SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
performance baseline
risk
COSO
vulnerability scanner
2. Used to ID failures in a complex systems to understand underlying causes of threats
vulnerability
john the ripper
fault tree analysis
ISO 17799
3. Collection of controls an organization must have in place
chief information security officer
security program
CobiT
ISO/IEC 27001
4. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
delayed
risk analysis
CobiT
ISO 17799
5. Made up of ten domains - a mechanism to describe security processes
firewall
ISO 17799
CobiT
risk mitigation
6. Corporate governance at the strategic level
penetration
COSO
performance monitor
Committee of Sponsoring Organizations
7. Ensures necessary level of secrecy and prevents unauthorized disclosure
CobiT
confidentiality
strategic
countermeasure
8. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
ISO/IEC 27002
CobiT
OCTAVE
fault tree analysis
9. Event levels available for logging in a MS DNS server
due care
ITIL
No events - Errors only - Errors and warnings - All events
network mapping
10. FMEA
Failure Modes and Effect Analysis
qualitative
risk anlysis
COSO
11. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
qualitative
COSO
administrative
john the ripper
12. The following tools (Nessus - Qualys - Retina) are ______________ scanners
availability
Failure Modes and Effect Analysis
vulnerability
FRAP
13. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
strategic
ISO/IEC 27005
ISO/IEC 27799
network mapping
14. Type of audit that checks that network resources - systems and software are used appropriately
operational
port scanner
usage
network mapping
15. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
risk
risk catagories
FRAP
Failure Modes and Effect Analysis
16. Guide to illustrate how to protect personal health information
annualized rate of occurrence
integrity
ISO/IEC 27799
chief information security officer
17. Controls that implement access control - password mangement - identification and authentication methods - configuration
technical
port scanner
data owner
FMEA
18. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
delayed
vulnerability
planning horizon
IRM
19. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
Operationally Critical Threat - Asset - and Vulnerability Evaluation
penetration
SP 800-30
fault tree analysis
20. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
john the ripper
risk mitigation
network mapping
performance baseline
21. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
Information Security Management
security program
ISO/IEC 27001
CISO
22. Guide assist in the implemenation of information security based on risk managent approach
confidentiality
ISO/IEC 27005
exposure factor
technical
23. Mitigates a potential risk
security governanace
countermeasure
qualitative
security program
24. Derived from the COSO framework
CobiT
Committee of Sponsoring Organizations
risk
risk
25. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
risk analysis
qualitative
due care
port scanner
26. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
COSO
CobiT
protocol analyzer
physical
27. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
vulnerability
administrative
FMEA
BS7799
28. Information security managment measurements
L0phtCrack
risk
corporate security officer
ISO/IEC 27004
29. Type of audit that checks that accounts - groups and roles are correctly assigned
blueprints
FMEA
protocol analyzer
privilege
30. Provides a cost/benefit comparision
ISO/IEC 27004
risk analysis
blueprints
ISO/IEC 27005
31. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
CobiT
network mapping
administrative
ISO/IEC 27005
32. FRAP
Facilitated Risk Analysis Process
risk analysis
risk catagories
vulnerability
33. CSO
risk
corporate security officer
blueprints
ISO/IEC 27004
34. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
vulnerability
risk
ISO/IEC 27004
protocol analyzer
35. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
penetration
vulnerability scanner
mappers
administrative
36. ISM Standard
CobiT
planning horizon
port scanner
Information Security Management
37. OCTAVE
physical
penetration
AS/NZS 4360
Operationally Critical Threat - Asset - and Vulnerability Evaluation
38. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
FMEA
IRM
ISO 17799
vulnerability
39. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
qualitative
planning horizon
SP 800-30
strategic
40. Number of time the incident might occur annually - (ARO)
administrative
annualized rate of occurrence
Information Security Management
elcomsoft
41. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
confidentiality
vulnerability
physical
ISO 17799
42. Tools to ID - develop - and design security requirements for business needs
physical
blueprints
FRAP
ISO/IEC 27005
43. Potential danger to information or systems
risk analysis
threat
ISO 17799
SP 800-30
44. CobiT
qualitative
Control Objectives for Information and related Technology
COSO
administrative
45. Type of audit that checks information classification and change control procedures
performance monitor
administrative
fault tree analysis
CISO
46. A log that can record outgoing requests - incoming traffic - and internet usage
ITIL
firewall
COSO
administrative
47. A weakness (software - hardware - procedural - human) that can be exploited
FMEA
ISO 17799
risk anlysis
vulnerability
48. The asset's value multiplied by the EF percentage - (SLE)
single loss expectancy
exposure factor
blueprints
penetration
49. Type of audit that checks procedures and policies for escalating issues to management
escalation
vulnerability
fault tree analysis
Information Security Management
50. De facto standard of best practices for IT service mgmt
ISO/IEC 27001
Information Technology Infrastructure Library (ITIL)
confidentiality
port scanner