SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
ISO/IEC 27002
data owner
FMEA
corporate security officer
2. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
risk
network mapping
security program
risk anlysis
3. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
privilege
FMEA
IRM
annualized rate of occurrence
4. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
port scanner
security program
mappers
ISO/IEC 27004
5. Guide to illustrate how to protect personal health information
No events - Errors only - Errors and warnings - All events
ISO/IEC 27799
ISO/IEC 27005
performance monitor
6. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
performance monitor
performance baseline
escalation
CobiT
7. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
COSO
CISO
risk
Information Security Management
8. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
risk catagories
delayed
protocol analyzer
countermeasure
9. Provides a cost/benefit comparision
penetration
risk analysis
ISO/IEC 27005
Information Security Management
10. OCTAVE
CobiT
Operationally Critical Threat - Asset - and Vulnerability Evaluation
IRM
FMEA
11. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
FMEA
tactical
threat
ITIL
12. Corporate governance at the strategic level
protocol analyzer
COSO
risk anlysis
port scanner
13. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
network mapping
john the ripper
performance baseline
single loss expectancy
14. CISO
vulnerability scanner
ISO 17799
COSO
chief information security officer
15. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
risk anlysis
SP 800-30
network mapping
protocol analyzer
16. Expected or predetermined performance level - developed from policy - performance - requirements
security program
performance baseline
CobiT
performance monitor
17. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
No events - Errors only - Errors and warnings - All events
risk mitigation
single loss expectancy
due care
18. Tools to ID - develop - and design security requirements for business needs
planning horizon
performance monitor
blueprints
IRM
19. Type of audit that checks information classification and change control procedures
planning horizon
availability
administrative
risk anlysis
20. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
AS/NZS 4360
performance monitor
ISO/IEC 27002
mappers
21. Percentage of an asset's value that would be lost in a single incident - (EF)
blueprints
john the ripper
Information Technology Infrastructure Library (ITIL)
exposure factor
22. The following tools (Nessus - Qualys - Retina) are ______________ scanners
vulnerability
due care
network mapping
firewall
23. Potential danger to information or systems
administrative
FMEA
threat
COSO
24. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
physical
exposure
single loss expectancy
ISO/IEC 27005
25. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
ISO/IEC 27001
exposure factor
protocol analyzer
risk anlysis
26. Type of audit that checks procedures and policies for escalating issues to management
ISO/IEC 27002
escalation
strategic
vulnerability
27. The likelihood of exploitation and the loss potential
penetration
Information risk management
ISO/IEC 27001
risk
28. Ensures reliable timely access to data/resources to authorized individuals
FMEA
availability
ISO 17799
tactical
29. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
CobiT
ISO 17799
Information risk management
elcomsoft
30. Guide assist in the implemenation of information security based on risk managent approach
risk mitigation
ISO/IEC 27005
countermeasure
IRM
31. Used to ID failures in a complex systems to understand underlying causes of threats
Control Objectives for Information and related Technology
fault tree analysis
CobiT
annualized rate of occurrence
32. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
exposure
security officer
firewall
due care
33. Risk mgmt method with much broader focus than IT security
Information risk management
AS/NZS 4360
countermeasure
planning horizon
34. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
Information Security Management
john the ripper
penetration
ISO 17799
35. Type of audit that checks that accounts - groups and roles are correctly assigned
vulnerability scanner
privilege
risk mitigation
availability
36. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
protocol analyzer
OVAL
countermeasure
ISO 17799
37. Daily goals focused on productivity and task-oriented activities
operational
ISO/IEC 27001
CISO
exposure factor
38. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
security program
OCTAVE
risk
FMEA
39. Midterm goals
security program
physical
tactical
exposure
40. IRM
vulnerability
corporate security officer
Information risk management
annualized rate of occurrence
41. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
ISO/IEC 27799
performance monitor
BS7799
security officer
42. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
administrative
qualitative
ISO/IEC 27005
risk catagories
43. Derived from the COSO framework
annualized loss expectancy
CobiT
performance baseline
ISO/IEC 27799
44. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
risk analysis
Failure Modes and Effect Analysis
FRAP
elcomsoft
45. Mitigates a potential risk
countermeasure
operational
vulnerability
technical
46. Information security managment measurements
mappers
COSO
elcomsoft
ISO/IEC 27004
47. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
strategic
ISO 17799
FRAP
ITIL
48. NIST risk management methodology
SP 800-30
L0phtCrack
usage
risk
49. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
planning horizon
risk analysis
ISO/IEC 27005
elcomsoft
50. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
CobiT
vulnerability scanner
risk analysis
vulnerability