SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Controls that implement access control - password mangement - identification and authentication methods - configuration
Committee of Sponsoring Organizations
exposure factor
risk
technical
2. Type of audit that checks procedures and policies for escalating issues to management
tactical
fault tree analysis
escalation
ISO/IEC 27004
3. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
Failure Modes and Effect Analysis
firewall
risk anlysis
ISO/IEC 27799
4. Used to predict changes based on trends - detect deviations - and watch events across multiple system components
blueprints
escalation
performance monitor
L0phtCrack
5. Event levels available for logging in a MS DNS server
Information Technology Infrastructure Library (ITIL)
blueprints
exposure
No events - Errors only - Errors and warnings - All events
6. ISM Standard
protocol analyzer
risk catagories
Information Security Management
firewall
7. Guide to illustrate how to protect personal health information
ISO/IEC 27799
security program
port scanner
corporate security officer
8. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
port scanner
ISO/IEC 27001
risk analysis
physical
9. Number of time the incident might occur annually - (ARO)
due care
BS7799
annualized rate of occurrence
Committee of Sponsoring Organizations
10. IT governance at the operational level
vulnerability scanner
CobiT
port scanner
Failure Modes and Effect Analysis
11. The following tools (Nessus - Qualys - Retina) are ______________ scanners
tactical
vulnerability
countermeasure
operational
12. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
OCTAVE
security program
threat
usage
13. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
elcomsoft
risk mitigation
due care
ISO/IEC 27004
14. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
vulnerability scanner
FMEA
ISO/IEC 27799
vulnerability
15. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
risk anlysis
ISO 17799
operational
ISO/IEC 27004
16. Type of audit that checks that network resources - systems and software are used appropriately
vulnerability
technical
usage
administrative
17. FRAP
annualized loss expectancy
Facilitated Risk Analysis Process
network mapping
ISO/IEC 27001
18. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
mappers
FRAP
CobiT
CobiT
19. Made up of ten domains - a mechanism to describe security processes
chief information security officer
ISO 17799
risk catagories
vulnerability
20. IRM
COSO
Information risk management
COSO
L0phtCrack
21. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
AS/NZS 4360
CobiT
port scanner
ITIL
22. Ensures managment security directives are fulfilled
blueprints
security officer
Control Objectives for Information and related Technology
qualitative
23. The tools - personnel and business processes necessary to ensure that security meets needs
security governanace
physical
single loss expectancy
Information Technology Infrastructure Library (ITIL)
24. FMEA
Failure Modes and Effect Analysis
BS7799
Committee of Sponsoring Organizations
performance monitor
25. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
Committee of Sponsoring Organizations
CobiT
ISO/IEC 27005
risk
26. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
exposure factor
network mapping
operational
security program
27. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
escalation
physical
john the ripper
due care
28. A log that can record outgoing requests - incoming traffic - and internet usage
CobiT
firewall
penetration
vulnerability
29. A weakness (software - hardware - procedural - human) that can be exploited
Information risk management
vulnerability
IRM
FRAP
30. SLE x ARO - (ALE)
annualized loss expectancy
network mapping
exposure
COSO
31. Mitigates a potential risk
CobiT
annualized rate of occurrence
countermeasure
chief information security officer
32. The asset's value multiplied by the EF percentage - (SLE)
threat
protocol analyzer
chief information security officer
single loss expectancy
33. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
ISO/IEC 27002
security program
CobiT
port scanner
34. COSO
Committee of Sponsoring Organizations
COSO
OVAL
No events - Errors only - Errors and warnings - All events
35. Ensures necessary level of secrecy and prevents unauthorized disclosure
protocol analyzer
technical
network mapping
confidentiality
36. The likelihood of exploitation and the loss potential
risk
CobiT
BS7799
Facilitated Risk Analysis Process
37. Guide assist in the implemenation of information security based on risk managent approach
ISO/IEC 27005
single loss expectancy
blueprints
tactical
38. Corporate governance at the strategic level
OVAL
FMEA
SP 800-30
COSO
39. De facto standard of best practices for IT service mgmt
data owner
security officer
Information Technology Infrastructure Library (ITIL)
ISO/IEC 27001
40. CISO
chief information security officer
elcomsoft
Failure Modes and Effect Analysis
OCTAVE
41. Potential danger to information or systems
threat
strategic
security program
vulnerability scanner
42. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
administrative
network mapping
ISO/IEC 27002
tactical
43. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
OVAL
penetration
chief information security officer
Facilitated Risk Analysis Process
44. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
due care
ISO 17799
administrative
Information Technology Infrastructure Library (ITIL)
45. Derived from the COSO framework
IRM
CobiT
firewall
Operationally Critical Threat - Asset - and Vulnerability Evaluation
46. Responsible for information classification and protection
security program
Information risk management
data owner
ISO 17799
47. Type of audit that checks information classification and change control procedures
CobiT
security officer
vulnerability scanner
administrative
48. CSO
ITIL
corporate security officer
risk
firewall
49. Possiblity of damage and the ramifications should it occur
L0phtCrack
risk
strategic
ISO/IEC 27005
50. An open language from mitre.org for determining vulnerabilities and problems on computer systems
OVAL
vulnerability
countermeasure
planning horizon