SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Type of audit that checks information classification and change control procedures
Information Security Management
CobiT
FMEA
administrative
2. OCTAVE
Operationally Critical Threat - Asset - and Vulnerability Evaluation
CobiT
COSO
corporate security officer
3. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
risk analysis
vulnerability scanner
Information Security Management
CISO
4. The tools - personnel and business processes necessary to ensure that security meets needs
IRM
L0phtCrack
elcomsoft
security governanace
5. Event levels available for logging in a MS DNS server
OVAL
john the ripper
tactical
No events - Errors only - Errors and warnings - All events
6. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
ISO 17799
ISO/IEC 27799
strategic
data owner
7. De facto standard of best practices for IT service mgmt
CobiT
security program
Information Technology Infrastructure Library (ITIL)
risk mitigation
8. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
fault tree analysis
physical
penetration
CISO
9. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
usage
firewall
FRAP
protocol analyzer
10. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
technical
ISO/IEC 27001
BS7799
blueprints
11. A weakness (software - hardware - procedural - human) that can be exploited
risk analysis
AS/NZS 4360
john the ripper
vulnerability
12. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
due care
risk
usage
CobiT
13. NIST risk management methodology
Operationally Critical Threat - Asset - and Vulnerability Evaluation
No events - Errors only - Errors and warnings - All events
exposure factor
SP 800-30
14. Midterm goals
exposure factor
chief information security officer
risk analysis
tactical
15. CSO
corporate security officer
availability
qualitative
CobiT
16. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
qualitative
risk catagories
blueprints
ISO 17799
17. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
ISO/IEC 27001
performance monitor
mappers
countermeasure
18. Used to ID failures in a complex systems to understand underlying causes of threats
SP 800-30
ISO 17799
risk
fault tree analysis
19. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
ISO/IEC 27004
elcomsoft
administrative
COSO
20. An instance of being exposed to losses from a threat
OVAL
exposure
CobiT
performance baseline
21. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
physical
CobiT
usage
COSO
22. CobiT
Control Objectives for Information and related Technology
network mapping
risk catagories
usage
23. Focus on service level agreements between IT dept and internal customers
ITIL
security officer
L0phtCrack
risk catagories
24. Made up of ten domains - a mechanism to describe security processes
ISO/IEC 27005
vulnerability
CobiT
ISO 17799
25. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
OVAL
Information Security Management
performance monitor
port scanner
26. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
escalation
FMEA
risk mitigation
strategic
27. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
FRAP
elcomsoft
availability
risk analysis
28. Type of audit that checks procedures and policies for escalating issues to management
blueprints
escalation
protocol analyzer
fault tree analysis
29. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
FMEA
firewall
performance monitor
FRAP
30. The following tools (Nessus - Qualys - Retina) are ______________ scanners
blueprints
administrative
countermeasure
vulnerability
31. Collection of controls an organization must have in place
Operationally Critical Threat - Asset - and Vulnerability Evaluation
L0phtCrack
security program
administrative
32. Assurance of accurancy and reliability of information and systems
risk
ISO 17799
integrity
SP 800-30
33. __________ loss has a negative effect after a vulnerability is initially exploited
availability
FMEA
delayed
risk
34. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
security governanace
COSO
CISO
network mapping
35. Guide to illustrate how to protect personal health information
risk mitigation
usage
ISO/IEC 27799
vulnerability scanner
36. Daily goals focused on productivity and task-oriented activities
performance monitor
CobiT
Failure Modes and Effect Analysis
operational
37. Provides a cost/benefit comparision
escalation
performance monitor
risk analysis
strategic
38. Type of audit that checks that accounts - groups and roles are correctly assigned
FMEA
privilege
COSO
security officer
39. FMEA
risk
Failure Modes and Effect Analysis
Committee of Sponsoring Organizations
OCTAVE
40. Ensures managment security directives are fulfilled
security officer
annualized rate of occurrence
corporate security officer
exposure factor
41. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
strategic
CobiT
threat
risk catagories
42. FRAP
FRAP
penetration
Facilitated Risk Analysis Process
due care
43. Information security managment measurements
delayed
security program
FMEA
ISO/IEC 27004
44. Type of audit that checks that network resources - systems and software are used appropriately
risk analysis
CobiT
countermeasure
usage
45. A log that can record outgoing requests - incoming traffic - and internet usage
firewall
ISO/IEC 27001
OVAL
L0phtCrack
46. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
port scanner
protocol analyzer
delayed
usage
47. Percentage of an asset's value that would be lost in a single incident - (EF)
vulnerability
exposure factor
fault tree analysis
AS/NZS 4360
48. Number of time the incident might occur annually - (ARO)
ISO/IEC 27799
annualized loss expectancy
strategic
annualized rate of occurrence
49. Responsible for communicating to senior mgmt organizational risks and compliance regulations
CISO
availability
CobiT
confidentiality
50. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
CISO
qualitative
FRAP
exposure factor
