Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation






2. Tools to ID - develop - and design security requirements for business needs






3. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis






4. Expected or predetermined performance level - developed from policy - performance - requirements






5. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental






6. Responsible for communicating to senior mgmt organizational risks and compliance regulations






7. An instance of being exposed to losses from a threat






8. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files






9. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks






10. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs






11. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion






12. OCTAVE






13. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost






14. Used to predict changes based on trends - detect deviations - and watch events across multiple system components






15. CISO






16. Ensures managment security directives are fulfilled






17. __________ loss has a negative effect after a vulnerability is initially exploited






18. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error






19. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond






20. Provides a cost/benefit comparision






21. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering






22. An open language from mitre.org for determining vulnerabilities and problems on computer systems






23. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)






24. Collection of controls an organization must have in place






25. SLE x ARO - (ALE)






26. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external






27. Used to ID failures in a complex systems to understand underlying causes of threats






28. Risk mgmt method with much broader focus than IT security






29. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company






30. FMEA






31. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.






32. Percentage of an asset's value that would be lost in a single incident - (EF)






33. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control






34. Ensures reliable timely access to data/resources to authorized individuals






35. COSO






36. Number of time the incident might occur annually - (ARO)






37. Assurance of accurancy and reliability of information and systems






38. De facto standard of best practices for IT service mgmt






39. The tools - personnel and business processes necessary to ensure that security meets needs






40. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate






41. NIST risk management methodology






42. Possiblity of damage and the ramifications should it occur






43. Midterm goals






44. Daily goals focused on productivity and task-oriented activities






45. Made up of ten domains - a mechanism to describe security processes






46. FRAP






47. A weakness (software - hardware - procedural - human) that can be exploited






48. Guide assist in the implemenation of information security based on risk managent approach






49. Type of audit that checks that network resources - systems and software are used appropriately






50. Strategic - tactical and operational planning