Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. CSO
corporate security officer
data owner
CISO
OVAL

2. Type of audit that checks that accounts - groups and roles are correctly assigned
Information Security Management
mappers
CobiT
privilege

3. Information security managment measurements
firewall
ISO/IEC 27004
integrity
OCTAVE

4. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
L0phtCrack
IRM
john the ripper
due care

5. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
security program
john the ripper
SP 800-30
vulnerability

6. CISO
chief information security officer
exposure factor
performance monitor
AS/NZS 4360

7. Type of audit that checks information classification and change control procedures
countermeasure
CISO
integrity
administrative

8. The likelihood of exploitation and the loss potential
due care
usage
risk
ISO 17799

9. An instance of being exposed to losses from a threat
security governanace
Information risk management
exposure
integrity

10. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
privilege
strategic
IRM
risk mitigation

11. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
exposure factor
ISO/IEC 27002
No events - Errors only - Errors and warnings - All events
due care

12. Potential danger to information or systems
threat
CISO
privilege
elcomsoft

13. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
penetration
risk
data owner
blueprints

14. SLE x ARO - (ALE)
COSO
single loss expectancy
annualized loss expectancy
data owner

15. A weakness (software - hardware - procedural - human) that can be exploited
Facilitated Risk Analysis Process
network mapping
vulnerability
vulnerability scanner

16. Corporate governance at the strategic level
planning horizon
COSO
CISO
ISO/IEC 27001

17. Mitigates a potential risk
vulnerability
countermeasure
risk
FMEA

18. COSO
ISO/IEC 27799
risk
port scanner
Committee of Sponsoring Organizations

19. Ensures necessary level of secrecy and prevents unauthorized disclosure
risk analysis
Operationally Critical Threat - Asset - and Vulnerability Evaluation
ISO/IEC 27001
confidentiality

20. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
elcomsoft
CobiT
due care
delayed

21. Risk mgmt method with much broader focus than IT security
Committee of Sponsoring Organizations
AS/NZS 4360
SP 800-30
ISO/IEC 27799

22. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
Committee of Sponsoring Organizations
FRAP
ISO/IEC 27002
ISO 17799

23. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
countermeasure
port scanner
exposure factor
CobiT

24. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
ISO/IEC 27001
CISO
CobiT
performance monitor

25. IRM
Information risk management
availability
OVAL
ISO/IEC 27001

26. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
risk catagories
vulnerability scanner
IRM
ITIL

27. Responsible for communicating to senior mgmt organizational risks and compliance regulations
administrative
CISO
No events - Errors only - Errors and warnings - All events
mappers

28. FRAP
exposure
FMEA
threat
Facilitated Risk Analysis Process

29. OCTAVE
ISO 17799
OCTAVE
Information Technology Infrastructure Library (ITIL)
Operationally Critical Threat - Asset - and Vulnerability Evaluation

30. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
ISO/IEC 27004
ISO/IEC 27002
COSO
administrative

31. CobiT
qualitative
Control Objectives for Information and related Technology
usage
CobiT

32. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
corporate security officer
risk analysis
usage
data owner

33. The tools - personnel and business processes necessary to ensure that security meets needs
security governanace
blueprints
tactical
CISO

34. FMEA
performance baseline
BS7799
annualized rate of occurrence
Failure Modes and Effect Analysis

35. Percentage of an asset's value that would be lost in a single incident - (EF)
ISO 17799
administrative
risk analysis
exposure factor

36. Tools to ID - develop - and design security requirements for business needs
FMEA
tactical
blueprints
risk

37. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
ISO/IEC 27005
FMEA
qualitative
firewall

38. A log that can record outgoing requests - incoming traffic - and internet usage
firewall
Information Security Management
fault tree analysis
ISO 17799

39. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
SP 800-30
BS7799
vulnerability scanner
FRAP

40. The following tools (Nessus - Qualys - Retina) are ______________ scanners
OCTAVE
security program
performance monitor
vulnerability

41. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
performance monitor
COSO
AS/NZS 4360
BS7799

42. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
risk analysis
CobiT
network mapping
risk analysis

43. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
OCTAVE
blueprints
OVAL
vulnerability

44. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
performance baseline
physical
delayed
CobiT

45. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
chief information security officer
ISO/IEC 27001
threat
delayed

46. Guide to illustrate how to protect personal health information
OCTAVE
risk analysis
vulnerability scanner
ISO/IEC 27799

47. __________ loss has a negative effect after a vulnerability is initially exploited
delayed
chief information security officer
fault tree analysis
ISO/IEC 27799

48. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
CISO
No events - Errors only - Errors and warnings - All events
vulnerability
CobiT

49. Type of audit that checks procedures and policies for escalating issues to management
vulnerability scanner
performance baseline
ISO/IEC 27005
escalation

50. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
qualitative
risk
vulnerability
FMEA