Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. A weakness (software - hardware - procedural - human) that can be exploited
CobiT
blueprints
vulnerability
penetration

2. An instance of being exposed to losses from a threat
security program
exposure
CISO
ISO/IEC 27799

3. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
availability
ISO/IEC 27002
risk analysis
risk mitigation

4. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
strategic
ISO 17799
risk analysis
ISO/IEC 27799

5. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
FMEA
chief information security officer
COSO
security governanace

6. The tools - personnel and business processes necessary to ensure that security meets needs
security governanace
ISO/IEC 27005
privilege
ISO/IEC 27799

7. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
L0phtCrack
due care
planning horizon
availability

8. Guide assist in the implemenation of information security based on risk managent approach
risk anlysis
ISO 17799
ITIL
ISO/IEC 27005

9. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
firewall
privilege
port scanner
CobiT

10. The following tools (Nessus - Qualys - Retina) are ______________ scanners
FMEA
ITIL
vulnerability
technical

11. Provides a cost/benefit comparision
risk analysis
network mapping
No events - Errors only - Errors and warnings - All events
ISO 17799

12. Midterm goals
tactical
port scanner
ISO/IEC 27005
confidentiality

13. Ensures necessary level of secrecy and prevents unauthorized disclosure
risk catagories
confidentiality
CISO
port scanner

14. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
administrative
ISO/IEC 27001
firewall
Control Objectives for Information and related Technology

15. Corporate governance at the strategic level
COSO
vulnerability
ISO 17799
blueprints

16. Expected or predetermined performance level - developed from policy - performance - requirements
elcomsoft
confidentiality
performance baseline
BS7799

17. Mitigates a potential risk
qualitative
countermeasure
ISO/IEC 27002
CISO

18. Ensures managment security directives are fulfilled
escalation
L0phtCrack
usage
security officer

19. Number of time the incident might occur annually - (ARO)
security program
protocol analyzer
firewall
annualized rate of occurrence

20. CobiT
network mapping
Control Objectives for Information and related Technology
ISO/IEC 27004
mappers

21. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
security program
qualitative
tactical
confidentiality

22. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
ISO 17799
operational
CISO
risk anlysis

23. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error
integrity
CobiT
risk analysis
risk catagories

24. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
risk mitigation
exposure factor
FMEA
security officer

25. CSO
corporate security officer
strategic
performance monitor
ISO/IEC 27005

26. The likelihood of exploitation and the loss potential
ISO/IEC 27799
Control Objectives for Information and related Technology
ITIL
risk

27. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
escalation
OCTAVE
risk analysis
security governanace

28. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
FMEA
corporate security officer
ISO/IEC 27004
usage

29. FMEA
FMEA
risk mitigation
chief information security officer
Failure Modes and Effect Analysis

30. ISM Standard
chief information security officer
john the ripper
Information Security Management
ISO 17799

31. CISO
risk
chief information security officer
blueprints
CobiT

32. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards
Information Security Management
Operationally Critical Threat - Asset - and Vulnerability Evaluation
IRM
risk analysis

33. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
john the ripper
data owner
Committee of Sponsoring Organizations
penetration

34. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
network mapping
vulnerability
elcomsoft
penetration

35. Ensures reliable timely access to data/resources to authorized individuals
availability
ISO/IEC 27005
vulnerability
privilege

36. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
CobiT
firewall
physical
ISO/IEC 27002

37. __________ loss has a negative effect after a vulnerability is initially exploited
vulnerability scanner
delayed
ISO/IEC 27005
FMEA

38. Type of audit that checks that accounts - groups and roles are correctly assigned
security program
privilege
physical
vulnerability

39. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
vulnerability scanner
risk anlysis
network mapping
fault tree analysis

40. Potential danger to information or systems
Information Security Management
firewall
threat
risk anlysis

41. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
ISO/IEC 27799
risk analysis
COSO
firewall

42. Event levels available for logging in a MS DNS server
No events - Errors only - Errors and warnings - All events
risk
physical
planning horizon

43. Possiblity of damage and the ramifications should it occur
vulnerability scanner
risk
ISO/IEC 27004
john the ripper

44. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
CobiT
due care
firewall
privilege

45. The asset's value multiplied by the EF percentage - (SLE)
technical
single loss expectancy
risk analysis
fault tree analysis

46. Collection of controls an organization must have in place
FRAP
ISO 17799
security program
availability

47. IT governance at the operational level
due care
vulnerability
OVAL
CobiT

48. Guide to illustrate how to protect personal health information
annualized rate of occurrence
OVAL
ISO/IEC 27799
integrity

49. Derived from the COSO framework
CobiT
ISO/IEC 27002
network mapping
technical

50. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
single loss expectancy
elcomsoft
ISO/IEC 27005
COSO