Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product






2. Type of audit that checks that network resources - systems and software are used appropriately






3. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits






4. Event levels available for logging in a MS DNS server






5. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond






6. Guide to illustrate how to protect personal health information






7. __________ loss has a negative effect after a vulnerability is initially exploited






8. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.






9. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics






10. Assurance of accurancy and reliability of information and systems






11. FMEA






12. FRAP






13. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion






14. Type of audit that checks information classification and change control procedures






15. CSO






16. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment






17. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)






18. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________






19. Controls that implement access control - password mangement - identification and authentication methods - configuration






20. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation






21. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting






22. The likelihood of exploitation and the loss potential






23. Provides a cost/benefit comparision






24. Midterm goals






25. Percentage of an asset's value that would be lost in a single incident - (EF)






26. CobiT






27. Information security managment measurements






28. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files






29. An instance of being exposed to losses from a threat






30. Ensures reliable timely access to data/resources to authorized individuals






31. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk






32. The asset's value multiplied by the EF percentage - (SLE)






33. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks






34. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards






35. CISO






36. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers






37. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate






38. Responsible for communicating to senior mgmt organizational risks and compliance regulations






39. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate






40. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external






41. Strategic - tactical and operational planning






42. Ensures managment security directives are fulfilled






43. Collection of controls an organization must have in place






44. Type of audit that checks that accounts - groups and roles are correctly assigned






45. Used to ID failures in a complex systems to understand underlying causes of threats






46. A log that can record outgoing requests - incoming traffic - and internet usage






47. Risk mgmt method with much broader focus than IT security






48. IRM






49. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering






50. The following tools (Nessus - Qualys - Retina) are ______________ scanners







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests