SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Strategic - tactical and operational planning
usage
Committee of Sponsoring Organizations
fault tree analysis
planning horizon
2. Possiblity of damage and the ramifications should it occur
COSO
risk
risk catagories
confidentiality
3. SLE x ARO - (ALE)
physical
CobiT
annualized loss expectancy
OCTAVE
4. The asset's value multiplied by the EF percentage - (SLE)
CobiT
single loss expectancy
security officer
Information Security Management
5. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
john the ripper
delayed
tactical
confidentiality
6. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
risk
port scanner
risk analysis
Failure Modes and Effect Analysis
7. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
ISO 17799
data owner
FRAP
risk anlysis
8. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
vulnerability scanner
availability
port scanner
exposure
9. NIST risk management methodology
network mapping
SP 800-30
Failure Modes and Effect Analysis
Operationally Critical Threat - Asset - and Vulnerability Evaluation
10. A weakness (software - hardware - procedural - human) that can be exploited
No events - Errors only - Errors and warnings - All events
operational
vulnerability
exposure
11. Type of audit that checks information classification and change control procedures
No events - Errors only - Errors and warnings - All events
ISO/IEC 27799
risk analysis
administrative
12. __________ loss has a negative effect after a vulnerability is initially exploited
risk analysis
delayed
performance monitor
firewall
13. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
security program
IRM
ISO/IEC 27799
exposure
14. CISO
strategic
exposure factor
chief information security officer
CobiT
15. Made up of ten domains - a mechanism to describe security processes
delayed
risk
ISO 17799
COSO
16. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
penetration
annualized loss expectancy
FRAP
ISO 17799
17. Risk mgmt method with much broader focus than IT security
privilege
Committee of Sponsoring Organizations
AS/NZS 4360
exposure
18. The tools - personnel and business processes necessary to ensure that security meets needs
confidentiality
security governanace
COSO
OVAL
19. Controls that implement access control - password mangement - identification and authentication methods - configuration
fault tree analysis
technical
vulnerability scanner
ISO 17799
20. FRAP
qualitative
countermeasure
FRAP
Facilitated Risk Analysis Process
21. Ensures managment security directives are fulfilled
security officer
ISO 17799
Committee of Sponsoring Organizations
countermeasure
22. An open language from mitre.org for determining vulnerabilities and problems on computer systems
No events - Errors only - Errors and warnings - All events
OVAL
protocol analyzer
ISO/IEC 27005
23. Tools to ID - develop - and design security requirements for business needs
risk analysis
Operationally Critical Threat - Asset - and Vulnerability Evaluation
confidentiality
blueprints
24. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
CobiT
confidentiality
qualitative
CobiT
25. Daily goals focused on productivity and task-oriented activities
CISO
BS7799
operational
ISO 17799
26. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
operational
elcomsoft
security governanace
integrity
27. Ensures necessary level of secrecy and prevents unauthorized disclosure
administrative
ITIL
confidentiality
integrity
28. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
performance baseline
risk catagories
vulnerability scanner
port scanner
29. Guide to illustrate how to protect personal health information
integrity
exposure factor
ISO/IEC 27799
firewall
30. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
corporate security officer
risk analysis
COSO
penetration
31. CSO
CISO
corporate security officer
SP 800-30
CobiT
32. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
usage
Information Technology Infrastructure Library (ITIL)
network mapping
CISO
33. ISM Standard
BS7799
vulnerability scanner
Information Security Management
port scanner
34. Used to ID failures in a complex systems to understand underlying causes of threats
fault tree analysis
Operationally Critical Threat - Asset - and Vulnerability Evaluation
exposure
confidentiality
35. Type of audit that checks procedures and policies for escalating issues to management
Information Technology Infrastructure Library (ITIL)
administrative
ISO/IEC 27002
escalation
36. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
CISO
IRM
CobiT
BS7799
37. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
risk
physical
vulnerability scanner
vulnerability
38. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
performance baseline
CobiT
due care
countermeasure
39. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
ISO/IEC 27005
risk catagories
Committee of Sponsoring Organizations
vulnerability
40. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
Information Security Management
protocol analyzer
administrative
Failure Modes and Effect Analysis
41. IRM
COSO
Information risk management
Information Security Management
tactical
42. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
IRM
strategic
performance baseline
vulnerability scanner
43. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
CobiT
qualitative
CISO
planning horizon
44. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
COSO
network mapping
CISO
risk mitigation
45. Expected or predetermined performance level - developed from policy - performance - requirements
vulnerability
performance baseline
risk analysis
CobiT
46. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
risk catagories
fault tree analysis
planning horizon
L0phtCrack
47. Information security managment measurements
annualized loss expectancy
ISO/IEC 27004
Failure Modes and Effect Analysis
escalation
48. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
administrative
Committee of Sponsoring Organizations
exposure factor
countermeasure
49. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
security governanace
COSO
Committee of Sponsoring Organizations
ISO 17799
50. Number of time the incident might occur annually - (ARO)
availability
annualized rate of occurrence
vulnerability
CobiT