SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Number of time the incident might occur annually - (ARO)
physical
Facilitated Risk Analysis Process
performance baseline
annualized rate of occurrence
2. Daily goals focused on productivity and task-oriented activities
network mapping
operational
performance monitor
Information Technology Infrastructure Library (ITIL)
3. SLE x ARO - (ALE)
annualized loss expectancy
penetration
COSO
ITIL
4. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
FMEA
risk mitigation
technical
integrity
5. NIST risk management methodology
SP 800-30
operational
confidentiality
FMEA
6. Midterm goals
security program
delayed
annualized loss expectancy
tactical
7. Expected or predetermined performance level - developed from policy - performance - requirements
COSO
performance baseline
planning horizon
ISO 17799
8. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
countermeasure
ISO 17799
FMEA
qualitative
9. IT governance at the operational level
ITIL
integrity
No events - Errors only - Errors and warnings - All events
CobiT
10. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
vulnerability
performance monitor
corporate security officer
exposure
11. Used to ID failures in a complex systems to understand underlying causes of threats
availability
fault tree analysis
mappers
chief information security officer
12. Derived from the COSO framework
network mapping
single loss expectancy
elcomsoft
CobiT
13. An instance of being exposed to losses from a threat
Information risk management
FRAP
FMEA
exposure
14. Focus on service level agreements between IT dept and internal customers
performance baseline
COSO
COSO
ITIL
15. CISO
operational
availability
chief information security officer
john the ripper
16. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
ITIL
due care
FMEA
physical
17. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond
COSO
ITIL
protocol analyzer
exposure
18. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
FRAP
BS7799
protocol analyzer
strategic
19. IRM
ISO/IEC 27002
ISO/IEC 27004
risk anlysis
Information risk management
20. FMEA
FMEA
john the ripper
Failure Modes and Effect Analysis
planning horizon
21. Collection of controls an organization must have in place
security program
Control Objectives for Information and related Technology
privilege
firewall
22. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
vulnerability scanner
risk mitigation
ISO/IEC 27002
ISO/IEC 27005
23. A log that can record outgoing requests - incoming traffic - and internet usage
ISO/IEC 27002
firewall
BS7799
ISO 17799
24. Event levels available for logging in a MS DNS server
AS/NZS 4360
threat
No events - Errors only - Errors and warnings - All events
IRM
25. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
due care
AS/NZS 4360
risk analysis
SP 800-30
26. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
strategic
ISO 17799
risk catagories
due care
27. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
single loss expectancy
network mapping
risk anlysis
blueprints
28. De facto standard of best practices for IT service mgmt
Information Technology Infrastructure Library (ITIL)
CobiT
due care
Information Security Management
29. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
ISO/IEC 27002
COSO
chief information security officer
mappers
30. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
physical
Operationally Critical Threat - Asset - and Vulnerability Evaluation
Control Objectives for Information and related Technology
john the ripper
31. Responsible for communicating to senior mgmt organizational risks and compliance regulations
fault tree analysis
physical
CISO
FMEA
32. Ensures necessary level of secrecy and prevents unauthorized disclosure
IRM
Facilitated Risk Analysis Process
chief information security officer
confidentiality
33. Assurance of accurancy and reliability of information and systems
vulnerability scanner
threat
FMEA
integrity
34. OCTAVE
Operationally Critical Threat - Asset - and Vulnerability Evaluation
Information Security Management
ISO/IEC 27005
L0phtCrack
35. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
network mapping
penetration
Failure Modes and Effect Analysis
SP 800-30
36. Type of audit that checks procedures and policies for escalating issues to management
L0phtCrack
administrative
confidentiality
escalation
37. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
single loss expectancy
IRM
protocol analyzer
CISO
38. Information security managment measurements
OVAL
SP 800-30
ISO/IEC 27004
FMEA
39. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
elcomsoft
FMEA
single loss expectancy
administrative
40. CobiT
Control Objectives for Information and related Technology
risk mitigation
CobiT
operational
41. Responsible for information classification and protection
Information Security Management
FMEA
data owner
elcomsoft
42. FRAP
CISO
Facilitated Risk Analysis Process
security program
privilege
43. The tools - personnel and business processes necessary to ensure that security meets needs
FMEA
COSO
Information Security Management
security governanace
44. Type of audit that checks that accounts - groups and roles are correctly assigned
ITIL
privilege
risk catagories
Facilitated Risk Analysis Process
45. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
technical
tactical
CISO
privilege
46. Corporate governance at the strategic level
COSO
OCTAVE
risk
risk mitigation
47. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
due care
CobiT
Facilitated Risk Analysis Process
annualized rate of occurrence
48. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
Failure Modes and Effect Analysis
performance baseline
ISO/IEC 27001
delayed
49. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
ISO/IEC 27001
strategic
COSO
BS7799
50. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
port scanner
security program
OCTAVE
ITIL