SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
risk analysis
mappers
AS/NZS 4360
performance baseline
2. Mitigates a potential risk
technical
tactical
countermeasure
network mapping
3. The following tools (Nessus - Qualys - Retina) are ______________ scanners
vulnerability
CobiT
security program
risk anlysis
4. De facto standard of best practices for IT service mgmt
exposure factor
vulnerability scanner
ISO/IEC 27001
Information Technology Infrastructure Library (ITIL)
5. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
privilege
FMEA
ISO/IEC 27001
operational
6. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
john the ripper
risk mitigation
risk catagories
escalation
7. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
network mapping
risk analysis
penetration
annualized rate of occurrence
8. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
penetration
CobiT
ISO/IEC 27001
port scanner
9. Ensures necessary level of secrecy and prevents unauthorized disclosure
risk analysis
penetration
port scanner
confidentiality
10. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
qualitative
ISO 17799
elcomsoft
network mapping
11. Made up of ten domains - a mechanism to describe security processes
network mapping
IRM
ISO 17799
performance baseline
12. An open language from mitre.org for determining vulnerabilities and problems on computer systems
privilege
firewall
OVAL
ISO 17799
13. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
usage
CobiT
FRAP
vulnerability
14. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
vulnerability scanner
network mapping
exposure factor
risk anlysis
15. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
Information Security Management
administrative
due care
ISO 17799
16. The tools - personnel and business processes necessary to ensure that security meets needs
security governanace
BS7799
administrative
john the ripper
17. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
Failure Modes and Effect Analysis
OVAL
performance monitor
Operationally Critical Threat - Asset - and Vulnerability Evaluation
18. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
CobiT
john the ripper
performance baseline
port scanner
19. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
Failure Modes and Effect Analysis
planning horizon
ITIL
COSO
20. Provides a cost/benefit comparision
john the ripper
availability
port scanner
risk analysis
21. OCTAVE
Operationally Critical Threat - Asset - and Vulnerability Evaluation
CISO
CobiT
Information Technology Infrastructure Library (ITIL)
22. IRM
blueprints
ISO/IEC 27799
Information risk management
vulnerability
23. FMEA
technical
CISO
Failure Modes and Effect Analysis
performance monitor
24. Type of audit that checks information classification and change control procedures
ISO/IEC 27004
administrative
port scanner
Operationally Critical Threat - Asset - and Vulnerability Evaluation
25. IT governance at the operational level
data owner
annualized rate of occurrence
protocol analyzer
CobiT
26. SLE x ARO - (ALE)
exposure factor
security governanace
annualized rate of occurrence
annualized loss expectancy
27. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
risk
risk
COSO
ISO/IEC 27002
28. The likelihood of exploitation and the loss potential
risk
Information risk management
tactical
vulnerability
29. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
data owner
ISO/IEC 27004
CobiT
L0phtCrack
30. Responsible for communicating to senior mgmt organizational risks and compliance regulations
CISO
COSO
escalation
IRM
31. The asset's value multiplied by the EF percentage - (SLE)
FMEA
operational
single loss expectancy
ISO 17799
32. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
FRAP
network mapping
escalation
Information risk management
33. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
operational
FMEA
ISO/IEC 27004
countermeasure
34. Ensures reliable timely access to data/resources to authorized individuals
integrity
availability
data owner
performance monitor
35. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
threat
mappers
security program
risk mitigation
36. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
ITIL
FMEA
physical
CISO
37. Type of audit that checks procedures and policies for escalating issues to management
security program
confidentiality
escalation
risk
38. ISM Standard
CISO
Information Security Management
integrity
Committee of Sponsoring Organizations
39. A weakness (software - hardware - procedural - human) that can be exploited
vulnerability
port scanner
performance baseline
Facilitated Risk Analysis Process
40. Derived from the COSO framework
chief information security officer
Information risk management
delayed
CobiT
41. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
availability
AS/NZS 4360
COSO
OCTAVE
42. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
AS/NZS 4360
CISO
ISO/IEC 27001
risk mitigation
43. Number of time the incident might occur annually - (ARO)
L0phtCrack
annualized rate of occurrence
mappers
escalation
44. NIST risk management methodology
due care
SP 800-30
CobiT
vulnerability scanner
45. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
vulnerability scanner
vulnerability
COSO
fault tree analysis
46. Used to ID failures in a complex systems to understand underlying causes of threats
firewall
usage
escalation
fault tree analysis
47. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
data owner
OCTAVE
ISO/IEC 27001
mappers
48. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
countermeasure
OCTAVE
L0phtCrack
ITIL
49. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond
availability
COSO
Information Technology Infrastructure Library (ITIL)
planning horizon
50. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
BS7799
CobiT
risk analysis
planning horizon