Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Daily goals focused on productivity and task-oriented activities
FMEA
risk
operational
mappers

2. CISO
operational
chief information security officer
Information risk management
qualitative

3. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
ISO 17799
planning horizon
ISO/IEC 27005
risk anlysis

4. __________ loss has a negative effect after a vulnerability is initially exploited
delayed
risk analysis
risk
ISO 17799

5. Made up of ten domains - a mechanism to describe security processes
ISO 17799
vulnerability
Facilitated Risk Analysis Process
CobiT

6. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
CobiT
risk catagories
annualized loss expectancy
security officer

7. Used to ID failures in a complex systems to understand underlying causes of threats
security governanace
mappers
annualized rate of occurrence
fault tree analysis

8. The likelihood of exploitation and the loss potential
countermeasure
OCTAVE
risk
CISO

9. NIST risk management methodology
port scanner
SP 800-30
privilege
annualized rate of occurrence

10. OCTAVE
confidentiality
ISO/IEC 27001
Operationally Critical Threat - Asset - and Vulnerability Evaluation
physical

11. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
single loss expectancy
ISO/IEC 27005
chief information security officer
network mapping

12. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
IRM
AS/NZS 4360
ISO/IEC 27001
ISO/IEC 27004

13. The asset's value multiplied by the EF percentage - (SLE)
protocol analyzer
delayed
BS7799
single loss expectancy

14. Assurance of accurancy and reliability of information and systems
ISO/IEC 27005
integrity
fault tree analysis
administrative

15. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
FRAP
port scanner
ISO/IEC 27002
performance monitor

16. Potential danger to information or systems
threat
strategic
ISO 17799
vulnerability

17. FMEA
Information risk management
data owner
ISO 17799
Failure Modes and Effect Analysis

18. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
performance monitor
qualitative
fault tree analysis
BS7799

19. Type of audit that checks procedures and policies for escalating issues to management
network mapping
SP 800-30
escalation
due care

20. De facto standard of best practices for IT service mgmt
No events - Errors only - Errors and warnings - All events
privilege
FRAP
Information Technology Infrastructure Library (ITIL)

21. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
physical
CISO
ISO/IEC 27001
planning horizon

22. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
strategic
network mapping
Information risk management
physical

23. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
privilege
escalation
ISO/IEC 27002
L0phtCrack

24. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
AS/NZS 4360
COSO
ISO 17799
firewall

25. CSO
corporate security officer
CobiT
IRM
vulnerability

26. FRAP
exposure
blueprints
Facilitated Risk Analysis Process
BS7799

27. Number of time the incident might occur annually - (ARO)
ISO/IEC 27002
annualized rate of occurrence
Information Technology Infrastructure Library (ITIL)
physical

28. A log that can record outgoing requests - incoming traffic - and internet usage
firewall
CobiT
delayed
single loss expectancy

29. Controls that implement access control - password mangement - identification and authentication methods - configuration
qualitative
ISO 17799
technical
ISO/IEC 27005

30. Type of audit that checks information classification and change control procedures
risk catagories
CobiT
administrative
vulnerability

31. Focus on service level agreements between IT dept and internal customers
Operationally Critical Threat - Asset - and Vulnerability Evaluation
ITIL
risk
FRAP

32. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
AS/NZS 4360
escalation
vulnerability scanner
Facilitated Risk Analysis Process

33. Ensures reliable timely access to data/resources to authorized individuals
Failure Modes and Effect Analysis
availability
annualized loss expectancy
COSO

34. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
SP 800-30
security officer
technical
administrative

35. Responsible for communicating to senior mgmt organizational risks and compliance regulations
CISO
exposure
ITIL
Control Objectives for Information and related Technology

36. Midterm goals
planning horizon
tactical
risk analysis
OCTAVE

37. Strategic - tactical and operational planning
ISO 17799
CobiT
planning horizon
ISO/IEC 27001

38. IT governance at the operational level
vulnerability
SP 800-30
CobiT
annualized loss expectancy

39. The following tools (Nessus - Qualys - Retina) are ______________ scanners
vulnerability
due care
performance monitor
privilege

40. Ensures necessary level of secrecy and prevents unauthorized disclosure
firewall
confidentiality
COSO
CobiT

41. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
risk catagories
integrity
performance monitor
network mapping

42. Possiblity of damage and the ramifications should it occur
operational
vulnerability
protocol analyzer
risk

43. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
CobiT
risk
L0phtCrack
BS7799

44. COSO
ISO/IEC 27004
Committee of Sponsoring Organizations
firewall
COSO

45. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
FMEA
administrative
L0phtCrack
corporate security officer

46. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
penetration
john the ripper
ISO/IEC 27799
ISO 17799

47. Information security managment measurements
ISO/IEC 27004
security program
Control Objectives for Information and related Technology
risk mitigation

48. Event levels available for logging in a MS DNS server
risk
protocol analyzer
Information risk management
No events - Errors only - Errors and warnings - All events

49. Derived from the COSO framework
privilege
CobiT
integrity
vulnerability

50. Risk mgmt method with much broader focus than IT security
exposure factor
technical
AS/NZS 4360
COSO