SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. __________ loss has a negative effect after a vulnerability is initially exploited
risk analysis
delayed
Failure Modes and Effect Analysis
due care
2. Focus on service level agreements between IT dept and internal customers
ITIL
administrative
risk analysis
confidentiality
3. A weakness (software - hardware - procedural - human) that can be exploited
risk
Information Security Management
vulnerability
john the ripper
4. Guide to illustrate how to protect personal health information
ISO/IEC 27799
Information Technology Infrastructure Library (ITIL)
FMEA
ISO 17799
5. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
COSO
network mapping
risk
delayed
6. CobiT
Control Objectives for Information and related Technology
performance monitor
escalation
threat
7. Type of audit that checks that network resources - systems and software are used appropriately
CobiT
corporate security officer
Failure Modes and Effect Analysis
usage
8. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
elcomsoft
FRAP
vulnerability
OCTAVE
9. Guide assist in the implemenation of information security based on risk managent approach
ISO/IEC 27005
risk
Facilitated Risk Analysis Process
Information Technology Infrastructure Library (ITIL)
10. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
L0phtCrack
vulnerability
COSO
Information Security Management
11. SLE x ARO - (ALE)
vulnerability
risk anlysis
annualized loss expectancy
COSO
12. Ensures reliable timely access to data/resources to authorized individuals
security program
availability
exposure factor
FMEA
13. NIST risk management methodology
FRAP
john the ripper
SP 800-30
usage
14. The tools - personnel and business processes necessary to ensure that security meets needs
security governanace
exposure factor
confidentiality
firewall
15. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
ISO 17799
tactical
risk mitigation
corporate security officer
16. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
CobiT
risk mitigation
protocol analyzer
delayed
17. Type of audit that checks that accounts - groups and roles are correctly assigned
CISO
exposure factor
security program
privilege
18. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
usage
due care
ITIL
single loss expectancy
19. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
port scanner
Failure Modes and Effect Analysis
exposure
single loss expectancy
20. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
exposure factor
security program
Failure Modes and Effect Analysis
ISO/IEC 27002
21. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
IRM
planning horizon
technical
john the ripper
22. Provides a cost/benefit comparision
risk analysis
FMEA
No events - Errors only - Errors and warnings - All events
performance baseline
23. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
No events - Errors only - Errors and warnings - All events
qualitative
security governanace
risk catagories
24. Type of audit that checks information classification and change control procedures
availability
security officer
administrative
COSO
25. Assurance of accurancy and reliability of information and systems
integrity
CISO
elcomsoft
Committee of Sponsoring Organizations
26. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
Information risk management
COSO
CobiT
Committee of Sponsoring Organizations
27. Responsible for information classification and protection
COSO
Information risk management
data owner
Information Security Management
28. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
security program
elcomsoft
risk
penetration
29. Mitigates a potential risk
IRM
OCTAVE
ISO/IEC 27002
countermeasure
30. Potential danger to information or systems
threat
ISO/IEC 27002
COSO
fault tree analysis
31. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
CobiT
COSO
CobiT
BS7799
32. De facto standard of best practices for IT service mgmt
Information Technology Infrastructure Library (ITIL)
SP 800-30
CobiT
risk analysis
33. Event levels available for logging in a MS DNS server
risk mitigation
Failure Modes and Effect Analysis
No events - Errors only - Errors and warnings - All events
Information Technology Infrastructure Library (ITIL)
34. An open language from mitre.org for determining vulnerabilities and problems on computer systems
security governanace
Information risk management
OVAL
elcomsoft
35. Expected or predetermined performance level - developed from policy - performance - requirements
fault tree analysis
Information Technology Infrastructure Library (ITIL)
chief information security officer
performance baseline
36. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
ITIL
chief information security officer
FRAP
Committee of Sponsoring Organizations
37. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
security program
Committee of Sponsoring Organizations
ISO/IEC 27002
strategic
38. Midterm goals
network mapping
administrative
tactical
annualized rate of occurrence
39. Derived from the COSO framework
AS/NZS 4360
escalation
strategic
CobiT
40. OCTAVE
Operationally Critical Threat - Asset - and Vulnerability Evaluation
availability
chief information security officer
ISO 17799
41. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
tactical
risk analysis
due care
single loss expectancy
42. COSO
delayed
Committee of Sponsoring Organizations
ISO/IEC 27005
protocol analyzer
43. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
SP 800-30
mappers
CobiT
administrative
44. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
L0phtCrack
privilege
network mapping
port scanner
45. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
risk analysis
vulnerability
exposure factor
ISO/IEC 27002
46. The likelihood of exploitation and the loss potential
performance monitor
risk
AS/NZS 4360
L0phtCrack
47. Information security managment measurements
ISO/IEC 27004
IRM
CISO
ISO 17799
48. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
FMEA
john the ripper
COSO
Operationally Critical Threat - Asset - and Vulnerability Evaluation
49. The following tools (Nessus - Qualys - Retina) are ______________ scanners
FMEA
vulnerability
Committee of Sponsoring Organizations
usage
50. Percentage of an asset's value that would be lost in a single incident - (EF)
risk mitigation
elcomsoft
exposure factor
ITIL