SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
COSO
elcomsoft
CobiT
Information Technology Infrastructure Library (ITIL)
2. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
vulnerability scanner
IRM
corporate security officer
risk
3. FMEA
Failure Modes and Effect Analysis
administrative
COSO
risk analysis
4. IRM
Information risk management
tactical
COSO
operational
5. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
IRM
Information Technology Infrastructure Library (ITIL)
risk catagories
risk analysis
6. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
Failure Modes and Effect Analysis
L0phtCrack
OVAL
CobiT
7. Ensures reliable timely access to data/resources to authorized individuals
single loss expectancy
ISO/IEC 27005
threat
availability
8. Derived from the COSO framework
strategic
security program
single loss expectancy
CobiT
9. Provides a cost/benefit comparision
FRAP
BS7799
risk analysis
SP 800-30
10. Controls that implement access control - password mangement - identification and authentication methods - configuration
technical
FRAP
security officer
ISO 17799
11. Made up of ten domains - a mechanism to describe security processes
strategic
ISO 17799
planning horizon
annualized loss expectancy
12. Percentage of an asset's value that would be lost in a single incident - (EF)
exposure factor
OVAL
No events - Errors only - Errors and warnings - All events
CobiT
13. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
qualitative
CobiT
Information Technology Infrastructure Library (ITIL)
network mapping
14. NIST risk management methodology
annualized loss expectancy
ISO/IEC 27002
SP 800-30
ITIL
15. Type of audit that checks information classification and change control procedures
tactical
BS7799
delayed
administrative
16. De facto standard of best practices for IT service mgmt
Information Technology Infrastructure Library (ITIL)
L0phtCrack
Facilitated Risk Analysis Process
vulnerability scanner
17. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
protocol analyzer
exposure factor
Operationally Critical Threat - Asset - and Vulnerability Evaluation
security governanace
18. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
COSO
annualized rate of occurrence
vulnerability
OCTAVE
19. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
ISO/IEC 27004
risk analysis
risk anlysis
Information Technology Infrastructure Library (ITIL)
20. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
OCTAVE
FRAP
CobiT
usage
21. Guide assist in the implemenation of information security based on risk managent approach
IRM
vulnerability
chief information security officer
ISO/IEC 27005
22. Ensures managment security directives are fulfilled
CobiT
security officer
FRAP
COSO
23. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
privilege
CISO
Control Objectives for Information and related Technology
ISO 17799
24. OCTAVE
Facilitated Risk Analysis Process
integrity
Operationally Critical Threat - Asset - and Vulnerability Evaluation
vulnerability scanner
25. Information security managment measurements
Committee of Sponsoring Organizations
SP 800-30
ISO/IEC 27004
technical
26. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
security officer
planning horizon
fault tree analysis
security program
27. Guide to illustrate how to protect personal health information
annualized loss expectancy
ISO/IEC 27002
COSO
ISO/IEC 27799
28. A weakness (software - hardware - procedural - human) that can be exploited
vulnerability
CobiT
chief information security officer
countermeasure
29. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
port scanner
threat
penetration
risk anlysis
30. Midterm goals
tactical
administrative
CISO
annualized rate of occurrence
31. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
data owner
CobiT
qualitative
ISO/IEC 27005
32. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
risk mitigation
risk
ISO/IEC 27004
No events - Errors only - Errors and warnings - All events
33. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
performance baseline
FMEA
OCTAVE
countermeasure
34. Tools to ID - develop - and design security requirements for business needs
administrative
exposure
data owner
blueprints
35. Collection of controls an organization must have in place
usage
security governanace
security program
strategic
36. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
strategic
Operationally Critical Threat - Asset - and Vulnerability Evaluation
ISO/IEC 27004
risk analysis
37. Type of audit that checks that network resources - systems and software are used appropriately
Failure Modes and Effect Analysis
ISO/IEC 27005
privilege
usage
38. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond
risk catagories
COSO
threat
availability
39. Focus on service level agreements between IT dept and internal customers
performance baseline
protocol analyzer
ITIL
risk
40. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
No events - Errors only - Errors and warnings - All events
vulnerability
port scanner
ISO 17799
41. Type of audit that checks that accounts - groups and roles are correctly assigned
CobiT
protocol analyzer
privilege
data owner
42. CSO
network mapping
exposure factor
corporate security officer
Information Security Management
43. CISO
vulnerability
chief information security officer
risk catagories
data owner
44. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
administrative
Control Objectives for Information and related Technology
physical
network mapping
45. IT governance at the operational level
protocol analyzer
L0phtCrack
CobiT
SP 800-30
46. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
network mapping
SP 800-30
technical
Information risk management
47. Mitigates a potential risk
delayed
countermeasure
privilege
ISO/IEC 27799
48. An open language from mitre.org for determining vulnerabilities and problems on computer systems
threat
privilege
performance baseline
OVAL
49. Possiblity of damage and the ramifications should it occur
FMEA
risk
annualized rate of occurrence
vulnerability
50. Number of time the incident might occur annually - (ARO)
vulnerability
exposure factor
annualized rate of occurrence
ISO/IEC 27005