SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
risk
privilege
physical
administrative
2. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
network mapping
security program
Facilitated Risk Analysis Process
ITIL
3. Event levels available for logging in a MS DNS server
vulnerability scanner
No events - Errors only - Errors and warnings - All events
CobiT
security program
4. Responsible for communicating to senior mgmt organizational risks and compliance regulations
CISO
strategic
confidentiality
ISO/IEC 27001
5. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
penetration
integrity
risk
qualitative
6. Ensures reliable timely access to data/resources to authorized individuals
protocol analyzer
corporate security officer
availability
countermeasure
7. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
OCTAVE
CobiT
ISO/IEC 27002
security program
8. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)
No events - Errors only - Errors and warnings - All events
protocol analyzer
Facilitated Risk Analysis Process
administrative
9. IRM
vulnerability scanner
Information risk management
operational
qualitative
10. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
usage
IRM
CobiT
vulnerability
11. Used to ID failures in a complex systems to understand underlying causes of threats
fault tree analysis
physical
ISO/IEC 27002
CobiT
12. Focus on service level agreements between IT dept and internal customers
chief information security officer
CobiT
Information Technology Infrastructure Library (ITIL)
ITIL
13. CSO
IRM
security governanace
corporate security officer
Control Objectives for Information and related Technology
14. Mitigates a potential risk
CISO
threat
countermeasure
annualized loss expectancy
15. CobiT
fault tree analysis
Control Objectives for Information and related Technology
COSO
ISO/IEC 27002
16. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond
FMEA
No events - Errors only - Errors and warnings - All events
network mapping
COSO
17. Expected or predetermined performance level - developed from policy - performance - requirements
data owner
performance baseline
security governanace
threat
18. Made up of ten domains - a mechanism to describe security processes
corporate security officer
planning horizon
ISO 17799
chief information security officer
19. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
strategic
single loss expectancy
delayed
CISO
20. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
availability
CobiT
ISO/IEC 27004
security program
21. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
FRAP
ISO 17799
qualitative
CISO
22. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
SP 800-30
security program
usage
L0phtCrack
23. An instance of being exposed to losses from a threat
risk
exposure
ISO/IEC 27004
Operationally Critical Threat - Asset - and Vulnerability Evaluation
24. Number of time the incident might occur annually - (ARO)
Information Technology Infrastructure Library (ITIL)
annualized rate of occurrence
tactical
integrity
25. Guide assist in the implemenation of information security based on risk managent approach
ISO/IEC 27005
physical
strategic
FMEA
26. OCTAVE
vulnerability
FMEA
Operationally Critical Threat - Asset - and Vulnerability Evaluation
CobiT
27. Derived from the COSO framework
CobiT
Information Technology Infrastructure Library (ITIL)
vulnerability
Facilitated Risk Analysis Process
28. COSO
ISO/IEC 27001
Committee of Sponsoring Organizations
performance baseline
ISO/IEC 27005
29. De facto standard of best practices for IT service mgmt
firewall
administrative
ISO 17799
Information Technology Infrastructure Library (ITIL)
30. The likelihood of exploitation and the loss potential
mappers
risk
annualized rate of occurrence
Facilitated Risk Analysis Process
31. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
CISO
vulnerability scanner
Information Security Management
FMEA
32. Possiblity of damage and the ramifications should it occur
risk
L0phtCrack
OVAL
Failure Modes and Effect Analysis
33. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
L0phtCrack
port scanner
Information Security Management
risk analysis
34. Midterm goals
Information Security Management
tactical
FRAP
delayed
35. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
BS7799
ISO 17799
ISO/IEC 27004
performance baseline
36. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
CobiT
john the ripper
CISO
availability
37. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
risk anlysis
ISO/IEC 27004
Information Security Management
Failure Modes and Effect Analysis
38. CISO
elcomsoft
chief information security officer
CISO
OCTAVE
39. A weakness (software - hardware - procedural - human) that can be exploited
vulnerability
risk
operational
qualitative
40. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
elcomsoft
risk catagories
CobiT
security program
41. IT governance at the operational level
Information Security Management
OCTAVE
CobiT
corporate security officer
42. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
CobiT
annualized rate of occurrence
exposure
FRAP
43. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
security program
integrity
Failure Modes and Effect Analysis
CobiT
44. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
annualized loss expectancy
john the ripper
ISO/IEC 27001
tactical
45. An open language from mitre.org for determining vulnerabilities and problems on computer systems
L0phtCrack
OVAL
COSO
annualized rate of occurrence
46. ISM Standard
risk
Information Security Management
single loss expectancy
risk anlysis
47. Ensures managment security directives are fulfilled
security officer
vulnerability
strategic
security program
48. Percentage of an asset's value that would be lost in a single incident - (EF)
risk mitigation
tactical
elcomsoft
exposure factor
49. Potential danger to information or systems
tactical
CobiT
threat
corporate security officer
50. SLE x ARO - (ALE)
data owner
CobiT
annualized loss expectancy
administrative