Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Daily goals focused on productivity and task-oriented activities
operational
escalation
Information Security Management
COSO

2. Risk mgmt method with much broader focus than IT security
port scanner
AS/NZS 4360
blueprints
FMEA

3. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
IRM
COSO
data owner
performance baseline

4. Ensures managment security directives are fulfilled
risk catagories
ISO/IEC 27799
security officer
chief information security officer

5. IRM
security officer
Information risk management
ISO/IEC 27001
OVAL

6. Type of audit that checks procedures and policies for escalating issues to management
countermeasure
confidentiality
escalation
risk anlysis

7. The tools - personnel and business processes necessary to ensure that security meets needs
tactical
security governanace
network mapping
elcomsoft

8. Focus on service level agreements between IT dept and internal customers
due care
L0phtCrack
CISO
ITIL

9. The asset's value multiplied by the EF percentage - (SLE)
technical
confidentiality
administrative
single loss expectancy

10. Percentage of an asset's value that would be lost in a single incident - (EF)
administrative
network mapping
Information risk management
exposure factor

11. The likelihood of exploitation and the loss potential
physical
Information Technology Infrastructure Library (ITIL)
usage
risk

12. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
ISO/IEC 27002
COSO
ISO 17799
strategic

13. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
physical
vulnerability
OVAL
CobiT

14. Number of time the incident might occur annually - (ARO)
COSO
SP 800-30
CobiT
annualized rate of occurrence

15. An open language from mitre.org for determining vulnerabilities and problems on computer systems
Information Technology Infrastructure Library (ITIL)
risk catagories
OVAL
elcomsoft

16. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
data owner
risk catagories
single loss expectancy
vulnerability scanner

17. A log that can record outgoing requests - incoming traffic - and internet usage
risk mitigation
firewall
Information risk management
vulnerability

18. ISM Standard
Information Security Management
CISO
ISO/IEC 27004
firewall

19. OCTAVE
security governanace
Control Objectives for Information and related Technology
Operationally Critical Threat - Asset - and Vulnerability Evaluation
administrative

20. Type of audit that checks that network resources - systems and software are used appropriately
usage
exposure factor
risk anlysis
security program

21. IT governance at the operational level
CobiT
exposure
annualized loss expectancy
delayed

22. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
BS7799
data owner
protocol analyzer
port scanner

23. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
ISO 17799
elcomsoft
risk mitigation
chief information security officer

24. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
qualitative
risk analysis
risk mitigation
physical

25. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
ISO/IEC 27002
privilege
performance monitor
security officer

26. Type of audit that checks information classification and change control procedures
strategic
administrative
exposure factor
IRM

27. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
threat
penetration
qualitative
protocol analyzer

28. Corporate governance at the strategic level
COSO
CobiT
ITIL
network mapping

29. __________ loss has a negative effect after a vulnerability is initially exploited
ISO/IEC 27001
operational
delayed
CobiT

30. FMEA
ISO/IEC 27004
Failure Modes and Effect Analysis
blueprints
technical

31. NIST risk management methodology
corporate security officer
john the ripper
SP 800-30
ISO 17799

32. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
chief information security officer
network mapping
OCTAVE
vulnerability

33. Responsible for information classification and protection
ISO/IEC 27001
exposure
data owner
vulnerability scanner

34. COSO
exposure factor
Committee of Sponsoring Organizations
blueprints
privilege

35. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
ISO/IEC 27001
FRAP
COSO
ISO/IEC 27799

36. CISO
CobiT
ITIL
chief information security officer
due care

37. Made up of ten domains - a mechanism to describe security processes
corporate security officer
data owner
risk
ISO 17799

38. The following tools (Nessus - Qualys - Retina) are ______________ scanners
annualized rate of occurrence
No events - Errors only - Errors and warnings - All events
vulnerability
ISO/IEC 27799

39. Possiblity of damage and the ramifications should it occur
protocol analyzer
network mapping
risk
vulnerability

40. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
chief information security officer
risk mitigation
annualized loss expectancy
ISO/IEC 27005

41. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
CobiT
Information Technology Infrastructure Library (ITIL)
vulnerability scanner
performance monitor

42. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
Information risk management
FMEA
privilege
ISO/IEC 27001

43. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
CobiT
CISO
Committee of Sponsoring Organizations
L0phtCrack

44. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
network mapping
protocol analyzer
performance baseline
COSO

45. Guide assist in the implemenation of information security based on risk managent approach
Information risk management
FMEA
ITIL
ISO/IEC 27005

46. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
risk anlysis
penetration
vulnerability
usage

47. Information security managment measurements
ISO/IEC 27004
CISO
security program
countermeasure

48. CSO
corporate security officer
port scanner
fault tree analysis
blueprints

49. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
exposure
ISO/IEC 27001
network mapping
protocol analyzer

50. Event levels available for logging in a MS DNS server
escalation
corporate security officer
No events - Errors only - Errors and warnings - All events
network mapping