Test your basic knowledge |

Comptia Security +: Assessment And Risk Mgmt

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)






2. Possiblity of damage and the ramifications should it occur






3. Long-term goals focused on risk managment - compliance - security responsiblities - continual improvement - using security to attract customers






4. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)






5. Information security managment measurements






6. OCTAVE






7. Provides a cost/benefit comparision






8. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files






9. The tools - personnel and business processes necessary to ensure that security meets needs






10. CISO






11. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate






12. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits






13. Derived from the COSO framework






14. A weakness (software - hardware - procedural - human) that can be exploited






15. Number of time the incident might occur annually - (ARO)






16. Strategic - tactical and operational planning






17. FRAP






18. An instance of being exposed to losses from a threat






19. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate






20. Percentage of an asset's value that would be lost in a single incident - (EF)






21. __________ loss has a negative effect after a vulnerability is initially exploited






22. Used to predict changes based on trends - detect deviations - and watch events across multiple system components






23. Type of audit that checks that accounts - groups and roles are correctly assigned






24. A log that can record outgoing requests - incoming traffic - and internet usage






25. The following tools (Nessus - Qualys - Retina) are ______________ scanners






26. Risk mgmt method with much broader focus than IT security






27. Daily goals focused on productivity and task-oriented activities






28. Ensures managment security directives are fulfilled






29. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.






30. The likelihood of exploitation and the loss potential






31. Controls that implement access control - password mangement - identification and authentication methods - configuration






32. A method of ID vulnerabililties and threats and assessing possible impacts to determine where to implement security safeguards






33. Control environment - company culture - Risk assessment - manage change - Control activities - policies - procedures - practices - Information and communication - right people - info - time - Monitoring - detect and respond






34. Method of ID functions and their failures - causes of failures their effect - originally designed for systems engineering






35. Physical damage - human interaction - equip malfunction - misuse of data - loss of data - application error






36. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics






37. SLE x ARO - (ALE)






38. Midterm goals






39. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion






40. Guide assist in the implemenation of information security based on risk managent approach






41. This tool scans network devices listening for open ports - (i.e. Nmap - scanmetender - superscan - NHS nohack scanner)






42. Type of audit that checks procedures and policies for escalating issues to management






43. Type of audit that checks that network resources - systems and software are used appropriately






44. IRM






45. ISM Standard






46. A process to ID assests and their value - ID vulnerabilities and threats - quantify probability and impact of threats - provide balance between impact and cost






47. Made up of ten domains - a mechanism to describe security processes






48. CSO






49. This type of testing scans for vulnerabilities - attacks to determine extent - tests countermeasures by circumvention - and can be internal or external






50. Expected or predetermined performance level - developed from policy - performance - requirements