Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost






2. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers






3. Provides a cost/benefit comparision






4. Daily goals focused on productivity and task-oriented activities






5. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond






6. CobiT






7. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control






8. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics






9. An open language from mitre.org for determining vulnerabilities and problems on computer systems






10. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks






11. Responsible for communicating to senior mgmt organizational risks and compliance regulations






12. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________






13. Potential danger to information or systems






14. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs






15. The following tools (Nessus - Qualys - Retina) are ______________ scanners






16. Guide assist in the implemenation of information security based on risk managent approach






17. Type of audit that checks that accounts - groups and roles are correctly assigned






18. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion






19. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)






20. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate






21. Ensures reliable timely access to data/resources to authorized individuals






22. Number of time the incident might occur annually - (ARO)






23. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error






24. Assurance of accurancy and reliability of information and systems






25. Expected or predetermined performance level - developed from policy - performance - requirements






26. Mitigates a potential risk






27. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate






28. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting






29. Type of audit that checks that network resources - systems and software are used appropriately






30. Responsible for information classification and protection






31. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)






32. Percentage of an asset's value that would be lost in a single incident - (EF)






33. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)






34. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards






35. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product






36. Focus on service level agreements between IT dept and internal customers






37. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)






38. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company






39. Midterm goals






40. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files






41. The asset's value multiplied by the EF percentage - (SLE)






42. CISO






43. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate






44. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment






45. Used to predict changes based on trends - detect deviations - and watch events across multiple system components






46. Ensures necessary level of secrecy and prevents unauthorized disclosure






47. Made up of ten domains - a mechanism to describe security processes






48. Corporate governance at the strategic level






49. FRAP






50. COSO