SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Midterm goals
corporate security officer
tactical
AS/NZS 4360
Facilitated Risk Analysis Process
2. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
CobiT
BS7799
ISO/IEC 27799
performance monitor
3. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
risk analysis
Facilitated Risk Analysis Process
security governanace
AS/NZS 4360
4. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
mappers
Committee of Sponsoring Organizations
risk
CobiT
5. Possiblity of damage and the ramifications should it occur
administrative
ITIL
risk
availability
6. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
blueprints
FMEA
risk mitigation
security program
7. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
ISO/IEC 27799
Facilitated Risk Analysis Process
ISO/IEC 27005
vulnerability
8. CISO
Control Objectives for Information and related Technology
vulnerability
FRAP
chief information security officer
9. Used to ID failures in a complex systems to understand underlying causes of threats
fault tree analysis
risk
usage
security program
10. Assurance of accurancy and reliability of information and systems
ISO/IEC 27799
integrity
performance monitor
FRAP
11. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
ISO 17799
Control Objectives for Information and related Technology
port scanner
Information Technology Infrastructure Library (ITIL)
12. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
physical
ISO/IEC 27005
penetration
risk anlysis
13. Derived from the COSO framework
data owner
CobiT
administrative
AS/NZS 4360
14. Controls that implement access control - password mangement - identification and authentication methods - configuration
network mapping
technical
Committee of Sponsoring Organizations
strategic
15. FRAP
risk
Facilitated Risk Analysis Process
threat
exposure factor
16. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
security program
usage
network mapping
security officer
17. Event levels available for logging in a MS DNS server
Control Objectives for Information and related Technology
FMEA
fault tree analysis
No events - Errors only - Errors and warnings - All events
18. Made up of ten domains - a mechanism to describe security processes
data owner
ISO 17799
Information risk management
countermeasure
19. Ensures managment security directives are fulfilled
exposure
security officer
Operationally Critical Threat - Asset - and Vulnerability Evaluation
single loss expectancy
20. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
annualized rate of occurrence
fault tree analysis
CobiT
OVAL
21. Provides a cost/benefit comparision
fault tree analysis
usage
exposure
risk analysis
22. Responsible for information classification and protection
COSO
ISO/IEC 27004
chief information security officer
data owner
23. Expected or predetermined performance level - developed from policy - performance - requirements
risk
risk catagories
performance baseline
vulnerability
24. Focus on service level agreements between IT dept and internal customers
Operationally Critical Threat - Asset - and Vulnerability Evaluation
ITIL
performance monitor
operational
25. The following tools (Nessus - Qualys - Retina) are ______________ scanners
vulnerability
network mapping
security program
planning horizon
26. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
L0phtCrack
risk mitigation
protocol analyzer
OCTAVE
27. Type of audit that checks that network resources - systems and software are used appropriately
firewall
security program
usage
Failure Modes and Effect Analysis
28. A log that can record outgoing requests - incoming traffic - and internet usage
threat
ISO/IEC 27001
risk
firewall
29. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
single loss expectancy
FMEA
network mapping
escalation
30. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
Facilitated Risk Analysis Process
COSO
countermeasure
john the ripper
31. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
FMEA
CobiT
availability
OCTAVE
32. Ensures reliable timely access to data/resources to authorized individuals
confidentiality
protocol analyzer
availability
qualitative
33. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
blueprints
due care
ISO/IEC 27002
ISO/IEC 27799
34. FMEA
OCTAVE
Failure Modes and Effect Analysis
risk analysis
network mapping
35. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
CobiT
availability
administrative
Information Technology Infrastructure Library (ITIL)
36. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
administrative
CobiT
planning horizon
strategic
37. OCTAVE
delayed
Operationally Critical Threat - Asset - and Vulnerability Evaluation
qualitative
Information Security Management
38. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
FMEA
ISO/IEC 27002
COSO
CobiT
39. Ensures necessary level of secrecy and prevents unauthorized disclosure
corporate security officer
ISO/IEC 27004
elcomsoft
confidentiality
40. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
risk analysis
strategic
fault tree analysis
integrity
41. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
Control Objectives for Information and related Technology
corporate security officer
port scanner
privilege
42. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
CISO
data owner
ITIL
qualitative
43. Potential danger to information or systems
ITIL
threat
risk catagories
COSO
44. Tools to ID - develop - and design security requirements for business needs
administrative
blueprints
security governanace
confidentiality
45. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
vulnerability
security program
single loss expectancy
BS7799
46. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
qualitative
countermeasure
Information risk management
security governanace
47. Collection of controls an organization must have in place
vulnerability scanner
security program
exposure
single loss expectancy
48. NIST risk management methodology
port scanner
SP 800-30
Committee of Sponsoring Organizations
Operationally Critical Threat - Asset - and Vulnerability Evaluation
49. An instance of being exposed to losses from a threat
SP 800-30
Committee of Sponsoring Organizations
exposure
firewall
50. De facto standard of best practices for IT service mgmt
CobiT
Information Technology Infrastructure Library (ITIL)
ISO/IEC 27004
Committee of Sponsoring Organizations