SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. __________ loss has a negative effect after a vulnerability is initially exploited
fault tree analysis
exposure
delayed
COSO
2. Focus on service level agreements between IT dept and internal customers
annualized rate of occurrence
ITIL
elcomsoft
john the ripper
3. ISM Standard
IRM
Information risk management
BS7799
Information Security Management
4. Daily goals focused on productivity and task-oriented activities
availability
operational
L0phtCrack
security officer
5. OCTAVE
privilege
Operationally Critical Threat - Asset - and Vulnerability Evaluation
risk analysis
corporate security officer
6. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
protocol analyzer
CobiT
Operationally Critical Threat - Asset - and Vulnerability Evaluation
security officer
7. Provides a cost/benefit comparision
strategic
risk analysis
annualized rate of occurrence
Information Security Management
8. Type of audit that checks that network resources - systems and software are used appropriately
No events - Errors only - Errors and warnings - All events
performance baseline
firewall
usage
9. A weakness (software - hardware - procedural - human) that can be exploited
port scanner
fault tree analysis
vulnerability
strategic
10. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
COSO
corporate security officer
ISO/IEC 27004
port scanner
11. An instance of being exposed to losses from a threat
security program
exposure
john the ripper
administrative
12. NIST risk management methodology
IRM
SP 800-30
technical
CISO
13. Made up of ten domains - a mechanism to describe security processes
vulnerability scanner
ITIL
Information Technology Infrastructure Library (ITIL)
ISO 17799
14. Event levels available for logging in a MS DNS server
Control Objectives for Information and related Technology
No events - Errors only - Errors and warnings - All events
due care
Information Security Management
15. Information security managment measurements
risk catagories
ISO/IEC 27004
john the ripper
chief information security officer
16. SLE x ARO - (ALE)
port scanner
risk analysis
COSO
annualized loss expectancy
17. Percentage of an asset's value that would be lost in a single incident - (EF)
countermeasure
tactical
exposure factor
operational
18. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
Failure Modes and Effect Analysis
vulnerability
fault tree analysis
annualized rate of occurrence
19. Responsible for communicating to senior mgmt organizational risks and compliance regulations
OVAL
port scanner
CISO
firewall
20. A log that can record outgoing requests - incoming traffic - and internet usage
tactical
firewall
integrity
protocol analyzer
21. Guide to illustrate how to protect personal health information
OCTAVE
network mapping
ISO/IEC 27799
risk anlysis
22. COSO
Committee of Sponsoring Organizations
exposure factor
L0phtCrack
due care
23. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
FRAP
exposure factor
Information Technology Infrastructure Library (ITIL)
strategic
24. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond
COSO
security program
physical
fault tree analysis
25. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
CobiT
Operationally Critical Threat - Asset - and Vulnerability Evaluation
ISO 17799
data owner
26. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
FMEA
Control Objectives for Information and related Technology
risk mitigation
L0phtCrack
27. CSO
exposure factor
corporate security officer
performance baseline
ISO 17799
28. Collection of controls an organization must have in place
CobiT
ISO/IEC 27005
risk catagories
security program
29. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
Information Security Management
strategic
performance monitor
qualitative
30. Possiblity of damage and the ramifications should it occur
elcomsoft
annualized loss expectancy
risk
escalation
31. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
CISO
L0phtCrack
strategic
due care
32. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
penetration
port scanner
Operationally Critical Threat - Asset - and Vulnerability Evaluation
ISO/IEC 27004
33. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
ITIL
security program
network mapping
CobiT
34. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
FMEA
ISO/IEC 27005
COSO
ISO/IEC 27004
35. CobiT
threat
Control Objectives for Information and related Technology
OVAL
network mapping
36. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
countermeasure
CISO
single loss expectancy
performance monitor
37. The likelihood of exploitation and the loss potential
CISO
Operationally Critical Threat - Asset - and Vulnerability Evaluation
john the ripper
risk
38. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
FMEA
qualitative
Facilitated Risk Analysis Process
integrity
39. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
mappers
FRAP
Committee of Sponsoring Organizations
ISO 17799
40. Assurance of accurancy and reliability of information and systems
integrity
vulnerability scanner
fault tree analysis
corporate security officer
41. CISO
CobiT
operational
tactical
chief information security officer
42. The asset's value multiplied by the EF percentage - (SLE)
OVAL
single loss expectancy
CobiT
ISO/IEC 27799
43. Tools to ID - develop - and design security requirements for business needs
SP 800-30
blueprints
COSO
administrative
44. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
L0phtCrack
physical
risk anlysis
chief information security officer
45. Risk mgmt method with much broader focus than IT security
physical
AS/NZS 4360
administrative
ISO/IEC 27799
46. Responsible for information classification and protection
usage
FMEA
firewall
data owner
47. The tools - personnel and business processes necessary to ensure that security meets needs
security governanace
exposure factor
ISO/IEC 27002
john the ripper
48. Number of time the incident might occur annually - (ARO)
annualized rate of occurrence
FMEA
john the ripper
CobiT
49. Mitigates a potential risk
countermeasure
ITIL
CobiT
threat
50. Ensures managment security directives are fulfilled
administrative
AS/NZS 4360
ISO/IEC 27799
security officer