Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Type of audit that checks that network resources - systems and software are used appropriately
single loss expectancy
blueprints
usage
security governanace

2. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
L0phtCrack
exposure
port scanner
CobiT

3. The likelihood of exploitation and the loss potential
due care
risk catagories
exposure
risk

4. Ensures managment security directives are fulfilled
security officer
No events - Errors only - Errors and warnings - All events
performance monitor
integrity

5. Strategic - tactical and operational planning
integrity
exposure
due care
planning horizon

6. Tools to ID - develop - and design security requirements for business needs
privilege
due care
blueprints
vulnerability

7. Derived from the COSO framework
Control Objectives for Information and related Technology
Information Security Management
physical
CobiT

8. Responsible for communicating to senior mgmt organizational risks and compliance regulations
fault tree analysis
CISO
risk analysis
risk

9. Information security managment measurements
due care
ISO/IEC 27004
tactical
CobiT

10. __________ loss has a negative effect after a vulnerability is initially exploited
planning horizon
delayed
ISO/IEC 27001
IRM

11. Type of audit that checks that accounts - groups and roles are correctly assigned
ISO/IEC 27002
security governanace
elcomsoft
privilege

12. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
risk mitigation
ISO 17799
SP 800-30
port scanner

13. CobiT
firewall
corporate security officer
blueprints
Control Objectives for Information and related Technology

14. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
security program
data owner
usage
FMEA

15. Possiblity of damage and the ramifications should it occur
risk catagories
risk
countermeasure
network mapping

16. Mitigates a potential risk
security governanace
vulnerability
countermeasure
network mapping

17. The asset's value multiplied by the EF percentage - (SLE)
single loss expectancy
network mapping
performance monitor
corporate security officer

18. IRM
Information risk management
confidentiality
ISO/IEC 27799
Control Objectives for Information and related Technology

19. SLE x ARO - (ALE)
AS/NZS 4360
risk
single loss expectancy
annualized loss expectancy

20. OCTAVE
blueprints
annualized rate of occurrence
Operationally Critical Threat - Asset - and Vulnerability Evaluation
CobiT

21. Type of audit that checks information classification and change control procedures
administrative
risk
ISO/IEC 27005
CobiT

22. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
due care
Facilitated Risk Analysis Process
COSO
annualized rate of occurrence

23. Daily goals focused on productivity and task-oriented activities
Committee of Sponsoring Organizations
operational
tactical
Control Objectives for Information and related Technology

24. The tools - personnel and business processes necessary to ensure that security meets needs
single loss expectancy
planning horizon
COSO
security governanace

25. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
ISO 17799
countermeasure
security officer
CISO

26. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
delayed
strategic
ISO/IEC 27799
annualized loss expectancy

27. CSO
corporate security officer
SP 800-30
elcomsoft
privilege

28. Used to ID failures in a complex systems to understand underlying causes of threats
CobiT
risk catagories
fault tree analysis
ISO/IEC 27005

29. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
usage
security program
firewall
countermeasure

30. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
risk
risk catagories
risk
qualitative

31. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
COSO
ISO/IEC 27005
administrative
performance baseline

32. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
john the ripper
risk catagories
COSO
ISO/IEC 27002

33. Guide assist in the implemenation of information security based on risk managent approach
mappers
performance baseline
BS7799
ISO/IEC 27005

34. COSO
annualized loss expectancy
Committee of Sponsoring Organizations
AS/NZS 4360
corporate security officer

35. CISO
CobiT
chief information security officer
Operationally Critical Threat - Asset - and Vulnerability Evaluation
vulnerability

36. The following tools (Nessus - Qualys - Retina) are ______________ scanners
vulnerability
COSO
FMEA
ISO/IEC 27002

37. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
tactical
qualitative
SP 800-30
threat

38. Controls that implement access control - password mangement - identification and authentication methods - configuration
usage
technical
risk anlysis
risk catagories

39. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
risk mitigation
firewall
OCTAVE
ISO 17799

40. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
integrity
risk
security program
performance monitor

41. Potential danger to information or systems
risk mitigation
Failure Modes and Effect Analysis
threat
john the ripper

42. Ensures reliable timely access to data/resources to authorized individuals
qualitative
exposure
privilege
availability

43. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
protocol analyzer
FMEA
CobiT
IRM

44. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
exposure factor
vulnerability scanner
performance monitor
blueprints

45. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
ISO/IEC 27005
administrative
vulnerability scanner
technical

46. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
OVAL
john the ripper
CISO
exposure

47. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
network mapping
physical
port scanner
corporate security officer

48. Number of time the incident might occur annually - (ARO)
tactical
annualized rate of occurrence
FMEA
exposure factor

49. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
AS/NZS 4360
availability
L0phtCrack
privilege

50. Responsible for information classification and protection
chief information security officer
corporate security officer
data owner
IRM