Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
security officer
Facilitated Risk Analysis Process
CISO
elcomsoft

2. Collection of controls an organization must have in place
ITIL
technical
countermeasure
security program

3. NIST risk management methodology
corporate security officer
SP 800-30
COSO
annualized rate of occurrence

4. Possiblity of damage and the ramifications should it occur
risk
threat
strategic
administrative

5. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
blueprints
CobiT
qualitative
network mapping

6. IT governance at the operational level
fault tree analysis
CobiT
ISO 17799
Control Objectives for Information and related Technology

7. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
FMEA
physical
FMEA
vulnerability scanner

8. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
network mapping
qualitative
technical
data owner

9. Responsible for communicating to senior mgmt organizational risks and compliance regulations
due care
vulnerability scanner
security officer
CISO

10. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
security program
FMEA
protocol analyzer
FMEA

11. Used to ID failures in a complex systems to understand underlying causes of threats
Information Technology Infrastructure Library (ITIL)
confidentiality
fault tree analysis
ISO/IEC 27002

12. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
CobiT
mappers
penetration
Control Objectives for Information and related Technology

13. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
SP 800-30
CobiT
confidentiality
CISO

14. Information security managment measurements
ISO/IEC 27004
escalation
qualitative
security officer

15. Midterm goals
tactical
technical
network mapping
CISO

16. De facto standard of best practices for IT service mgmt
IRM
Information Technology Infrastructure Library (ITIL)
administrative
Committee of Sponsoring Organizations

17. Risk mgmt method with much broader focus than IT security
usage
AS/NZS 4360
escalation
ISO 17799

18. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
risk anlysis
risk catagories
due care
fault tree analysis

19. Focus on service level agreements between IT dept and internal customers
risk
OVAL
ITIL
COSO

20. Derived from the COSO framework
physical
Facilitated Risk Analysis Process
firewall
CobiT

21. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
risk mitigation
annualized loss expectancy
risk analysis
countermeasure

22. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
security program
blueprints
mappers
ISO/IEC 27002

23. Type of audit that checks that network resources - systems and software are used appropriately
usage
CobiT
security governanace
FMEA

24. Tools to ID - develop - and design security requirements for business needs
blueprints
security governanace
fault tree analysis
Failure Modes and Effect Analysis

25. Made up of ten domains - a mechanism to describe security processes
security governanace
usage
ISO 17799
L0phtCrack

26. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
COSO
integrity
annualized loss expectancy
fault tree analysis

27. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
ISO/IEC 27004
mappers
FRAP
operational

28. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
network mapping
security program
risk analysis
Facilitated Risk Analysis Process

29. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
due care
port scanner
countermeasure
ISO/IEC 27002

30. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
OVAL
firewall
CISO
risk analysis

31. Expected or predetermined performance level - developed from policy - performance - requirements
exposure factor
exposure
performance monitor
performance baseline

32. The tools - personnel and business processes necessary to ensure that security meets needs
security program
AS/NZS 4360
qualitative
security governanace

33. Controls that implement access control - password mangement - identification and authentication methods - configuration
threat
technical
protocol analyzer
risk mitigation

34. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
mappers
AS/NZS 4360
ISO 17799
due care

35. Guide to illustrate how to protect personal health information
IRM
risk analysis
corporate security officer
ISO/IEC 27799

36. ISM Standard
FMEA
Information Security Management
qualitative
security program

37. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
due care
security governanace
port scanner
IRM

38. CobiT
planning horizon
No events - Errors only - Errors and warnings - All events
COSO
Control Objectives for Information and related Technology

39. Responsible for information classification and protection
network mapping
FMEA
privilege
data owner

40. A log that can record outgoing requests - incoming traffic - and internet usage
elcomsoft
administrative
firewall
operational

41. FRAP
Facilitated Risk Analysis Process
confidentiality
risk
network mapping

42. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
network mapping
data owner
No events - Errors only - Errors and warnings - All events
CobiT

43. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
CISO
CobiT
network mapping
risk anlysis

44. The likelihood of exploitation and the loss potential
risk catagories
ITIL
risk
ISO 17799

45. The following tools (Nessus - Qualys - Retina) are ______________ scanners
elcomsoft
integrity
penetration
vulnerability

46. Mitigates a potential risk
countermeasure
security program
OVAL
security governanace

47. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
strategic
network mapping
countermeasure
chief information security officer

48. Type of audit that checks procedures and policies for escalating issues to management
COSO
vulnerability
L0phtCrack
escalation

49. IRM
vulnerability scanner
single loss expectancy
Information risk management
CobiT

50. An instance of being exposed to losses from a threat
exposure
Information risk management
threat
due care