Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Type of audit that checks procedures and policies for escalating issues to management






2. Mitigates a potential risk






3. Controls that implement access control - password mangement - identification and authentication methods - configuration






4. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate






5. Assurance of accurancy and reliability of information and systems






6. Made up of ten domains - a mechanism to describe security processes






7. An open language from mitre.org for determining vulnerabilities and problems on computer systems






8. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental






9. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics






10. Number of time the incident might occur annually - (ARO)






11. CobiT






12. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)






13. Type of audit that checks that network resources - systems and software are used appropriately






14. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)






15. A tool that monitors network traffic - shows data and protocols in use - also known as a packet sniffer (i.e wireshark - TCPDump - Microsoft Network Monitor - Carnivore)






16. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard






17. Used to predict changes based on trends - detect deviations - and watch events across multiple system components






18. The tools - personnel and business processes necessary to ensure that security meets needs






19. The likelihood of exploitation and the loss potential






20. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers






21. Focus on service level agreements between IT dept and internal customers






22. SLE x ARO - (ALE)






23. Type of audit that checks that accounts - groups and roles are correctly assigned






24. Information security managment measurements






25. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks






26. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach






27. Responsible for information classification and protection






28. Ensures reliable timely access to data/resources to authorized individuals






29. Percentage of an asset's value that would be lost in a single incident - (EF)






30. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.






31. Risk mgmt method with much broader focus than IT security






32. De facto standard of best practices for IT service mgmt






33. Tools to ID - develop - and design security requirements for business needs






34. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis






35. A log that can record outgoing requests - incoming traffic - and internet usage






36. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate






37. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards






38. Collection of controls an organization must have in place






39. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs






40. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate






41. IT governance at the operational level






42. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation






43. A weakness (software - hardware - procedural - human) that can be exploited






44. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits






45. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company






46. Potential danger to information or systems






47. Ensures managment security directives are fulfilled






48. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering






49. Possiblity of damage and the ramifications should it occur






50. __________ loss has a negative effect after a vulnerability is initially exploited