Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. SLE x ARO - (ALE)
availability
annualized loss expectancy
due care
L0phtCrack

2. Collection of controls an organization must have in place
confidentiality
risk mitigation
security program
risk analysis

3. Event levels available for logging in a MS DNS server
network mapping
No events - Errors only - Errors and warnings - All events
escalation
privilege

4. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
network mapping
firewall
protocol analyzer
AS/NZS 4360

5. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
Failure Modes and Effect Analysis
qualitative
vulnerability scanner
risk analysis

6. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
COSO
CobiT
blueprints
L0phtCrack

7. De facto standard of best practices for IT service mgmt
vulnerability
Information Technology Infrastructure Library (ITIL)
ITIL
ISO/IEC 27001

8. Ensures managment security directives are fulfilled
Information Security Management
protocol analyzer
IRM
security officer

9. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
blueprints
vulnerability
performance monitor
risk

10. OCTAVE
Operationally Critical Threat - Asset - and Vulnerability Evaluation
risk
exposure factor
exposure

11. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
vulnerability
vulnerability
security program
penetration

12. Type of audit that checks information classification and change control procedures
ISO 17799
exposure
integrity
administrative

13. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
single loss expectancy
ISO/IEC 27005
network mapping
exposure

14. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
due care
vulnerability scanner
security program
physical

15. Mitigates a potential risk
security governanace
Facilitated Risk Analysis Process
firewall
countermeasure

16. Used to ID failures in a complex systems to understand underlying causes of threats
risk analysis
fault tree analysis
performance monitor
annualized loss expectancy

17. COSO
Information risk management
COSO
SP 800-30
Committee of Sponsoring Organizations

18. Guide assist in the implemenation of information security based on risk managent approach
COSO
due care
fault tree analysis
ISO/IEC 27005

19. IT governance at the operational level
performance baseline
L0phtCrack
FRAP
CobiT

20. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
security program
firewall
risk anlysis
risk analysis

21. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
elcomsoft
protocol analyzer
qualitative
escalation

22. Derived from the COSO framework
CISO
penetration
CobiT
strategic

23. The following tools (Nessus - Qualys - Retina) are ______________ scanners
CobiT
vulnerability
Information Technology Infrastructure Library (ITIL)
security program

24. Responsible for information classification and protection
AS/NZS 4360
network mapping
data owner
CISO

25. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
FMEA
Information risk management
confidentiality
vulnerability

26. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
risk catagories
ISO/IEC 27002
strategic
qualitative

27. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
OVAL
BS7799
john the ripper
mappers

28. Expected or predetermined performance level - developed from policy - performance - requirements
COSO
performance baseline
CobiT
delayed

29. FRAP
CobiT
COSO
administrative
Facilitated Risk Analysis Process

30. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
risk analysis
BS7799
vulnerability
single loss expectancy

31. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
fault tree analysis
BS7799
threat
strategic

32. CSO
vulnerability
threat
FMEA
corporate security officer

33. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
ISO/IEC 27005
vulnerability scanner
ISO 17799
network mapping

34. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
risk mitigation
due care
qualitative
penetration

35. IRM
ISO/IEC 27002
qualitative
Information risk management
Committee of Sponsoring Organizations

36. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
countermeasure
network mapping
administrative
due care

37. Possiblity of damage and the ramifications should it occur
security officer
CobiT
administrative
risk

38. The asset's value multiplied by the EF percentage - (SLE)
risk
fault tree analysis
single loss expectancy
countermeasure

39. Ensures necessary level of secrecy and prevents unauthorized disclosure
john the ripper
CISO
confidentiality
CobiT

40. Information security managment measurements
OVAL
COSO
integrity
ISO/IEC 27004

41. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
exposure factor
privilege
penetration
data owner

42. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
operational
risk mitigation
CobiT
FMEA

43. Tools to ID - develop - and design security requirements for business needs
blueprints
CobiT
delayed
ITIL

44. NIST risk management methodology
ISO/IEC 27004
SP 800-30
port scanner
CobiT

45. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
port scanner
network mapping
exposure factor
availability

46. A log that can record outgoing requests - incoming traffic - and internet usage
qualitative
port scanner
COSO
firewall

47. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
operational
annualized rate of occurrence
IRM
BS7799

48. ISM Standard
qualitative
Information Security Management
integrity
mappers

49. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
Facilitated Risk Analysis Process
risk catagories
countermeasure
ISO/IEC 27002

50. Ensures reliable timely access to data/resources to authorized individuals
availability
FMEA
single loss expectancy
vulnerability scanner