SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Potential danger to information or systems
john the ripper
vulnerability scanner
threat
ISO/IEC 27799
2. Type of audit that checks that accounts - groups and roles are correctly assigned
ITIL
privilege
security program
ISO/IEC 27002
3. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
Information Technology Infrastructure Library (ITIL)
security program
CISO
fault tree analysis
4. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
firewall
security program
risk
vulnerability scanner
5. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
CobiT
annualized loss expectancy
risk catagories
risk analysis
6. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
blueprints
CobiT
L0phtCrack
john the ripper
7. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
network mapping
operational
risk mitigation
COSO
8. Event levels available for logging in a MS DNS server
No events - Errors only - Errors and warnings - All events
administrative
firewall
ISO/IEC 27005
9. OCTAVE
usage
firewall
single loss expectancy
Operationally Critical Threat - Asset - and Vulnerability Evaluation
10. Controls that implement access control - password mangement - identification and authentication methods - configuration
OCTAVE
Control Objectives for Information and related Technology
technical
performance monitor
11. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
elcomsoft
risk anlysis
Information risk management
vulnerability
12. Possiblity of damage and the ramifications should it occur
single loss expectancy
SP 800-30
risk
vulnerability
13. __________ loss has a negative effect after a vulnerability is initially exploited
exposure
CobiT
delayed
L0phtCrack
14. Guide to illustrate how to protect personal health information
ISO/IEC 27799
security program
tactical
Facilitated Risk Analysis Process
15. ____________ can discover network devices / application - check password strength - measure internal / external access - analyze vulnerabilities in NOS - test response to DOS attacks
security program
delayed
network mapping
annualized rate of occurrence
16. COSO
administrative
operational
Committee of Sponsoring Organizations
risk mitigation
17. IT governance at the operational level
CobiT
annualized rate of occurrence
integrity
protocol analyzer
18. The following tools (Nessus - Qualys - Retina) are ______________ scanners
port scanner
vulnerability scanner
vulnerability
risk anlysis
19. Guide assist in the implemenation of information security based on risk managent approach
ISO/IEC 27005
security governanace
CobiT
CobiT
20. CobiT
countermeasure
Control Objectives for Information and related Technology
IRM
threat
21. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
security officer
ISO 17799
Information risk management
availability
22. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond
privilege
COSO
penetration
Information Technology Infrastructure Library (ITIL)
23. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
ISO 17799
Information Technology Infrastructure Library (ITIL)
FMEA
integrity
24. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
CISO
performance monitor
ISO/IEC 27001
tactical
25. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
exposure
Information Technology Infrastructure Library (ITIL)
due care
protocol analyzer
26. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
Information Technology Infrastructure Library (ITIL)
SP 800-30
risk catagories
elcomsoft
27. An open language from mitre.org for determining vulnerabilities and problems on computer systems
ISO/IEC 27004
network mapping
planning horizon
OVAL
28. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
exposure factor
BS7799
qualitative
CISO
29. CSO
escalation
countermeasure
IRM
corporate security officer
30. Percentage of an asset's value that would be lost in a single incident - (EF)
exposure factor
vulnerability
Information Security Management
tactical
31. Focus on service level agreements between IT dept and internal customers
CobiT
ITIL
risk catagories
penetration
32. Type of audit that checks information classification and change control procedures
annualized loss expectancy
protocol analyzer
administrative
data owner
33. Strategic - tactical and operational planning
planning horizon
Information Technology Infrastructure Library (ITIL)
penetration
network mapping
34. SLE x ARO - (ALE)
security program
annualized loss expectancy
Facilitated Risk Analysis Process
exposure
35. Midterm goals
firewall
tactical
chief information security officer
security governanace
36. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
ISO/IEC 27799
administrative
Operationally Critical Threat - Asset - and Vulnerability Evaluation
Information Technology Infrastructure Library (ITIL)
37. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
delayed
risk catagories
risk analysis
strategic
38. The likelihood of exploitation and the loss potential
risk
CobiT
corporate security officer
fault tree analysis
39. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
OCTAVE
port scanner
corporate security officer
Committee of Sponsoring Organizations
40. IRM
Information risk management
usage
FMEA
administrative
41. NIST risk management methodology
mappers
SP 800-30
COSO
integrity
42. A log that can record outgoing requests - incoming traffic - and internet usage
countermeasure
risk mitigation
firewall
L0phtCrack
43. Ensures reliable timely access to data/resources to authorized individuals
vulnerability
performance baseline
availability
single loss expectancy
44. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
COSO
vulnerability
CobiT
strategic
45. Number of time the incident might occur annually - (ARO)
CobiT
FMEA
annualized rate of occurrence
administrative
46. Type of audit that checks procedures and policies for escalating issues to management
risk mitigation
usage
escalation
ISO 17799
47. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
penetration
network mapping
exposure
planning horizon
48. Responsible for information classification and protection
data owner
confidentiality
elcomsoft
security officer
49. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
SP 800-30
BS7799
performance baseline
Information Security Management
50. Mitigates a potential risk
SP 800-30
countermeasure
CobiT
port scanner