SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
port scanner
exposure factor
elcomsoft
CobiT
2. Derived from the COSO framework
annualized rate of occurrence
technical
CobiT
annualized loss expectancy
3. Responsible for information classification and protection
elcomsoft
security program
planning horizon
data owner
4. Type of audit that checks that accounts - groups and roles are correctly assigned
OVAL
privilege
Information Security Management
security governanace
5. COSO
vulnerability
Facilitated Risk Analysis Process
Committee of Sponsoring Organizations
ISO/IEC 27002
6. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
CobiT
CISO
risk anlysis
technical
7. Made up of ten domains - a mechanism to describe security processes
CobiT
Information Technology Infrastructure Library (ITIL)
ISO 17799
single loss expectancy
8. Event levels available for logging in a MS DNS server
planning horizon
countermeasure
No events - Errors only - Errors and warnings - All events
risk analysis
9. Percentage of an asset's value that would be lost in a single incident - (EF)
ITIL
exposure factor
operational
FRAP
10. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
CISO
ISO 17799
threat
Facilitated Risk Analysis Process
11. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
ISO/IEC 27001
COSO
integrity
network mapping
12. The likelihood of exploitation and the loss potential
risk
penetration
network mapping
Control Objectives for Information and related Technology
13. Number of time the incident might occur annually - (ARO)
corporate security officer
performance baseline
L0phtCrack
annualized rate of occurrence
14. Type of audit that checks that network resources - systems and software are used appropriately
usage
risk anlysis
COSO
Failure Modes and Effect Analysis
15. Ensures managment security directives are fulfilled
security officer
CobiT
tactical
protocol analyzer
16. Information security managment measurements
BS7799
CISO
CobiT
ISO/IEC 27004
17. Daily goals focused on productivity and task-oriented activities
No events - Errors only - Errors and warnings - All events
risk catagories
operational
Failure Modes and Effect Analysis
18. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
OCTAVE
protocol analyzer
performance monitor
Information Security Management
19. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
penetration
qualitative
vulnerability
chief information security officer
20. The following tools (Nessus - Qualys - Retina) are ______________ scanners
threat
vulnerability
usage
Facilitated Risk Analysis Process
21. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
vulnerability
risk anlysis
vulnerability scanner
COSO
22. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
risk analysis
data owner
confidentiality
FMEA
23. SLE x ARO - (ALE)
risk analysis
annualized loss expectancy
network mapping
security program
24. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
performance monitor
security program
risk anlysis
technical
25. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
annualized loss expectancy
administrative
Facilitated Risk Analysis Process
FRAP
26. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
L0phtCrack
administrative
countermeasure
COSO
27. ISM Standard
usage
vulnerability scanner
Information Technology Infrastructure Library (ITIL)
Information Security Management
28. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
Committee of Sponsoring Organizations
AS/NZS 4360
risk analysis
administrative
29. CISO
SP 800-30
COSO
operational
chief information security officer
30. Type of audit that checks information classification and change control procedures
network mapping
administrative
OVAL
delayed
31. CSO
strategic
CISO
risk mitigation
corporate security officer
32. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
FMEA
delayed
CobiT
elcomsoft
33. An open language from mitre.org for determining vulnerabilities and problems on computer systems
OVAL
CISO
strategic
data owner
34. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
protocol analyzer
CISO
network mapping
security governanace
35. The tools - personnel and business processes necessary to ensure that security meets needs
Facilitated Risk Analysis Process
BS7799
exposure factor
security governanace
36. IT governance at the operational level
countermeasure
exposure factor
CobiT
performance baseline
37. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
mappers
blueprints
elcomsoft
Facilitated Risk Analysis Process
38. The asset's value multiplied by the EF percentage - (SLE)
single loss expectancy
elcomsoft
administrative
integrity
39. FMEA
FMEA
Failure Modes and Effect Analysis
CISO
qualitative
40. Guide assist in the implemenation of information security based on risk managent approach
qualitative
vulnerability scanner
ISO/IEC 27005
CISO
41. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
COSO
ISO/IEC 27002
CISO
integrity
42. A weakness (software - hardware - procedural - human) that can be exploited
vulnerability
exposure
Information Security Management
elcomsoft
43. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
vulnerability
operational
ISO 17799
IRM
44. Ensures necessary level of secrecy and prevents unauthorized disclosure
confidentiality
OCTAVE
administrative
OVAL
45. FRAP
ISO/IEC 27005
No events - Errors only - Errors and warnings - All events
Facilitated Risk Analysis Process
exposure
46. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
annualized rate of occurrence
IRM
Information risk management
security program
47. OCTAVE
privilege
Operationally Critical Threat - Asset - and Vulnerability Evaluation
network mapping
exposure
48. Responsible for communicating to senior mgmt organizational risks and compliance regulations
single loss expectancy
CISO
network mapping
COSO
49. Expected or predetermined performance level - developed from policy - performance - requirements
COSO
delayed
integrity
performance baseline
50. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
protocol analyzer
due care
ISO/IEC 27001
administrative