Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Ensures managment security directives are fulfilled






2. Expected or predetermined performance level - developed from policy - performance - requirements






3. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics






4. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation






5. Daily goals focused on productivity and task-oriented activities






6. COSO






7. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach






8. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external






9. Percentage of an asset's value that would be lost in a single incident - (EF)






10. Type of audit that checks procedures and policies for escalating issues to management






11. Type of audit that checks that accounts - groups and roles are correctly assigned






12. Midterm goals






13. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)






14. Controls that implement access control - password mangement - identification and authentication methods - configuration






15. Used to ID failures in a complex systems to understand underlying causes of threats






16. Collection of controls an organization must have in place






17. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error






18. OCTAVE






19. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files






20. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate






21. An instance of being exposed to losses from a threat






22. Responsible for communicating to senior mgmt organizational risks and compliance regulations






23. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.






24. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)






25. Type of audit that checks that network resources - systems and software are used appropriately






26. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis






27. CSO






28. Tools to ID - develop - and design security requirements for business needs






29. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits






30. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________






31. CobiT






32. Made up of ten domains - a mechanism to describe security processes






33. Possiblity of damage and the ramifications should it occur






34. Ensures necessary level of secrecy and prevents unauthorized disclosure






35. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers






36. FMEA






37. NIST risk management methodology






38. CISO






39. A log that can record outgoing requests - incoming traffic - and internet usage






40. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks






41. Responsible for information classification and protection






42. Used to predict changes based on trends - detect deviations - and watch events across multiple system components






43. Guide to illustrate how to protect personal health information






44. Provides a cost/benefit comparision






45. FRAP






46. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting






47. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard






48. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product






49. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)






50. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk