SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. CSO
vulnerability scanner
chief information security officer
corporate security officer
FRAP
2. An instance of being exposed to losses from a threat
Information risk management
penetration
operational
exposure
3. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
risk mitigation
performance monitor
countermeasure
COSO
4. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
Facilitated Risk Analysis Process
protocol analyzer
john the ripper
performance baseline
5. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
risk
ISO/IEC 27004
FMEA
risk catagories
6. Possiblity of damage and the ramifications should it occur
risk
risk analysis
vulnerability
penetration
7. ISM Standard
security program
FRAP
blueprints
Information Security Management
8. FRAP
security program
Facilitated Risk Analysis Process
blueprints
security program
9. The asset's value multiplied by the EF percentage - (SLE)
penetration
countermeasure
Information Security Management
single loss expectancy
10. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
exposure factor
network mapping
SP 800-30
protocol analyzer
11. Potential danger to information or systems
Failure Modes and Effect Analysis
administrative
threat
COSO
12. Expected or predetermined performance level - developed from policy - performance - requirements
CISO
confidentiality
performance baseline
integrity
13. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
ISO 17799
FMEA
blueprints
exposure
14. The tools - personnel and business processes necessary to ensure that security meets needs
delayed
OVAL
Information Security Management
security governanace
15. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
ITIL
Committee of Sponsoring Organizations
annualized loss expectancy
risk anlysis
16. Ensures reliable timely access to data/resources to authorized individuals
operational
availability
ISO/IEC 27001
usage
17. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
ISO 17799
CISO
risk analysis
ISO 17799
18. Type of audit that checks that network resources - systems and software are used appropriately
due care
vulnerability
chief information security officer
usage
19. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
ISO/IEC 27002
ISO/IEC 27005
Information Technology Infrastructure Library (ITIL)
FMEA
20. Type of audit that checks that accounts - groups and roles are correctly assigned
strategic
AS/NZS 4360
privilege
Control Objectives for Information and related Technology
21. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
annualized rate of occurrence
administrative
OCTAVE
network mapping
22. CISO
fault tree analysis
chief information security officer
confidentiality
Operationally Critical Threat - Asset - and Vulnerability Evaluation
23. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
single loss expectancy
delayed
qualitative
network mapping
24. Number of time the incident might occur annually - (ARO)
OCTAVE
annualized rate of occurrence
COSO
ISO 17799
25. NIST risk management methodology
SP 800-30
CobiT
ISO/IEC 27001
vulnerability scanner
26. Type of audit that checks procedures and policies for escalating issues to management
Committee of Sponsoring Organizations
escalation
physical
FMEA
27. A log that can record outgoing requests - incoming traffic - and internet usage
integrity
CobiT
firewall
risk mitigation
28. Focus on service level agreements between IT dept and internal customers
AS/NZS 4360
Facilitated Risk Analysis Process
ITIL
Failure Modes and Effect Analysis
29. IRM
COSO
Information risk management
risk analysis
physical
30. Corporate governance at the strategic level
administrative
risk analysis
exposure
COSO
31. FMEA
technical
Failure Modes and Effect Analysis
risk analysis
FMEA
32. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
CISO
firewall
strategic
administrative
33. Event levels available for logging in a MS DNS server
Information Security Management
No events - Errors only - Errors and warnings - All events
john the ripper
Failure Modes and Effect Analysis
34. Used to ID failures in a complex systems to understand underlying causes of threats
risk analysis
blueprints
port scanner
fault tree analysis
35. __________ loss has a negative effect after a vulnerability is initially exploited
Control Objectives for Information and related Technology
ISO/IEC 27002
CISO
delayed
36. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
network mapping
vulnerability scanner
operational
due care
37. A weakness (software - hardware - procedural - human) that can be exploited
risk mitigation
availability
vulnerability scanner
vulnerability
38. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
security program
physical
operational
due care
39. COSO
Committee of Sponsoring Organizations
security governanace
ISO/IEC 27799
CobiT
40. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
threat
ISO/IEC 27799
due care
performance monitor
41. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
CobiT
CobiT
BS7799
vulnerability
42. The likelihood of exploitation and the loss potential
risk
fault tree analysis
No events - Errors only - Errors and warnings - All events
john the ripper
43. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
AS/NZS 4360
Failure Modes and Effect Analysis
ISO/IEC 27005
risk catagories
44. An open language from mitre.org for determining vulnerabilities and problems on computer systems
penetration
elcomsoft
OVAL
risk catagories
45. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
OVAL
protocol analyzer
mappers
firewall
46. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
annualized loss expectancy
due care
administrative
elcomsoft
47. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
L0phtCrack
CobiT
ISO/IEC 27001
elcomsoft
48. Daily goals focused on productivity and task-oriented activities
data owner
FRAP
FMEA
operational
49. Ensures managment security directives are fulfilled
ISO/IEC 27002
availability
security officer
due care
50. Derived from the COSO framework
port scanner
ISO 17799
performance baseline
CobiT
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests