
elcomsoft
FMEA
technical
ISO 17799

35. A weakness (software - hardware - procedural - human) that can be exploited
CobiT
COSO
vulnerability
protocol analyzer

36. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond
COSO
availability
CISO
risk

37. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
BS7799
L0phtCrack
risk anlysis
ISO/IEC 27005

38. Responsible for information classification and protection
data owner
availability
single loss expectancy
john the ripper

39. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
due care
risk catagories
BS7799
escalation

40. Derived from the COSO framework
administrative
security officer
CobiT
Information risk management

41. Corporate governance at the strategic level
annualized loss expectancy
security program
COSO
annualized rate of occurrence

42. Event levels available for logging in a MS DNS server
john the ripper
Operationally Critical Threat - Asset - and Vulnerability Evaluation
corporate security officer
No events - Errors only - Errors and warnings - All events

43. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
CobiT
risk catagories
exposure
network mapping

44. Type of audit that checks that network resources - systems and software are used appropriately
risk anlysis
usage
risk
protocol analyzer

45. Guide to illustrate how to protect personal health information
ISO/IEC 27799
ISO 17799
OVAL
COSO

46. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
mappers
port scanner
ISO/IEC 27002
Information risk management

47. Expected or predetermined performance level - developed from policy - performance - requirements
COSO
performance baseline
CobiT
usage

48. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
delayed
L0phtCrack
Operationally Critical Threat - Asset - and Vulnerability Evaluation
fault tree analysis

49. Number of time the incident might occur annually - (ARO)
risk
CobiT
blueprints
annualized rate of occurrence

50. ISM Standard
AS/NZS 4360
integrity
technical
Information Security Management