SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Percentage of an asset's value that would be lost in a single incident - (EF)
exposure factor
ISO/IEC 27002
administrative
annualized rate of occurrence
2. ISM Standard
Information Security Management
corporate security officer
qualitative
FRAP
3. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
ISO 17799
ISO/IEC 27001
qualitative
performance monitor
4. Tools to ID - develop - and design security requirements for business needs
blueprints
availability
chief information security officer
network mapping
5. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
ITIL
risk catagories
vulnerability
mappers
6. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
vulnerability
single loss expectancy
threat
penetration
7. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
vulnerability
protocol analyzer
tactical
risk analysis
8. Strategic - tactical and operational planning
ISO/IEC 27004
FMEA
penetration
planning horizon
9. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
ISO 17799
OCTAVE
corporate security officer
blueprints
10. Focus on service level agreements between IT dept and internal customers
No events - Errors only - Errors and warnings - All events
ITIL
ISO 17799
operational
11. Ensures managment security directives are fulfilled
escalation
exposure
security officer
technical
12. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
risk analysis
data owner
risk mitigation
vulnerability scanner
13. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
corporate security officer
vulnerability
Information risk management
risk anlysis
14. The likelihood of exploitation and the loss potential
risk
CobiT
mappers
ISO 17799
15. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
OVAL
COSO
single loss expectancy
due care
16. Derived from the COSO framework
CobiT
usage
integrity
OVAL
17. Midterm goals
tactical
mappers
risk mitigation
OVAL
18. Type of audit that checks that accounts - groups and roles are correctly assigned
COSO
privilege
FMEA
Control Objectives for Information and related Technology
19. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
COSO
Failure Modes and Effect Analysis
FMEA
protocol analyzer
20. Potential danger to information or systems
SP 800-30
operational
threat
COSO
21. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
port scanner
FMEA
No events - Errors only - Errors and warnings - All events
ISO 17799
22. A log that can record outgoing requests - incoming traffic - and internet usage
planning horizon
firewall
Operationally Critical Threat - Asset - and Vulnerability Evaluation
port scanner
23. IRM
security governanace
Information risk management
protocol analyzer
risk anlysis
24. An instance of being exposed to losses from a threat
network mapping
risk
qualitative
exposure
25. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
risk analysis
annualized loss expectancy
CISO
john the ripper
26. OCTAVE
CISO
network mapping
Operationally Critical Threat - Asset - and Vulnerability Evaluation
risk catagories
27. Number of time the incident might occur annually - (ARO)
annualized rate of occurrence
mappers
administrative
Control Objectives for Information and related Technology
28. The following tools (Nessus - Qualys - Retina) are ______________ scanners
vulnerability
performance monitor
performance baseline
security officer
29. Possiblity of damage and the ramifications should it occur
Facilitated Risk Analysis Process
risk
ISO/IEC 27005
vulnerability
30. Responsible for information classification and protection
performance baseline
vulnerability
data owner
availability
31. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
chief information security officer
strategic
exposure factor
administrative
32. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
CobiT
availability
ISO/IEC 27001
COSO
33. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
CobiT
L0phtCrack
Operationally Critical Threat - Asset - and Vulnerability Evaluation
planning horizon
34. The tools - personnel and business processes necessary to ensure that security meets needs
Information Technology Infrastructure Library (ITIL)
ISO/IEC 27799
elcomsoft
security governanace
35. Corporate governance at the strategic level
ISO/IEC 27002
ISO/IEC 27004
network mapping
COSO
36. Type of audit that checks that network resources - systems and software are used appropriately
ISO/IEC 27005
usage
IRM
COSO
37. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
Information risk management
Information Technology Infrastructure Library (ITIL)
network mapping
fault tree analysis
38. Type of audit that checks procedures and policies for escalating issues to management
escalation
risk analysis
network mapping
Operationally Critical Threat - Asset - and Vulnerability Evaluation
39. Used to ID failures in a complex systems to understand underlying causes of threats
fault tree analysis
security program
port scanner
L0phtCrack
40. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
ISO/IEC 27005
port scanner
privilege
confidentiality
41. Made up of ten domains - a mechanism to describe security processes
tactical
vulnerability
ISO 17799
security officer
42. Risk mgmt method with much broader focus than IT security
john the ripper
AS/NZS 4360
firewall
ISO/IEC 27004
43. Ensures reliable timely access to data/resources to authorized individuals
ITIL
availability
OCTAVE
usage
44. IT governance at the operational level
CobiT
risk anlysis
risk
ISO/IEC 27001
45. Ensures necessary level of secrecy and prevents unauthorized disclosure
No events - Errors only - Errors and warnings - All events
confidentiality
penetration
OVAL
46. Daily goals focused on productivity and task-oriented activities
vulnerability
performance baseline
Information Security Management
operational
47. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
performance monitor
ITIL
OVAL
COSO
48. FMEA
Failure Modes and Effect Analysis
countermeasure
FMEA
security officer
49. Responsible for communicating to senior mgmt organizational risks and compliance regulations
ISO/IEC 27002
CISO
Control Objectives for Information and related Technology
ISO 17799
50. Collection of controls an organization must have in place
network mapping
security program
escalation
performance monitor