Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files






2. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks






3. Daily goals focused on productivity and task-oriented activities






4. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)






5. Made up of ten domains - a mechanism to describe security processes






6. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering






7. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards






8. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard






9. __________ loss has a negative effect after a vulnerability is initially exploited






10. SLE x ARO - (ALE)






11. Number of time the incident might occur annually - (ARO)






12. Percentage of an asset's value that would be lost in a single incident - (EF)






13. NIST risk management methodology






14. Type of audit that checks procedures and policies for escalating issues to management






15. COSO






16. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error






17. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs






18. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate






19. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion






20. Type of audit that checks that accounts - groups and roles are correctly assigned






21. CobiT






22. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company






23. Ensures reliable timely access to data/resources to authorized individuals






24. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting






25. OCTAVE






26. Mitigates a potential risk






27. Risk mgmt method with much broader focus than IT security






28. The likelihood of exploitation and the loss potential






29. Strategic - tactical and operational planning






30. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks






31. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control






32. Used to predict changes based on trends - detect deviations - and watch events across multiple system components






33. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)






34. The following tools (Nessus - Qualys - Retina) are ______________ scanners






35. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.






36. Tools to ID - develop - and design security requirements for business needs






37. FRAP






38. Type of audit that checks that network resources - systems and software are used appropriately






39. Derived from the COSO framework






40. ISM Standard






41. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)






42. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product






43. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis






44. Midterm goals






45. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits






46. An instance of being exposed to losses from a threat






47. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate






48. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)






49. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation






50. De facto standard of best practices for IT service mgmt