Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Percentage of an asset's value that would be lost in a single incident - (EF)
exposure factor
ISO/IEC 27002
administrative
annualized rate of occurrence

2. ISM Standard
Information Security Management
corporate security officer
qualitative
FRAP

3. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
ISO 17799
ISO/IEC 27001
qualitative
performance monitor

4. Tools to ID - develop - and design security requirements for business needs
blueprints
availability
chief information security officer
network mapping

5. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
ITIL
risk catagories
vulnerability
mappers

6. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
vulnerability
single loss expectancy
threat
penetration

7. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
vulnerability
protocol analyzer
tactical
risk analysis

8. Strategic - tactical and operational planning
ISO/IEC 27004
FMEA
penetration
planning horizon

9. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
ISO 17799
OCTAVE
corporate security officer
blueprints

10. Focus on service level agreements between IT dept and internal customers
No events - Errors only - Errors and warnings - All events
ITIL
ISO 17799
operational

11. Ensures managment security directives are fulfilled
escalation
exposure
security officer
technical

12. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
risk analysis
data owner
risk mitigation
vulnerability scanner

13. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
corporate security officer
vulnerability
Information risk management
risk anlysis

14. The likelihood of exploitation and the loss potential
risk
CobiT
mappers
ISO 17799

15. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
OVAL
COSO
single loss expectancy
due care

16. Derived from the COSO framework
CobiT
usage
integrity
OVAL

17. Midterm goals
tactical
mappers
risk mitigation
OVAL

18. Type of audit that checks that accounts - groups and roles are correctly assigned
COSO
privilege
FMEA
Control Objectives for Information and related Technology

19. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
COSO
Failure Modes and Effect Analysis
FMEA
protocol analyzer

20. Potential danger to information or systems
SP 800-30
operational
threat
COSO

21. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
port scanner
FMEA
No events - Errors only - Errors and warnings - All events
ISO 17799

22. A log that can record outgoing requests - incoming traffic - and internet usage
planning horizon
firewall
Operationally Critical Threat - Asset - and Vulnerability Evaluation
port scanner

23. IRM
security governanace
Information risk management
protocol analyzer
risk anlysis

24. An instance of being exposed to losses from a threat
network mapping
risk
qualitative
exposure

25. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
risk analysis
annualized loss expectancy
CISO
john the ripper

26. OCTAVE
CISO
network mapping
Operationally Critical Threat - Asset - and Vulnerability Evaluation
risk catagories

27. Number of time the incident might occur annually - (ARO)
annualized rate of occurrence
mappers
administrative
Control Objectives for Information and related Technology

28. The following tools (Nessus - Qualys - Retina) are ______________ scanners
vulnerability
performance monitor
performance baseline
security officer

29. Possiblity of damage and the ramifications should it occur
Facilitated Risk Analysis Process
risk
ISO/IEC 27005
vulnerability

30. Responsible for information classification and protection
performance baseline
vulnerability
data owner
availability

31. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
chief information security officer
strategic
exposure factor
administrative

32. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
CobiT
availability
ISO/IEC 27001
COSO

33. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
CobiT
L0phtCrack
Operationally Critical Threat - Asset - and Vulnerability Evaluation
planning horizon

34. The tools - personnel and business processes necessary to ensure that security meets needs
Information Technology Infrastructure Library (ITIL)
ISO/IEC 27799
elcomsoft
security governanace

35. Corporate governance at the strategic level
ISO/IEC 27002
ISO/IEC 27004
network mapping
COSO

36. Type of audit that checks that network resources - systems and software are used appropriately
ISO/IEC 27005
usage
IRM
COSO

37. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
Information risk management
Information Technology Infrastructure Library (ITIL)
network mapping
fault tree analysis

38. Type of audit that checks procedures and policies for escalating issues to management
escalation
risk analysis
network mapping
Operationally Critical Threat - Asset - and Vulnerability Evaluation

39. Used to ID failures in a complex systems to understand underlying causes of threats
fault tree analysis
security program
port scanner
L0phtCrack

40. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
ISO/IEC 27005
port scanner
privilege
confidentiality

41. Made up of ten domains - a mechanism to describe security processes
tactical
vulnerability
ISO 17799
security officer

42. Risk mgmt method with much broader focus than IT security
john the ripper
AS/NZS 4360
firewall
ISO/IEC 27004

43. Ensures reliable timely access to data/resources to authorized individuals
ITIL
availability
OCTAVE
usage

44. IT governance at the operational level
CobiT
risk anlysis
risk
ISO/IEC 27001

45. Ensures necessary level of secrecy and prevents unauthorized disclosure
No events - Errors only - Errors and warnings - All events
confidentiality
penetration
OVAL

46. Daily goals focused on productivity and task-oriented activities
vulnerability
performance baseline
Information Security Management
operational

47. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
performance monitor
ITIL
OVAL
COSO

48. FMEA
Failure Modes and Effect Analysis
countermeasure
FMEA
security officer

49. Responsible for communicating to senior mgmt organizational risks and compliance regulations
ISO/IEC 27002
CISO
Control Objectives for Information and related Technology
ISO 17799

50. Collection of controls an organization must have in place
network mapping
security program
escalation
performance monitor