Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Strategic - tactical and operational planning






2. Possiblity of damage and the ramifications should it occur






3. SLE x ARO - (ALE)






4. The asset's value multiplied by the EF percentage - (SLE)






5. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files






6. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards






7. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis






8. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)






9. NIST risk management methodology






10. A weakness (software - hardware - procedural - human) that can be exploited






11. Type of audit that checks information classification and change control procedures






12. __________ loss has a negative effect after a vulnerability is initially exploited






13. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.






14. CISO






15. Made up of ten domains - a mechanism to describe security processes






16. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation






17. Risk mgmt method with much broader focus than IT security






18. The tools - personnel and business processes necessary to ensure that security meets needs






19. Controls that implement access control - password mangement - identification and authentication methods - configuration






20. FRAP






21. Ensures managment security directives are fulfilled






22. An open language from mitre.org for determining vulnerabilities and problems on computer systems






23. Tools to ID - develop - and design security requirements for business needs






24. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion






25. Daily goals focused on productivity and task-oriented activities






26. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks






27. Ensures necessary level of secrecy and prevents unauthorized disclosure






28. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits






29. Guide to illustrate how to protect personal health information






30. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external






31. CSO






32. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate






33. ISM Standard






34. Used to ID failures in a complex systems to understand underlying causes of threats






35. Type of audit that checks procedures and policies for escalating issues to management






36. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate






37. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental






38. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach






39. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error






40. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)






41. IRM






42. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers






43. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs






44. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk






45. Expected or predetermined performance level - developed from policy - performance - requirements






46. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product






47. Information security managment measurements






48. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control






49. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting






50. Number of time the incident might occur annually - (ARO)