Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. IT governance at the operational level
mappers
ISO/IEC 27799
CobiT
ITIL

2. Ensures managment security directives are fulfilled
security officer
blueprints
FMEA
ISO 17799

3. __________ loss has a negative effect after a vulnerability is initially exploited
Information Technology Infrastructure Library (ITIL)
delayed
risk anlysis
risk analysis

4. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
L0phtCrack
ISO 17799
Control Objectives for Information and related Technology
FMEA

5. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
technical
COSO
vulnerability
CISO

6. Strategic - tactical and operational planning
planning horizon
tactical
exposure
risk

7. ISM Standard
vulnerability scanner
usage
vulnerability
Information Security Management

8. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
ISO 17799
risk catagories
countermeasure
due care

9. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond
CobiT
operational
chief information security officer
COSO

10. Information security managment measurements
ISO/IEC 27001
FMEA
ISO/IEC 27004
security officer

11. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
risk analysis
FRAP
integrity
delayed

12. Focus on service level agreements between IT dept and internal customers
privilege
physical
ITIL
Information Security Management

13. Provides a cost/benefit comparision
risk analysis
OCTAVE
Failure Modes and Effect Analysis
port scanner

14. Responsible for information classification and protection
single loss expectancy
risk analysis
risk
data owner

15. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
vulnerability scanner
CobiT
CobiT
ISO/IEC 27001

16. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
port scanner
Control Objectives for Information and related Technology
Facilitated Risk Analysis Process
ISO 17799

17. Tools to ID - develop - and design security requirements for business needs
risk analysis
annualized rate of occurrence
blueprints
operational

18. OCTAVE
ISO/IEC 27799
BS7799
CISO
Operationally Critical Threat - Asset - and Vulnerability Evaluation

19. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
SP 800-30
security governanace
COSO
network mapping

20. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
security program
BS7799
security governanace
CobiT

21. CSO
security governanace
security program
FMEA
corporate security officer

22. Derived from the COSO framework
OCTAVE
CISO
CobiT
corporate security officer

23. The following tools (Nessus - Qualys - Retina) are ______________ scanners
CobiT
security officer
vulnerability
physical

24. Guide to illustrate how to protect personal health information
ISO/IEC 27799
ISO/IEC 27004
fault tree analysis
due care

25. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
qualitative
fault tree analysis
ITIL
data owner

26. A log that can record outgoing requests - incoming traffic - and internet usage
administrative
firewall
ISO/IEC 27002
FRAP

27. A weakness (software - hardware - procedural - human) that can be exploited
network mapping
exposure factor
AS/NZS 4360
vulnerability

28. Expected or predetermined performance level - developed from policy - performance - requirements
performance baseline
planning horizon
confidentiality
OVAL

29. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
risk anlysis
planning horizon
Information Security Management
due care

30. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
tactical
ISO 17799
No events - Errors only - Errors and warnings - All events
OCTAVE

31. Responsible for communicating to senior mgmt organizational risks and compliance regulations
CISO
security officer
physical
single loss expectancy

32. Mitigates a potential risk
countermeasure
integrity
corporate security officer
performance monitor

33. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
FMEA
security program
operational
IRM

34. Percentage of an asset's value that would be lost in a single incident - (EF)
exposure factor
tactical
ISO/IEC 27002
COSO

35. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
ISO/IEC 27002
Committee of Sponsoring Organizations
john the ripper
threat

36. COSO
FRAP
strategic
corporate security officer
Committee of Sponsoring Organizations

37. Ensures reliable timely access to data/resources to authorized individuals
availability
OCTAVE
administrative
AS/NZS 4360

38. NIST risk management methodology
vulnerability
Failure Modes and Effect Analysis
fault tree analysis
SP 800-30

39. Type of audit that checks that network resources - systems and software are used appropriately
COSO
IRM
CISO
usage

40. Number of time the incident might occur annually - (ARO)
performance baseline
BS7799
ISO/IEC 27005
annualized rate of occurrence

41. Collection of controls an organization must have in place
strategic
risk anlysis
OVAL
security program

42. FMEA
Failure Modes and Effect Analysis
annualized rate of occurrence
COSO
confidentiality

43. Corporate governance at the strategic level
COSO
Facilitated Risk Analysis Process
escalation
CISO

44. Risk mgmt method with much broader focus than IT security
Committee of Sponsoring Organizations
risk
Operationally Critical Threat - Asset - and Vulnerability Evaluation
AS/NZS 4360

45. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
Failure Modes and Effect Analysis
physical
CISO
privilege

46. IRM
usage
Information risk management
security governanace
OVAL

47. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
ISO/IEC 27002
Facilitated Risk Analysis Process
security governanace
security program

48. SLE x ARO - (ALE)
fault tree analysis
CISO
tactical
annualized loss expectancy

49. The likelihood of exploitation and the loss potential
CISO
risk analysis
risk
privilege

50. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
CobiT
annualized rate of occurrence
security officer
performance monitor