SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
annualized loss expectancy
integrity
security program
BS7799
2. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
network mapping
ISO 17799
risk analysis
blueprints
3. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
CISO
OVAL
qualitative
exposure
4. Type of audit that checks that accounts - groups and roles are correctly assigned
privilege
delayed
fault tree analysis
Failure Modes and Effect Analysis
5. COSO
data owner
ISO/IEC 27005
Committee of Sponsoring Organizations
CISO
6. SLE x ARO - (ALE)
annualized loss expectancy
L0phtCrack
No events - Errors only - Errors and warnings - All events
Information risk management
7. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
penetration
due care
protocol analyzer
COSO
8. Ensures managment security directives are fulfilled
Facilitated Risk Analysis Process
administrative
security officer
Operationally Critical Threat - Asset - and Vulnerability Evaluation
9. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
protocol analyzer
OCTAVE
integrity
john the ripper
10. Daily goals focused on productivity and task-oriented activities
Control Objectives for Information and related Technology
exposure
usage
operational
11. Ensures reliable timely access to data/resources to authorized individuals
availability
vulnerability
network mapping
vulnerability scanner
12. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
ISO/IEC 27002
mappers
exposure
security program
13. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
IRM
risk analysis
risk analysis
administrative
14. Type of audit that checks information classification and change control procedures
administrative
risk analysis
risk mitigation
john the ripper
15. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
ISO/IEC 27001
risk
COSO
fault tree analysis
16. FRAP
COSO
CobiT
mappers
Facilitated Risk Analysis Process
17. Information security managment measurements
Information risk management
risk analysis
BS7799
ISO/IEC 27004
18. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
Information risk management
risk anlysis
security program
SP 800-30
19. IT governance at the operational level
AS/NZS 4360
CobiT
single loss expectancy
vulnerability
20. Guide to illustrate how to protect personal health information
ISO/IEC 27799
Failure Modes and Effect Analysis
vulnerability
single loss expectancy
21. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
SP 800-30
countermeasure
CobiT
L0phtCrack
22. ISM Standard
ISO 17799
risk analysis
Information Security Management
usage
23. Provides a cost/benefit comparision
protocol analyzer
blueprints
tactical
risk analysis
24. The following tools (Nessus - Qualys - Retina) are ______________ scanners
BS7799
FMEA
vulnerability
OVAL
25. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
CobiT
performance monitor
qualitative
network mapping
26. CISO
L0phtCrack
chief information security officer
planning horizon
network mapping
27. IRM
due care
Facilitated Risk Analysis Process
IRM
Information risk management
28. Focus on service level agreements between IT dept and internal customers
single loss expectancy
qualitative
Operationally Critical Threat - Asset - and Vulnerability Evaluation
ITIL
29. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
CISO
FRAP
security program
Facilitated Risk Analysis Process
30. The likelihood of exploitation and the loss potential
firewall
risk
Information Security Management
vulnerability
31. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
strategic
integrity
ISO 17799
ISO/IEC 27002
32. __________ loss has a negative effect after a vulnerability is initially exploited
elcomsoft
integrity
FRAP
delayed
33. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
CISO
ISO/IEC 27005
annualized rate of occurrence
FMEA
34. De facto standard of best practices for IT service mgmt
COSO
Information Technology Infrastructure Library (ITIL)
privilege
elcomsoft
35. CSO
risk catagories
risk mitigation
vulnerability
corporate security officer
36. Controls that implement access control - password mangement - identification and authentication methods - configuration
security officer
BS7799
technical
ISO/IEC 27001
37. Midterm goals
penetration
tactical
SP 800-30
performance baseline
38. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
penetration
administrative
FMEA
vulnerability
39. Responsible for communicating to senior mgmt organizational risks and compliance regulations
protocol analyzer
CISO
strategic
usage
40. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
CobiT
countermeasure
exposure
vulnerability scanner
41. The asset's value multiplied by the EF percentage - (SLE)
single loss expectancy
countermeasure
L0phtCrack
risk
42. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
technical
ISO 17799
vulnerability
fault tree analysis
43. Responsible for information classification and protection
qualitative
annualized loss expectancy
data owner
privilege
44. Mitigates a potential risk
corporate security officer
risk analysis
countermeasure
performance baseline
45. Strategic - tactical and operational planning
planning horizon
CISO
operational
chief information security officer
46. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
performance monitor
risk catagories
technical
integrity
47. Number of time the incident might occur annually - (ARO)
annualized rate of occurrence
integrity
FMEA
data owner
48. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
performance monitor
SP 800-30
network mapping
risk analysis
49. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
annualized loss expectancy
vulnerability
ISO 17799
L0phtCrack
50. Derived from the COSO framework
tactical
port scanner
physical
CobiT