Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The following tools (Nessus - Qualys - Retina) are ______________ scanners






2. Ensures necessary level of secrecy and prevents unauthorized disclosure






3. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)






4. Tools to ID - develop - and design security requirements for business needs






5. CobiT






6. Mitigates a potential risk






7. Responsible for information classification and protection






8. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate






9. __________ loss has a negative effect after a vulnerability is initially exploited






10. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files






11. FRAP






12. Used to ID failures in a complex systems to understand underlying causes of threats






13. Responsible for communicating to senior mgmt organizational risks and compliance regulations






14. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion






15. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.






16. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits






17. Expected or predetermined performance level - developed from policy - performance - requirements






18. Type of audit that checks information classification and change control procedures






19. COSO






20. Controls that implement access control - password mangement - identification and authentication methods - configuration






21. Guide assist in the implemenation of information security based on risk managent approach






22. Number of time the incident might occur annually - (ARO)






23. Information security managment measurements






24. A log that can record outgoing requests - incoming traffic - and internet usage






25. ISM Standard






26. IT governance at the operational level






27. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product






28. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond






29. Ensures managment security directives are fulfilled






30. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)






31. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach






32. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate






33. Used to predict changes based on trends - detect deviations - and watch events across multiple system components






34. Risk mgmt method with much broader focus than IT security






35. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk






36. CISO






37. Percentage of an asset's value that would be lost in a single incident - (EF)






38. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control






39. Strategic - tactical and operational planning






40. Type of audit that checks that network resources - systems and software are used appropriately






41. Type of audit that checks that accounts - groups and roles are correctly assigned






42. Midterm goals






43. Ensures reliable timely access to data/resources to authorized individuals






44. Guide to illustrate how to protect personal health information






45. Potential danger to information or systems






46. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics






47. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment






48. FMEA






49. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost






50. The asset's value multiplied by the EF percentage - (SLE)