Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. ISM Standard
Information Security Management
Control Objectives for Information and related Technology
risk
ISO 17799

2. Responsible for communicating to senior mgmt organizational risks and compliance regulations
CISO
ISO 17799
annualized rate of occurrence
CobiT

3. Corporate governance at the strategic level
CobiT
COSO
blueprints
Failure Modes and Effect Analysis

4. A commercial password cracker that can test password strength and recover passwords; and perform dictionary and brute force attacks
elcomsoft
corporate security officer
FMEA
network mapping

5. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
CISO
availability
performance baseline
BS7799

6. Information security managment measurements
security officer
ISO/IEC 27004
ISO/IEC 27799
CobiT

7. CISO
chief information security officer
penetration
CobiT
SP 800-30

8. Guide assist in the implemenation of information security based on risk managent approach
ISO/IEC 27005
CobiT
vulnerability scanner
integrity

9. Focus on service level agreements between IT dept and internal customers
ITIL
delayed
integrity
CISO

10. SLE x ARO - (ALE)
annualized rate of occurrence
administrative
annualized loss expectancy
vulnerability scanner

11. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond
qualitative
COSO
vulnerability
risk analysis

12. NIST risk management methodology
ISO/IEC 27799
risk analysis
SP 800-30
technical

13. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
OVAL
administrative
strategic
ISO/IEC 27002

14. Made up of ten domains - a mechanism to describe security processes
FRAP
data owner
FMEA
ISO 17799

15. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
FMEA
escalation
Information Security Management
network mapping

16. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
FMEA
mappers
technical
security program

17. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
L0phtCrack
port scanner
operational
vulnerability

18. CSO
COSO
chief information security officer
corporate security officer
exposure factor

19. The asset's value multiplied by the EF percentage - (SLE)
single loss expectancy
IRM
usage
CobiT

20. COSO
Committee of Sponsoring Organizations
privilege
port scanner
corporate security officer

21. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering
FMEA
ISO/IEC 27002
countermeasure
planning horizon

22. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
Information risk management
integrity
due care
operational

23. Risk mgmt method with much broader focus than IT security
ISO 17799
AS/NZS 4360
FMEA
OVAL

24. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
CobiT
ISO/IEC 27799
port scanner
Operationally Critical Threat - Asset - and Vulnerability Evaluation

25. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
risk
administrative
OCTAVE
CobiT

26. The likelihood of exploitation and the loss potential
OCTAVE
vulnerability
Information Technology Infrastructure Library (ITIL)
risk

27. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers
Facilitated Risk Analysis Process
strategic
ISO/IEC 27004
Failure Modes and Effect Analysis

28. An instance of being exposed to losses from a threat
countermeasure
OCTAVE
Committee of Sponsoring Organizations
exposure

29. Guide to illustrate how to protect personal health information
L0phtCrack
protocol analyzer
strategic
ISO/IEC 27799

30. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
COSO
ITIL
OVAL
data owner

31. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost
network mapping
risk anlysis
vulnerability
Information Security Management

32. Tools to ID - develop - and design security requirements for business needs
tactical
Facilitated Risk Analysis Process
blueprints
administrative

33. De facto standard of best practices for IT service mgmt
performance baseline
risk analysis
Information Technology Infrastructure Library (ITIL)
availability

34. IRM
ITIL
administrative
security program
Information risk management

35. FMEA
ISO/IEC 27005
COSO
Failure Modes and Effect Analysis
BS7799

36. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
mappers
risk
CISO
qualitative

37. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
ISO/IEC 27799
elcomsoft
AS/NZS 4360
qualitative

38. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external
risk mitigation
risk
penetration
tactical

39. Derived from the COSO framework
L0phtCrack
vulnerability
CobiT
AS/NZS 4360

40. Ensures necessary level of secrecy and prevents unauthorized disclosure
risk mitigation
confidentiality
Committee of Sponsoring Organizations
SP 800-30

41. Type of audit that checks procedures and policies for escalating issues to management
ISO 17799
network mapping
escalation
ITIL

42. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)
port scanner
Control Objectives for Information and related Technology
security program
penetration

43. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
usage
L0phtCrack
risk analysis
CISO

44. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
ISO 17799
network mapping
risk
strategic

45. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
FMEA
risk anlysis
risk analysis
risk mitigation

46. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
delayed
OCTAVE
vulnerability
ISO/IEC 27005

47. Mitigates a potential risk
port scanner
countermeasure
CobiT
ISO/IEC 27005

48. Responsible for information classification and protection
COSO
data owner
ISO/IEC 27005
network mapping

49. Controls that implement access control - password mangement - identification and authentication methods - configuration
protocol analyzer
CobiT
ISO/IEC 27002
technical

50. Type of audit that checks information classification and change control procedures
security governanace
security program
FMEA
administrative