SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
vulnerability
ISO/IEC 27004
OCTAVE
annualized rate of occurrence
2. Provides a cost/benefit comparision
network mapping
COSO
risk analysis
security program
3. Midterm goals
tactical
ISO 17799
strategic
OCTAVE
4. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
penetration
administrative
ISO/IEC 27004
ISO/IEC 27001
5. SLE x ARO - (ALE)
annualized loss expectancy
AS/NZS 4360
Information Technology Infrastructure Library (ITIL)
elcomsoft
6. Event levels available for logging in a MS DNS server
ISO/IEC 27005
No events - Errors only - Errors and warnings - All events
security program
due care
7. Responsible for communicating to senior mgmt organizational risks and compliance regulations
AS/NZS 4360
exposure factor
security officer
CISO
8. Type of audit that checks procedures and policies for escalating issues to management
network mapping
exposure factor
escalation
port scanner
9. IT governance at the operational level
OCTAVE
mappers
CobiT
elcomsoft
10. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
risk
CISO
risk
john the ripper
11. Tools to ID - develop - and design security requirements for business needs
annualized loss expectancy
mappers
ISO 17799
blueprints
12. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
performance monitor
security program
CISO
CobiT
13. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
escalation
due care
planning horizon
ISO/IEC 27799
14. Ensures necessary level of secrecy and prevents unauthorized disclosure
network mapping
confidentiality
performance monitor
Operationally Critical Threat - Asset - and Vulnerability Evaluation
15. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
vulnerability
port scanner
integrity
Information risk management
16. Made up of ten domains - a mechanism to describe security processes
Operationally Critical Threat - Asset - and Vulnerability Evaluation
ITIL
john the ripper
ISO 17799
17. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
elcomsoft
data owner
privilege
IRM
18. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
security program
FMEA
security officer
physical
19. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
SP 800-30
mappers
ISO/IEC 27001
vulnerability
20. Daily goals focused on productivity and task-oriented activities
elcomsoft
operational
ISO/IEC 27002
network mapping
21. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
mappers
tactical
Committee of Sponsoring Organizations
elcomsoft
22. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
network mapping
Facilitated Risk Analysis Process
COSO
delayed
23. CobiT
fault tree analysis
exposure
Control Objectives for Information and related Technology
exposure factor
24. FMEA
No events - Errors only - Errors and warnings - All events
countermeasure
protocol analyzer
Failure Modes and Effect Analysis
25. Used to ID failures in a complex systems to understand underlying causes of threats
penetration
Control Objectives for Information and related Technology
ISO/IEC 27004
fault tree analysis
26. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
administrative
AS/NZS 4360
security program
risk catagories
27. Guide to illustrate how to protect personal health information
physical
exposure factor
ISO/IEC 27799
penetration
28. CSO
corporate security officer
ISO 17799
vulnerability
Operationally Critical Threat - Asset - and Vulnerability Evaluation
29. Information security managment measurements
planning horizon
ISO/IEC 27004
blueprints
fault tree analysis
30. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
network mapping
performance baseline
CobiT
risk analysis
31. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
administrative
strategic
FMEA
integrity
32. Strategic - tactical and operational planning
FRAP
BS7799
Information risk management
planning horizon
33. ISM Standard
corporate security officer
risk analysis
Information Security Management
strategic
34. Corporate governance at the strategic level
threat
COSO
security program
risk anlysis
35. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
performance baseline
annualized loss expectancy
security program
blueprints
36. FRAP
Facilitated Risk Analysis Process
exposure factor
ISO/IEC 27004
physical
37. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
FMEA
qualitative
risk mitigation
AS/NZS 4360
38. CISO
chief information security officer
planning horizon
exposure
firewall
39. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
COSO
technical
penetration
physical
40. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
ISO/IEC 27001
COSO
CobiT
technical
41. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
mappers
risk catagories
Information Technology Infrastructure Library (ITIL)
OVAL
42. Number of time the incident might occur annually - (ARO)
due care
privilege
annualized rate of occurrence
Information risk management
43. Controls that implement access control - password mangement - identification and authentication methods - configuration
escalation
technical
SP 800-30
ISO/IEC 27002
44. Potential danger to information or systems
threat
risk catagories
ITIL
annualized rate of occurrence
45. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
physical
strategic
Information Security Management
risk anlysis
46. De facto standard of best practices for IT service mgmt
Facilitated Risk Analysis Process
Information Technology Infrastructure Library (ITIL)
operational
port scanner
47. Expected or predetermined performance level - developed from policy - performance - requirements
security governanace
FMEA
blueprints
performance baseline
48. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
john the ripper
annualized rate of occurrence
performance monitor
CobiT
49. Type of audit that checks that network resources - systems and software are used appropriately
exposure factor
annualized loss expectancy
CobiT
usage
50. A weakness (software - hardware - procedural - human) that can be exploited
vulnerability
corporate security officer
performance monitor
administrative