SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Ensures reliable timely access to data/resources to authorized individuals
administrative
availability
risk analysis
OVAL
2. __________ loss has a negative effect after a vulnerability is initially exploited
AS/NZS 4360
OVAL
Facilitated Risk Analysis Process
delayed
3. Expected or predetermined performance level - developed from policy - performance - requirements
FMEA
CobiT
ISO/IEC 27002
performance baseline
4. Daily goals focused on productivity and task-oriented activities
tactical
exposure
operational
countermeasure
5. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
CobiT
strategic
CobiT
Information Security Management
6. Assurance of accurancy and reliability of information and systems
delayed
operational
physical
integrity
7. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
strategic
CISO
escalation
delayed
8. Ensures managment security directives are fulfilled
ISO 17799
mappers
security officer
usage
9. Controls that implement access control - password mangement - identification and authentication methods - configuration
ISO/IEC 27799
security program
technical
exposure factor
10. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond
fault tree analysis
vulnerability
COSO
exposure factor
11. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
port scanner
Operationally Critical Threat - Asset - and Vulnerability Evaluation
ISO/IEC 27002
Facilitated Risk Analysis Process
12. IT governance at the operational level
CobiT
security officer
integrity
No events - Errors only - Errors and warnings - All events
13. Provides a cost/benefit comparision
network mapping
Facilitated Risk Analysis Process
risk analysis
annualized rate of occurrence
14. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
security program
risk anlysis
protocol analyzer
threat
15. Potential danger to information or systems
operational
physical
elcomsoft
threat
16. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
ISO/IEC 27002
FMEA
blueprints
Control Objectives for Information and related Technology
17. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
FMEA
vulnerability scanner
network mapping
COSO
18. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
CobiT
network mapping
port scanner
confidentiality
19. Guide to illustrate how to protect personal health information
COSO
ISO/IEC 27799
CobiT
privilege
20. Risk mgmt method with much broader focus than IT security
AS/NZS 4360
COSO
CobiT
penetration
21. A weakness (software - hardware - procedural - human) that can be exploited
vulnerability
administrative
OVAL
john the ripper
22. Information security managment measurements
Committee of Sponsoring Organizations
vulnerability scanner
ISO/IEC 27004
OCTAVE
23. SLE x ARO - (ALE)
risk mitigation
annualized loss expectancy
fault tree analysis
firewall
24. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
elcomsoft
security program
vulnerability
penetration
25. The likelihood of exploitation and the loss potential
CISO
due care
risk
ISO/IEC 27005
26. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
security program
annualized loss expectancy
administrative
chief information security officer
27. Ensures necessary level of secrecy and prevents unauthorized disclosure
network mapping
CobiT
confidentiality
administrative
28. Corporate governance at the strategic level
vulnerability
COSO
CobiT
SP 800-30
29. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
COSO
availability
ISO/IEC 27005
annualized rate of occurrence
30. Type of audit that checks that network resources - systems and software are used appropriately
usage
AS/NZS 4360
ISO/IEC 27799
ISO 17799
31. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
technical
blueprints
risk analysis
No events - Errors only - Errors and warnings - All events
32. Strategic - tactical and operational planning
planning horizon
risk
OCTAVE
COSO
33. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
FMEA
BS7799
planning horizon
performance monitor
34. Possiblity of damage and the ramifications should it occur
ISO/IEC 27002
risk
network mapping
performance baseline
35. Derived from the COSO framework
risk mitigation
vulnerability
CobiT
exposure
36. Responsible for information classification and protection
data owner
privilege
FMEA
Information risk management
37. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
OVAL
FMEA
technical
mappers
38. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
L0phtCrack
data owner
CISO
port scanner
39. Tools to ID - develop - and design security requirements for business needs
threat
network mapping
blueprints
Committee of Sponsoring Organizations
40. COSO
physical
Information Technology Infrastructure Library (ITIL)
No events - Errors only - Errors and warnings - All events
Committee of Sponsoring Organizations
41. The following tools (Nessus - Qualys - Retina) are ______________ scanners
risk mitigation
physical
FMEA
vulnerability
42. Collection of controls an organization must have in place
security program
vulnerability
delayed
FMEA
43. An open language from mitre.org for determining vulnerabilities and problems on computer systems
single loss expectancy
risk anlysis
OVAL
privilege
44. A log that can record outgoing requests - incoming traffic - and internet usage
risk analysis
firewall
ITIL
annualized loss expectancy
45. IRM
No events - Errors only - Errors and warnings - All events
COSO
technical
Information risk management
46. Event levels available for logging in a MS DNS server
Committee of Sponsoring Organizations
protocol analyzer
No events - Errors only - Errors and warnings - All events
ISO/IEC 27001
47. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
network mapping
port scanner
qualitative
security governanace
48. Percentage of an asset's value that would be lost in a single incident - (EF)
exposure factor
performance baseline
integrity
OVAL
49. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
annualized rate of occurrence
physical
SP 800-30
performance monitor
50. Responsible for communicating to senior mgmt organizational risks and compliance regulations
No events - Errors only - Errors and warnings - All events
CISO
privilege
physical
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests