SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Ensures managment security directives are fulfilled
CobiT
security officer
technical
qualitative
2. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
administrative
L0phtCrack
firewall
Information risk management
3. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
countermeasure
FMEA
elcomsoft
tactical
4. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
protocol analyzer
Operationally Critical Threat - Asset - and Vulnerability Evaluation
FMEA
firewall
5. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
Control Objectives for Information and related Technology
vulnerability
elcomsoft
performance monitor
6. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
ISO/IEC 27002
ISO/IEC 27799
exposure factor
penetration
7. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
penetration
network mapping
administrative
IRM
8. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
IRM
escalation
FMEA
port scanner
9. A log that can record outgoing requests - incoming traffic - and internet usage
No events - Errors only - Errors and warnings - All events
risk mitigation
firewall
COSO
10. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
risk catagories
john the ripper
performance monitor
delayed
11. __________ loss has a negative effect after a vulnerability is initially exploited
technical
delayed
annualized rate of occurrence
ISO 17799
12. Event levels available for logging in a MS DNS server
chief information security officer
escalation
No events - Errors only - Errors and warnings - All events
performance baseline
13. Responsible for information classification and protection
ISO/IEC 27001
ITIL
data owner
CobiT
14. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
CISO
performance monitor
Failure Modes and Effect Analysis
ISO/IEC 27002
15. Percentage of an asset's value that would be lost in a single incident - (EF)
CobiT
CISO
tactical
exposure factor
16. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
confidentiality
performance monitor
risk catagories
CobiT
17. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
OVAL
blueprints
network mapping
Control Objectives for Information and related Technology
18. The tools - personnel and business processes necessary to ensure that security meets needs
penetration
CobiT
security governanace
No events - Errors only - Errors and warnings - All events
19. CSO
annualized loss expectancy
ISO/IEC 27001
corporate security officer
protocol analyzer
20. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
ISO/IEC 27002
FRAP
performance monitor
penetration
21. Information security managment measurements
risk catagories
Control Objectives for Information and related Technology
IRM
ISO/IEC 27004
22. Corporate governance at the strategic level
ISO/IEC 27005
delayed
COSO
vulnerability scanner
23. FRAP
ISO 17799
Facilitated Risk Analysis Process
tactical
due care
24. FMEA
performance baseline
ISO 17799
Failure Modes and Effect Analysis
Operationally Critical Threat - Asset - and Vulnerability Evaluation
25. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
CISO
vulnerability
OCTAVE
qualitative
26. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
L0phtCrack
technical
COSO
risk catagories
27. SLE x ARO - (ALE)
FMEA
vulnerability
annualized loss expectancy
Control Objectives for Information and related Technology
28. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
FMEA
ISO 17799
privilege
physical
29. The likelihood of exploitation and the loss potential
CobiT
risk
annualized loss expectancy
vulnerability
30. Number of time the incident might occur annually - (ARO)
ITIL
annualized rate of occurrence
ISO 17799
vulnerability
31. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
IRM
risk anlysis
vulnerability scanner
No events - Errors only - Errors and warnings - All events
32. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
port scanner
COSO
firewall
security officer
33. Potential danger to information or systems
vulnerability
threat
CISO
network mapping
34. IRM
ISO/IEC 27001
Information risk management
CISO
port scanner
35. Strategic - tactical and operational planning
availability
planning horizon
CobiT
port scanner
36. Type of audit that checks information classification and change control procedures
BS7799
Committee of Sponsoring Organizations
annualized loss expectancy
administrative
37. An open language from mitre.org for determining vulnerabilities and problems on computer systems
OVAL
COSO
tactical
availability
38. ISM Standard
FRAP
vulnerability
Information Security Management
technical
39. IT governance at the operational level
network mapping
vulnerability
CobiT
BS7799
40. Risk mgmt method with much broader focus than IT security
performance baseline
port scanner
AS/NZS 4360
usage
41. An instance of being exposed to losses from a threat
exposure
ITIL
Information Technology Infrastructure Library (ITIL)
ISO/IEC 27005
42. Mitigates a potential risk
protocol analyzer
countermeasure
AS/NZS 4360
qualitative
43. NIST risk management methodology
BS7799
AS/NZS 4360
SP 800-30
ISO 17799
44. Expected or predetermined performance level - developed from policy - performance - requirements
data owner
countermeasure
elcomsoft
performance baseline
45. Used to ID failures in a complex systems to understand underlying causes of threats
operational
CobiT
fault tree analysis
ITIL
46. Midterm goals
delayed
tactical
port scanner
performance monitor
47. De facto standard of best practices for IT service mgmt
protocol analyzer
vulnerability
FMEA
Information Technology Infrastructure Library (ITIL)
48. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
tactical
qualitative
No events - Errors only - Errors and warnings - All events
risk catagories
49. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond
ISO 17799
COSO
SP 800-30
strategic
50. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
performance monitor
strategic
data owner
firewall