Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
performance baseline
risk
COSO
vulnerability scanner

2. Used to ID failures in a complex systems to understand underlying causes of threats
vulnerability
john the ripper
fault tree analysis
ISO 17799

3. Collection of controls an organization must have in place
chief information security officer
security program
CobiT
ISO/IEC 27001

4. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
delayed
risk analysis
CobiT
ISO 17799

5. Made up of ten domains - a mechanism to describe security processes
firewall
ISO 17799
CobiT
risk mitigation

6. Corporate governance at the strategic level
penetration
COSO
performance monitor
Committee of Sponsoring Organizations

7. Ensures necessary level of secrecy and prevents unauthorized disclosure
CobiT
confidentiality
strategic
countermeasure

8. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
ISO/IEC 27002
CobiT
OCTAVE
fault tree analysis

9. Event levels available for logging in a MS DNS server
due care
ITIL
No events - Errors only - Errors and warnings - All events
network mapping

10. FMEA
Failure Modes and Effect Analysis
qualitative
risk anlysis
COSO

11. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
qualitative
COSO
administrative
john the ripper

12. The following tools (Nessus - Qualys - Retina) are ______________ scanners
availability
Failure Modes and Effect Analysis
vulnerability
FRAP

13. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
strategic
ISO/IEC 27005
ISO/IEC 27799
network mapping

14. Type of audit that checks that network resources - systems and software are used appropriately
operational
port scanner
usage
network mapping

15. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
risk
risk catagories
FRAP
Failure Modes and Effect Analysis

16. Guide to illustrate how to protect personal health information
annualized rate of occurrence
integrity
ISO/IEC 27799
chief information security officer

17. Controls that implement access control - password mangement - identification and authentication methods - configuration
technical
port scanner
data owner
FMEA

18. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
delayed
vulnerability
planning horizon
IRM

19. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
Operationally Critical Threat - Asset - and Vulnerability Evaluation
penetration
SP 800-30
fault tree analysis

20. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
john the ripper
risk mitigation
network mapping
performance baseline

21. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
Information Security Management
security program
ISO/IEC 27001
CISO

22. Guide assist in the implemenation of information security based on risk managent approach
confidentiality
ISO/IEC 27005
exposure factor
technical

23. Mitigates a potential risk
security governanace
countermeasure
qualitative
security program

24. Derived from the COSO framework
CobiT
Committee of Sponsoring Organizations
risk
risk

25. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
risk analysis
qualitative
due care
port scanner

26. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
COSO
CobiT
protocol analyzer
physical

27. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
vulnerability
administrative
FMEA
BS7799

28. Information security managment measurements
L0phtCrack
risk
corporate security officer
ISO/IEC 27004

29. Type of audit that checks that accounts - groups and roles are correctly assigned
blueprints
FMEA
protocol analyzer
privilege

30. Provides a cost/benefit comparision
ISO/IEC 27004
risk analysis
blueprints
ISO/IEC 27005

31. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
CobiT
network mapping
administrative
ISO/IEC 27005

32. FRAP
Facilitated Risk Analysis Process
risk analysis
risk catagories
vulnerability

33. CSO
risk
corporate security officer
blueprints
ISO/IEC 27004

34. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
vulnerability
risk
ISO/IEC 27004
protocol analyzer

35. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
penetration
vulnerability scanner
mappers
administrative

36. ISM Standard
CobiT
planning horizon
port scanner
Information Security Management

37. OCTAVE
physical
penetration
AS/NZS 4360
Operationally Critical Threat - Asset - and Vulnerability Evaluation

38. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
FMEA
IRM
ISO 17799
vulnerability

39. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
qualitative
planning horizon
SP 800-30
strategic

40. Number of time the incident might occur annually - (ARO)
administrative
annualized rate of occurrence
Information Security Management
elcomsoft

41. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
confidentiality
vulnerability
physical
ISO 17799

42. Tools to ID - develop - and design security requirements for business needs
physical
blueprints
FRAP
ISO/IEC 27005

43. Potential danger to information or systems
risk analysis
threat
ISO 17799
SP 800-30

44. CobiT
qualitative
Control Objectives for Information and related Technology
COSO
administrative

45. Type of audit that checks information classification and change control procedures
performance monitor
administrative
fault tree analysis
CISO

46. A log that can record outgoing requests - incoming traffic - and internet usage
ITIL
firewall
COSO
administrative

47. A weakness (software - hardware - procedural - human) that can be exploited
FMEA
ISO 17799
risk anlysis
vulnerability

48. The asset's value multiplied by the EF percentage - (SLE)
single loss expectancy
exposure factor
blueprints
penetration

49. Type of audit that checks procedures and policies for escalating issues to management
escalation
vulnerability
fault tree analysis
Information Security Management

50. De facto standard of best practices for IT service mgmt
ISO/IEC 27001
Information Technology Infrastructure Library (ITIL)
confidentiality
port scanner