Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
FMEA
OCTAVE
ISO/IEC 27799
confidentiality

2. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
performance monitor
Committee of Sponsoring Organizations
CobiT
OCTAVE

3. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
due care
risk anlysis
fault tree analysis
L0phtCrack

4. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
CISO
network mapping
blueprints
security program

5. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
protocol analyzer
ISO/IEC 27001
escalation
privilege

6. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
countermeasure
COSO
ISO/IEC 27001
ISO/IEC 27004

7. Possiblity of damage and the ramifications should it occur
risk
CISO
Committee of Sponsoring Organizations
Information Security Management

8. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
FMEA
administrative
usage
security program

9. Ensures necessary level of secrecy and prevents unauthorized disclosure
penetration
confidentiality
security program
COSO

10. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
SP 800-30
FRAP
protocol analyzer
network mapping

11. Provides a cost/benefit comparision
network mapping
CobiT
risk analysis
vulnerability

12. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
vulnerability
ISO/IEC 27001
FMEA
elcomsoft

13. Expected or predetermined performance level - developed from policy - performance - requirements
usage
CobiT
annualized loss expectancy
performance baseline

14. The likelihood of exploitation and the loss potential
risk
Information Security Management
CobiT
single loss expectancy

15. CSO
penetration
administrative
corporate security officer
chief information security officer

16. FMEA
network mapping
tactical
Failure Modes and Effect Analysis
CISO

17. OCTAVE
technical
vulnerability
john the ripper
Operationally Critical Threat - Asset - and Vulnerability Evaluation

18. CobiT
CobiT
Control Objectives for Information and related Technology
blueprints
john the ripper

19. Collection of controls an organization must have in place
ISO 17799
CobiT
No events - Errors only - Errors and warnings - All events
security program

20. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
tactical
fault tree analysis
CISO
planning horizon

21. Number of time the incident might occur annually - (ARO)
Facilitated Risk Analysis Process
Information Security Management
firewall
annualized rate of occurrence

22. Type of audit that checks that network resources - systems and software are used appropriately
Operationally Critical Threat - Asset - and Vulnerability Evaluation
usage
vulnerability
corporate security officer

23. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
physical
vulnerability
elcomsoft
CISO

24. An instance of being exposed to losses from a threat
vulnerability
qualitative
exposure
security program

25. The following tools (Nessus - Qualys - Retina) are ______________ scanners
penetration
ISO/IEC 27001
security program
vulnerability

26. COSO
single loss expectancy
Failure Modes and Effect Analysis
Committee of Sponsoring Organizations
L0phtCrack

27. Strategic - tactical and operational planning
Facilitated Risk Analysis Process
annualized rate of occurrence
planning horizon
qualitative

28. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
Committee of Sponsoring Organizations
OCTAVE
COSO
CobiT

29. IT governance at the operational level
CobiT
FRAP
risk
physical

30. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
single loss expectancy
risk catagories
exposure factor
vulnerability

31. Ensures managment security directives are fulfilled
firewall
security officer
risk
risk anlysis

32. The tools - personnel and business processes necessary to ensure that security meets needs
CobiT
Information Security Management
risk analysis
security governanace

33. An open language from mitre.org for determining vulnerabilities and problems on computer systems
OVAL
escalation
corporate security officer
CISO

34. IRM
Information Security Management
OCTAVE
Information risk management
vulnerability scanner

35. Corporate governance at the strategic level
blueprints
COSO
strategic
firewall

36. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
port scanner
escalation
qualitative
technical

37. Made up of ten domains - a mechanism to describe security processes
ITIL
security program
ISO 17799
risk

38. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
FRAP
mappers
penetration
due care

39. Guide to illustrate how to protect personal health information
performance baseline
ISO/IEC 27799
single loss expectancy
ISO 17799

40. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
risk anlysis
strategic
BS7799
No events - Errors only - Errors and warnings - All events

41. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
administrative
ISO/IEC 27004
ITIL
risk mitigation

42. Derived from the COSO framework
countermeasure
Facilitated Risk Analysis Process
CobiT
john the ripper

43. Controls that implement access control - password mangement - identification and authentication methods - configuration
protocol analyzer
ITIL
technical
vulnerability

44. Potential danger to information or systems
exposure factor
OVAL
threat
vulnerability

45. Used to ID failures in a complex systems to understand underlying causes of threats
OCTAVE
L0phtCrack
fault tree analysis
Committee of Sponsoring Organizations

46. Risk mgmt method with much broader focus than IT security
performance monitor
due care
CobiT
AS/NZS 4360

47. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
Committee of Sponsoring Organizations
COSO
single loss expectancy
FRAP

48. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
exposure factor
CISO
COSO
No events - Errors only - Errors and warnings - All events

49. Type of audit that checks procedures and policies for escalating issues to management
escalation
risk mitigation
CobiT
network mapping

50. Assurance of accurancy and reliability of information and systems
integrity
FRAP
protocol analyzer
Control Objectives for Information and related Technology