SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Ensures managment security directives are fulfilled
CISO
mappers
security officer
integrity
2. Expected or predetermined performance level - developed from policy - performance - requirements
annualized loss expectancy
due care
performance baseline
FMEA
3. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
Control Objectives for Information and related Technology
ISO 17799
exposure
CISO
4. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
Information Security Management
CISO
ISO 17799
COSO
5. Daily goals focused on productivity and task-oriented activities
operational
exposure factor
annualized loss expectancy
countermeasure
6. COSO
ISO/IEC 27005
Failure Modes and Effect Analysis
Committee of Sponsoring Organizations
corporate security officer
7. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
due care
COSO
network mapping
CobiT
8. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
Facilitated Risk Analysis Process
penetration
Control Objectives for Information and related Technology
physical
9. Percentage of an asset's value that would be lost in a single incident - (EF)
exposure factor
usage
OVAL
CISO
10. Type of audit that checks procedures and policies for escalating issues to management
escalation
Committee of Sponsoring Organizations
CISO
BS7799
11. Type of audit that checks that accounts - groups and roles are correctly assigned
risk analysis
privilege
tactical
L0phtCrack
12. Midterm goals
tactical
SP 800-30
strategic
operational
13. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
ISO/IEC 27002
CISO
ISO 17799
risk
14. Controls that implement access control - password mangement - identification and authentication methods - configuration
protocol analyzer
risk catagories
Information Security Management
technical
15. Used to ID failures in a complex systems to understand underlying causes of threats
operational
risk catagories
fault tree analysis
security officer
16. Collection of controls an organization must have in place
security governanace
Committee of Sponsoring Organizations
ISO/IEC 27799
security program
17. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
ISO/IEC 27002
risk catagories
john the ripper
FMEA
18. OCTAVE
Operationally Critical Threat - Asset - and Vulnerability Evaluation
COSO
single loss expectancy
Information risk management
19. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
tactical
ISO/IEC 27002
fault tree analysis
john the ripper
20. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
port scanner
network mapping
data owner
firewall
21. An instance of being exposed to losses from a threat
Information risk management
FRAP
exposure
administrative
22. Responsible for communicating to senior mgmt organizational risks and compliance regulations
port scanner
vulnerability
CISO
risk anlysis
23. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
Control Objectives for Information and related Technology
blueprints
port scanner
IRM
24. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
confidentiality
FMEA
No events - Errors only - Errors and warnings - All events
Information Technology Infrastructure Library (ITIL)
25. Type of audit that checks that network resources - systems and software are used appropriately
usage
availability
risk anlysis
FMEA
26. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
risk
ISO 17799
FRAP
risk
27. CSO
corporate security officer
ISO/IEC 27005
single loss expectancy
risk mitigation
28. Tools to ID - develop - and design security requirements for business needs
Information Security Management
OCTAVE
annualized loss expectancy
blueprints
29. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
performance monitor
risk analysis
Information Technology Infrastructure Library (ITIL)
vulnerability scanner
30. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
network mapping
elcomsoft
risk analysis
mappers
31. CobiT
strategic
COSO
Control Objectives for Information and related Technology
exposure factor
32. Made up of ten domains - a mechanism to describe security processes
technical
ISO 17799
ISO/IEC 27005
performance monitor
33. Possiblity of damage and the ramifications should it occur
Committee of Sponsoring Organizations
risk
SP 800-30
countermeasure
34. Ensures necessary level of secrecy and prevents unauthorized disclosure
security program
confidentiality
strategic
qualitative
35. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
CobiT
firewall
strategic
integrity
36. FMEA
Information risk management
penetration
Failure Modes and Effect Analysis
qualitative
37. NIST risk management methodology
SP 800-30
annualized loss expectancy
security officer
ISO/IEC 27004
38. CISO
data owner
chief information security officer
exposure factor
security governanace
39. A log that can record outgoing requests - incoming traffic - and internet usage
L0phtCrack
firewall
performance baseline
due care
40. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
ISO/IEC 27002
elcomsoft
ISO 17799
blueprints
41. Responsible for information classification and protection
firewall
vulnerability
data owner
john the ripper
42. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
privilege
Committee of Sponsoring Organizations
data owner
performance monitor
43. Guide to illustrate how to protect personal health information
ISO/IEC 27001
Operationally Critical Threat - Asset - and Vulnerability Evaluation
ISO/IEC 27799
Information risk management
44. Provides a cost/benefit comparision
threat
Information Security Management
protocol analyzer
risk analysis
45. FRAP
Facilitated Risk Analysis Process
COSO
vulnerability
Failure Modes and Effect Analysis
46. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
SP 800-30
ISO/IEC 27005
escalation
COSO
47. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
planning horizon
usage
BS7799
administrative
48. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
L0phtCrack
vulnerability
SP 800-30
fault tree analysis
49. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
ISO/IEC 27005
escalation
data owner
port scanner
50. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
risk mitigation
CISO
performance baseline
exposure factor