Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Type of audit that checks procedures and policies for escalating issues to management
john the ripper
AS/NZS 4360
escalation
exposure factor

2. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
Information risk management
FRAP
CISO
john the ripper

3. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
security governanace
FMEA
mappers
network mapping

4. Focus on service level agreements between IT dept and internal customers
ISO/IEC 27005
due care
vulnerability
ITIL

5. Tools to ID - develop - and design security requirements for business needs
ISO/IEC 27002
availability
ITIL
blueprints

6. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
chief information security officer
ISO/IEC 27002
ISO 17799
john the ripper

7. A log that can record outgoing requests - incoming traffic - and internet usage
COSO
firewall
CISO
john the ripper

8. Type of audit that checks that accounts - groups and roles are correctly assigned
privilege
CobiT
qualitative
confidentiality

9. Used to ID failures in a complex systems to understand underlying causes of threats
ISO/IEC 27004
fault tree analysis
performance monitor
risk anlysis

10. Type of audit that checks information classification and change control procedures
network mapping
administrative
protocol analyzer
L0phtCrack

11. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
ISO/IEC 27004
vulnerability scanner
integrity
escalation

12. FRAP
Facilitated Risk Analysis Process
FRAP
performance baseline
security officer

13. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
security governanace
protocol analyzer
administrative
exposure

14. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
port scanner
No events - Errors only - Errors and warnings - All events
penetration
risk anlysis

15. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
network mapping
firewall
delayed
availability

16. Provides a cost/benefit comparision
risk analysis
risk anlysis
corporate security officer
ISO/IEC 27004

17. The asset's value multiplied by the EF percentage - (SLE)
integrity
single loss expectancy
risk
chief information security officer

18. Number of time the incident might occur annually - (ARO)
security governanace
annualized rate of occurrence
countermeasure
BS7799

19. __________ loss has a negative effect after a vulnerability is initially exploited
CobiT
technical
risk analysis
delayed

20. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
privilege
security program
COSO
network mapping

21. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
countermeasure
security program
vulnerability
CobiT

22. Type of audit that checks that network resources - systems and software are used appropriately
usage
administrative
qualitative
due care

23. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond
security program
risk anlysis
COSO
administrative

24. Corporate governance at the strategic level
usage
COSO
single loss expectancy
risk analysis

25. Derived from the COSO framework
escalation
confidentiality
planning horizon
CobiT

26. Responsible for communicating to senior mgmt organizational risks and compliance regulations
exposure
availability
vulnerability
CISO

27. CSO
CobiT
elcomsoft
operational
corporate security officer

28. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
CobiT
ISO/IEC 27005
ISO 17799
annualized rate of occurrence

29. Made up of ten domains - a mechanism to describe security processes
AS/NZS 4360
Operationally Critical Threat - Asset - and Vulnerability Evaluation
escalation
ISO 17799

30. Strategic - tactical and operational planning
planning horizon
administrative
elcomsoft
administrative

31. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
ISO/IEC 27799
port scanner
john the ripper
COSO

32. Expected or predetermined performance level - developed from policy - performance - requirements
performance baseline
CobiT
firewall
ISO/IEC 27004

33. COSO
risk mitigation
FRAP
OCTAVE
Committee of Sponsoring Organizations

34. Controls that implement access control - password mangement - identification and authentication methods - configuration
technical
vulnerability
No events - Errors only - Errors and warnings - All events
risk anlysis

35. Guide assist in the implemenation of information security based on risk managent approach
ISO/IEC 27005
chief information security officer
CobiT
OVAL

36. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
security officer
vulnerability
qualitative
ISO 17799

37. Possiblity of damage and the ramifications should it occur
COSO
ISO/IEC 27799
risk
security officer

38. Risk mgmt method with much broader focus than IT security
risk
ISO/IEC 27002
AS/NZS 4360
Facilitated Risk Analysis Process

39. Collection of controls an organization must have in place
countermeasure
protocol analyzer
risk
security program

40. Assurance of accurancy and reliability of information and systems
planning horizon
port scanner
OVAL
integrity

41. Information security managment measurements
ISO/IEC 27004
availability
elcomsoft
Control Objectives for Information and related Technology

42. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
OCTAVE
escalation
elcomsoft
ISO 17799

43. An instance of being exposed to losses from a threat
risk analysis
COSO
exposure
network mapping

44. Potential danger to information or systems
technical
IRM
threat
corporate security officer

45. OCTAVE
risk analysis
single loss expectancy
Operationally Critical Threat - Asset - and Vulnerability Evaluation
data owner

46. CobiT
SP 800-30
risk analysis
Control Objectives for Information and related Technology
vulnerability

47. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
FMEA
annualized loss expectancy
countermeasure
ISO/IEC 27001

48. Ensures managment security directives are fulfilled
security officer
FRAP
chief information security officer
qualitative

49. SLE x ARO - (ALE)
Information Security Management
blueprints
annualized loss expectancy
integrity

50. Daily goals focused on productivity and task-oriented activities
Operationally Critical Threat - Asset - and Vulnerability Evaluation
COSO
operational
ISO 17799