SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Type of audit that checks procedures and policies for escalating issues to management
strategic
CobiT
escalation
firewall
2. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
tactical
risk
Control Objectives for Information and related Technology
ISO/IEC 27001
3. Type of audit that checks information classification and change control procedures
ISO/IEC 27005
mappers
integrity
administrative
4. Mitigates a potential risk
data owner
countermeasure
Operationally Critical Threat - Asset - and Vulnerability Evaluation
risk analysis
5. Ensures managment security directives are fulfilled
OVAL
elcomsoft
Operationally Critical Threat - Asset - and Vulnerability Evaluation
security officer
6. COSO
ISO 17799
No events - Errors only - Errors and warnings - All events
Committee of Sponsoring Organizations
availability
7. NIST risk management methodology
confidentiality
security program
SP 800-30
risk analysis
8. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
privilege
vulnerability
due care
ISO 17799
9. IRM
CISO
AS/NZS 4360
Information risk management
Failure Modes and Effect Analysis
10. Derived from the COSO framework
penetration
CobiT
FMEA
corporate security officer
11. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
administrative
L0phtCrack
threat
vulnerability
12. Made up of ten domains - a mechanism to describe security processes
network mapping
availability
ISO 17799
operational
13. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
Operationally Critical Threat - Asset - and Vulnerability Evaluation
availability
risk analysis
IRM
14. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
CobiT
fault tree analysis
qualitative
john the ripper
15. OCTAVE
data owner
Operationally Critical Threat - Asset - and Vulnerability Evaluation
corporate security officer
COSO
16. Potential danger to information or systems
threat
ISO 17799
Committee of Sponsoring Organizations
BS7799
17. Type of audit that checks that accounts - groups and roles are correctly assigned
risk analysis
threat
privilege
security program
18. Controls that implement access control - password mangement - identification and authentication methods - configuration
BS7799
OCTAVE
technical
COSO
19. Collection of controls an organization must have in place
planning horizon
performance monitor
security program
security governanace
20. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
tactical
usage
CobiT
risk anlysis
21. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
elcomsoft
operational
ISO/IEC 27005
firewall
22. Strategic - tactical and operational planning
planning horizon
network mapping
CISO
qualitative
23. Provides a cost/benefit comparision
vulnerability
qualitative
risk analysis
mappers
24. Responsible for communicating to senior mgmt organizational risks and compliance regulations
CISO
escalation
network mapping
operational
25. A weakness (software - hardware - procedural - human) that can be exploited
threat
vulnerability
Information Security Management
CobiT
26. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
risk
CISO
vulnerability
FMEA
27. Information security managment measurements
risk
vulnerability
ISO/IEC 27002
ISO/IEC 27004
28. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
security governanace
OCTAVE
strategic
network mapping
29. Responsible for information classification and protection
data owner
ISO/IEC 27005
annualized loss expectancy
exposure
30. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
CobiT
network mapping
BS7799
john the ripper
31. Possiblity of damage and the ramifications should it occur
CobiT
corporate security officer
network mapping
risk
32. FRAP
administrative
No events - Errors only - Errors and warnings - All events
firewall
Facilitated Risk Analysis Process
33. Focus on service level agreements between IT dept and internal customers
ITIL
countermeasure
vulnerability scanner
CobiT
34. Ensures reliable timely access to data/resources to authorized individuals
port scanner
availability
network mapping
single loss expectancy
35. Ensures necessary level of secrecy and prevents unauthorized disclosure
BS7799
confidentiality
vulnerability
FMEA
36. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
CobiT
physical
performance monitor
exposure
37. Corporate governance at the strategic level
COSO
due care
CobiT
network mapping
38. An open language from mitre.org for determining vulnerabilities and problems on computer systems
network mapping
CobiT
OVAL
delayed
39. Daily goals focused on productivity and task-oriented activities
fault tree analysis
port scanner
operational
CISO
40. Number of time the incident might occur annually - (ARO)
annualized loss expectancy
Information risk management
exposure
annualized rate of occurrence
41. Tools to ID - develop - and design security requirements for business needs
threat
CISO
CobiT
blueprints
42. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
vulnerability scanner
ITIL
AS/NZS 4360
CobiT
43. FMEA
performance monitor
Failure Modes and Effect Analysis
network mapping
planning horizon
44. Assurance of accurancy and reliability of information and systems
integrity
data owner
No events - Errors only - Errors and warnings - All events
escalation
45. CSO
corporate security officer
COSO
network mapping
risk anlysis
46. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
risk analysis
risk anlysis
FMEA
delayed
47. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
BS7799
administrative
chief information security officer
vulnerability scanner
48. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
Information Technology Infrastructure Library (ITIL)
CobiT
ISO/IEC 27002
administrative
49. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
BS7799
strategic
Failure Modes and Effect Analysis
corporate security officer
50. Risk mgmt method with much broader focus than IT security
ISO/IEC 27004
security officer
ISO 17799
AS/NZS 4360
