Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Midterm goals






2. Used to predict changes based on trends - detect deviations - and watch events across multiple system components






3. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards






4. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________






5. Possiblity of damage and the ramifications should it occur






6. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering






7. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment






8. CISO






9. Used to ID failures in a complex systems to understand underlying causes of threats






10. Assurance of accurancy and reliability of information and systems






11. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation






12. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost






13. Derived from the COSO framework






14. Controls that implement access control - password mangement - identification and authentication methods - configuration






15. FRAP






16. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate






17. Event levels available for logging in a MS DNS server






18. Made up of ten domains - a mechanism to describe security processes






19. Ensures managment security directives are fulfilled






20. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate






21. Provides a cost/benefit comparision






22. Responsible for information classification and protection






23. Expected or predetermined performance level - developed from policy - performance - requirements






24. Focus on service level agreements between IT dept and internal customers






25. The following tools (Nessus - Qualys - Retina) are ______________ scanners






26. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk






27. Type of audit that checks that network resources - systems and software are used appropriately






28. A log that can record outgoing requests - incoming traffic - and internet usage






29. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks






30. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files






31. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company






32. Ensures reliable timely access to data/resources to authorized individuals






33. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach






34. FMEA






35. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs






36. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control






37. OCTAVE






38. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)






39. Ensures necessary level of secrecy and prevents unauthorized disclosure






40. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers






41. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)






42. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics






43. Potential danger to information or systems






44. Tools to ID - develop - and design security requirements for business needs






45. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard






46. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion






47. Collection of controls an organization must have in place






48. NIST risk management methodology






49. An instance of being exposed to losses from a threat






50. De facto standard of best practices for IT service mgmt