SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Type of audit that checks information classification and change control procedures
administrative
CobiT
blueprints
risk catagories
2. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
Facilitated Risk Analysis Process
elcomsoft
FMEA
CobiT
3. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
CobiT
administrative
IRM
availability
4. COSO
risk
ISO/IEC 27005
Committee of Sponsoring Organizations
ISO 17799
5. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
chief information security officer
ISO 17799
FMEA
Control Objectives for Information and related Technology
6. Guide to illustrate how to protect personal health information
ISO 17799
technical
ISO/IEC 27799
fault tree analysis
7. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
security program
risk catagories
risk mitigation
ISO/IEC 27799
8. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
mappers
due care
risk
ISO/IEC 27799
9. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
escalation
FMEA
IRM
delayed
10. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
exposure factor
ISO 17799
IRM
elcomsoft
11. Information security managment measurements
integrity
CobiT
ISO/IEC 27004
mappers
12. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
IRM
CobiT
CISO
planning horizon
13. Ensures necessary level of secrecy and prevents unauthorized disclosure
network mapping
availability
threat
confidentiality
14. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
OCTAVE
vulnerability
risk anlysis
vulnerability
15. Mitigates a potential risk
security officer
risk analysis
countermeasure
vulnerability
16. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
FMEA
security governanace
CobiT
ISO/IEC 27002
17. Responsible for communicating to senior mgmt organizational risks and compliance regulations
FRAP
CISO
due care
vulnerability
18. Used to ID failures in a complex systems to understand underlying causes of threats
annualized loss expectancy
fault tree analysis
privilege
delayed
19. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
risk analysis
risk catagories
security program
ISO/IEC 27004
20. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
CobiT
COSO
ISO/IEC 27001
performance baseline
21. An open language from mitre.org for determining vulnerabilities and problems on computer systems
corporate security officer
OVAL
CISO
BS7799
22. IRM
ISO/IEC 27002
performance monitor
technical
Information risk management
23. NIST risk management methodology
privilege
tactical
SP 800-30
network mapping
24. Type of audit that checks procedures and policies for escalating issues to management
strategic
escalation
corporate security officer
No events - Errors only - Errors and warnings - All events
25. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
physical
CobiT
risk mitigation
administrative
26. CobiT
CISO
fault tree analysis
Control Objectives for Information and related Technology
vulnerability
27. Provides a cost/benefit comparision
integrity
risk analysis
AS/NZS 4360
penetration
28. Guide assist in the implemenation of information security based on risk managent approach
SP 800-30
risk
ISO/IEC 27002
ISO/IEC 27005
29. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
Information Security Management
performance monitor
elcomsoft
ISO 17799
30. ISM Standard
administrative
CISO
Information Security Management
risk mitigation
31. Type of audit that checks that accounts - groups and roles are correctly assigned
COSO
privilege
usage
delayed
32. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
data owner
elcomsoft
risk catagories
Information Technology Infrastructure Library (ITIL)
33. Corporate governance at the strategic level
COSO
privilege
technical
port scanner
34. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
FMEA
john the ripper
vulnerability
strategic
35. The asset's value multiplied by the EF percentage - (SLE)
CobiT
physical
data owner
single loss expectancy
36. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
ISO/IEC 27799
protocol analyzer
mappers
COSO
37. CISO
FMEA
risk mitigation
chief information security officer
CISO
38. An instance of being exposed to losses from a threat
exposure
exposure factor
risk mitigation
ISO/IEC 27799
39. OCTAVE
port scanner
Operationally Critical Threat - Asset - and Vulnerability Evaluation
annualized loss expectancy
vulnerability
40. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
strategic
operational
qualitative
ISO/IEC 27005
41. Made up of ten domains - a mechanism to describe security processes
CISO
network mapping
FMEA
ISO 17799
42. Ensures managment security directives are fulfilled
vulnerability
security officer
FRAP
vulnerability
43. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
confidentiality
COSO
vulnerability
john the ripper
44. Type of audit that checks that network resources - systems and software are used appropriately
vulnerability
threat
FRAP
usage
45. Derived from the COSO framework
COSO
FMEA
annualized rate of occurrence
CobiT
46. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
network mapping
protocol analyzer
COSO
network mapping
47. The following tools (Nessus - Qualys - Retina) are ______________ scanners
vulnerability
CobiT
elcomsoft
security program
48. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
L0phtCrack
planning horizon
SP 800-30
security program
49. Ensures reliable timely access to data/resources to authorized individuals
annualized rate of occurrence
penetration
confidentiality
availability
50. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
strategic
BS7799
COSO
usage