Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Ensures managment security directives are fulfilled
risk analysis
CISO
security officer
confidentiality

2. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
BS7799
network mapping
vulnerability
CobiT

3. Event levels available for logging in a MS DNS server
countermeasure
No events - Errors only - Errors and warnings - All events
ISO/IEC 27799
Operationally Critical Threat - Asset - and Vulnerability Evaluation

4. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
qualitative
Facilitated Risk Analysis Process
usage
CISO

5. COSO
planning horizon
ISO/IEC 27799
IRM
Committee of Sponsoring Organizations

6. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
security program
operational
vulnerability scanner
Information Technology Infrastructure Library (ITIL)

7. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
threat
ISO 17799
delayed
ISO/IEC 27001

8. Daily goals focused on productivity and task-oriented activities
risk
operational
physical
tactical

9. Potential danger to information or systems
network mapping
confidentiality
Committee of Sponsoring Organizations
threat

10. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
risk anlysis
strategic
fault tree analysis
BS7799

11. SLE x ARO - (ALE)
qualitative
risk analysis
FMEA
annualized loss expectancy

12. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
confidentiality
strategic
risk catagories
administrative

13. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
single loss expectancy
FRAP
penetration
administrative

14. IRM
risk
No events - Errors only - Errors and warnings - All events
network mapping
Information risk management

15. The following tools (Nessus - Qualys - Retina) are ______________ scanners
vulnerability
performance baseline
FMEA
COSO

16. Expected or predetermined performance level - developed from policy - performance - requirements
performance baseline
FMEA
firewall
Failure Modes and Effect Analysis

17. Number of time the incident might occur annually - (ARO)
annualized rate of occurrence
risk
OCTAVE
ISO/IEC 27001

18. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
ITIL
confidentiality
penetration
Committee of Sponsoring Organizations

19. CSO
blueprints
Committee of Sponsoring Organizations
corporate security officer
Information risk management

20. Type of audit that checks that network resources - systems and software are used appropriately
usage
CobiT
performance monitor
Failure Modes and Effect Analysis

21. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
ISO/IEC 27004
elcomsoft
administrative
security program

22. IT governance at the operational level
network mapping
vulnerability
CobiT
Information Technology Infrastructure Library (ITIL)

23. Ensures necessary level of secrecy and prevents unauthorized disclosure
AS/NZS 4360
No events - Errors only - Errors and warnings - All events
confidentiality
integrity

24. Mitigates a potential risk
countermeasure
operational
L0phtCrack
data owner

25. The asset's value multiplied by the EF percentage - (SLE)
vulnerability scanner
FMEA
single loss expectancy
risk mitigation

26. NIST risk management methodology
blueprints
SP 800-30
FRAP
performance monitor

27. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
IRM
mappers
FRAP
confidentiality

28. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
vulnerability
FMEA
Operationally Critical Threat - Asset - and Vulnerability Evaluation
due care

29. Provides a cost/benefit comparision
physical
risk
performance monitor
risk analysis

30. Focus on service level agreements between IT dept and internal customers
privilege
IRM
ITIL
COSO

31. FMEA
Failure Modes and Effect Analysis
Operationally Critical Threat - Asset - and Vulnerability Evaluation
countermeasure
performance monitor

32. Collection of controls an organization must have in place
CobiT
security program
FMEA
vulnerability

33. CobiT
FRAP
risk catagories
privilege
Control Objectives for Information and related Technology

34. CISO
IRM
chief information security officer
CISO
CobiT

35. Corporate governance at the strategic level
SP 800-30
No events - Errors only - Errors and warnings - All events
COSO
vulnerability

36. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
security program
Committee of Sponsoring Organizations
mappers
COSO

37. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
vulnerability
ISO/IEC 27004
administrative
CobiT

38. Strategic - tactical and operational planning
CobiT
Information Technology Infrastructure Library (ITIL)
tactical
planning horizon

39. Ensures reliable timely access to data/resources to authorized individuals
ISO 17799
availability
No events - Errors only - Errors and warnings - All events
Information Security Management

40. Possiblity of damage and the ramifications should it occur
availability
tactical
security program
risk

41. FRAP
Facilitated Risk Analysis Process
mappers
ISO/IEC 27799
administrative

42. Assurance of accurancy and reliability of information and systems
integrity
security program
chief information security officer
Information Security Management

43. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
CobiT
performance monitor
exposure
countermeasure

44. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
ISO/IEC 27799
risk analysis
administrative
ISO/IEC 27005

45. A log that can record outgoing requests - incoming traffic - and internet usage
vulnerability
firewall
SP 800-30
Information Security Management

46. A weakness (software - hardware - procedural - human) that can be exploited
vulnerability
qualitative
operational
network mapping

47. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
ISO 17799
ISO/IEC 27002
Information Technology Infrastructure Library (ITIL)
blueprints

48. __________ loss has a negative effect after a vulnerability is initially exploited
network mapping
delayed
COSO
blueprints

49. Controls that implement access control - password mangement - identification and authentication methods - configuration
Information risk management
blueprints
security governanace
technical

50. Responsible for information classification and protection
data owner
annualized loss expectancy
risk
FRAP