Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Tools to ID - develop - and design security requirements for business needs
blueprints
CobiT
ISO/IEC 27799
network mapping

2. Provides a cost/benefit comparision
ISO 17799
mappers
risk analysis
COSO

3. CobiT
planning horizon
Control Objectives for Information and related Technology
Committee of Sponsoring Organizations
escalation

4. Corporate governance at the strategic level
OCTAVE
CISO
COSO
Information risk management

5. Derived from the COSO framework
CobiT
COSO
Committee of Sponsoring Organizations
OVAL

6. Controls that implement access control - password mangement - identification and authentication methods - configuration
risk anlysis
No events - Errors only - Errors and warnings - All events
data owner
technical

7. The tools - personnel and business processes necessary to ensure that security meets needs
security governanace
OCTAVE
administrative
CISO

8. Type of audit that checks that accounts - groups and roles are correctly assigned
protocol analyzer
CobiT
privilege
data owner

9. Risk mgmt method with much broader focus than IT security
data owner
AS/NZS 4360
security governanace
penetration

10. Ensures reliable timely access to data/resources to authorized individuals
protocol analyzer
availability
firewall
mappers

11. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
Failure Modes and Effect Analysis
SP 800-30
confidentiality
strategic

12. The following tools (Nessus - Qualys - Retina) are ______________ scanners
delayed
vulnerability
risk anlysis
qualitative

13. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
fault tree analysis
john the ripper
usage
CobiT

14. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
Facilitated Risk Analysis Process
security program
firewall
CISO

15. FRAP
penetration
No events - Errors only - Errors and warnings - All events
CISO
Facilitated Risk Analysis Process

16. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
ITIL
ISO/IEC 27002
performance monitor
integrity

17. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
FMEA
operational
Control Objectives for Information and related Technology
security governanace

18. NIST risk management methodology
vulnerability scanner
SP 800-30
Information Security Management
exposure factor

19. Number of time the incident might occur annually - (ARO)
ISO/IEC 27002
security governanace
annualized rate of occurrence
security program

20. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
FMEA
countermeasure
CobiT
security governanace

21. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
annualized rate of occurrence
protocol analyzer
administrative
L0phtCrack

22. ISM Standard
ISO/IEC 27001
Information Security Management
ISO/IEC 27004
CobiT

23. Collection of controls an organization must have in place
data owner
security program
integrity
COSO

24. Guide assist in the implemenation of information security based on risk managent approach
ISO/IEC 27005
Information Security Management
administrative
technical

25. OCTAVE
security program
Operationally Critical Threat - Asset - and Vulnerability Evaluation
risk
annualized loss expectancy

26. Made up of ten domains - a mechanism to describe security processes
vulnerability
strategic
ISO 17799
usage

27. A log that can record outgoing requests - incoming traffic - and internet usage
firewall
ISO/IEC 27004
chief information security officer
risk analysis

28. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
L0phtCrack
network mapping
risk
vulnerability

29. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
tactical
CISO
vulnerability
CobiT

30. An instance of being exposed to losses from a threat
vulnerability
physical
ISO 17799
exposure

31. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
annualized loss expectancy
FRAP
risk analysis
risk catagories

32. De facto standard of best practices for IT service mgmt
tactical
FRAP
Information Technology Infrastructure Library (ITIL)
annualized loss expectancy

33. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
ISO 17799
CISO
exposure
performance monitor

34. Type of audit that checks procedures and policies for escalating issues to management
penetration
vulnerability
escalation
L0phtCrack

35. An open language from mitre.org for determining vulnerabilities and problems on computer systems
OVAL
port scanner
single loss expectancy
risk mitigation

36. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
AS/NZS 4360
performance baseline
tactical
administrative

37. CISO
confidentiality
ISO 17799
CobiT
chief information security officer

38. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
integrity
IRM
penetration
risk analysis

39. Mitigates a potential risk
FMEA
countermeasure
administrative
single loss expectancy

40. Type of audit that checks that network resources - systems and software are used appropriately
risk
vulnerability scanner
usage
security program

41. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
confidentiality
privilege
performance monitor
FMEA

42. Information security managment measurements
blueprints
CobiT
ISO/IEC 27004
IRM

43. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
network mapping
ISO/IEC 27001
FMEA
vulnerability scanner

44. CSO
OVAL
Information risk management
corporate security officer
annualized rate of occurrence

45. __________ loss has a negative effect after a vulnerability is initially exploited
FMEA
delayed
administrative
port scanner

46. COSO
AS/NZS 4360
vulnerability scanner
security program
Committee of Sponsoring Organizations

47. Midterm goals
tactical
FMEA
vulnerability
security governanace

48. FMEA
tactical
risk
Committee of Sponsoring Organizations
Failure Modes and Effect Analysis

49. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
CobiT
ISO/IEC 27005
elcomsoft
vulnerability

50. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
protocol analyzer
AS/NZS 4360
firewall
john the ripper