SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Assessment And Risk Mgmt
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Type of audit that checks procedures and policies for escalating issues to management
performance monitor
risk analysis
escalation
security program
2. Event levels available for logging in a MS DNS server
CobiT
exposure
operational
No events - Errors only - Errors and warnings - All events
3. The following tools (Nessus - Qualys - Retina) are ______________ scanners
penetration
vulnerability
security program
Control Objectives for Information and related Technology
4. Provides good practice advice on ISMS (ISO 17799)(based on BS7799 Part 1)
SP 800-30
ISO/IEC 27002
Failure Modes and Effect Analysis
integrity
5. Internationally recognized Information Security Management standard - provides high level conceptual recomendations on enterprise security - brish standard
risk mitigation
vulnerability
protocol analyzer
BS7799
6. Information security managment measurements
integrity
availability
protocol analyzer
ISO/IEC 27004
7. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
privilege
CobiT
ISO/IEC 27799
performance baseline
8. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
SP 800-30
tactical
IRM
Failure Modes and Effect Analysis
9. Responsible for communicating to senior mgmt organizational risks and compliance regulations
CISO
operational
Information Security Management
corporate security officer
10. Guide assist in the implemenation of information security based on risk managent approach
ISO 17799
ISO/IEC 27005
integrity
risk
11. Responsible for developing: security awareness program - budget for information security related activities; policies - procdures - and guidelines - a security compliance program - and metrics
CISO
Control Objectives for Information and related Technology
performance monitor
COSO
12. CISO
due care
FMEA
chief information security officer
Failure Modes and Effect Analysis
13. Used to ID failures in a complex systems to understand underlying causes of threats
countermeasure
due care
fault tree analysis
risk mitigation
14. Legal term used to determine liability - acting responsibly - have lower risk of liability due to security breach
privilege
risk
john the ripper
due care
15. A weakness (software - hardware - procedural - human) that can be exploited
vulnerability
exposure
john the ripper
risk mitigation
16. A log that can record outgoing requests - incoming traffic - and internet usage
single loss expectancy
physical
firewall
delayed
17. Controls that manage facility access - locking systems - media sanitation - intrusion monitoring - environmental
security governanace
risk mitigation
FMEA
physical
18. _______________ can test IDS - detect network congestion - detect bad / failing equipment - detect high processor loads - must be NOS appropriate
risk catagories
network mapping
Failure Modes and Effect Analysis
Control Objectives for Information and related Technology
19. CSO
ISO 17799
tactical
risk anlysis
corporate security officer
20. ISM Standard
Information Security Management
ISO/IEC 27799
OCTAVE
vulnerability
21. Daily goals focused on productivity and task-oriented activities
L0phtCrack
john the ripper
vulnerability scanner
operational
22. An open source password cracker that uses dictionary and brute force attacks - stores previously cracked passwords - uses unshadow to merge password /shadow files
john the ripper
performance monitor
vulnerability scanner
COSO
23. Derived from the COSO framework
risk analysis
CobiT
Committee of Sponsoring Organizations
vulnerability scanner
24. Strategic - tactical and operational planning
planning horizon
ISO/IEC 27799
ITIL
administrative
25. Possiblity of damage and the ramifications should it occur
qualitative
vulnerability
risk
OVAL
26. OCTAVE
chief information security officer
Committee of Sponsoring Organizations
Operationally Critical Threat - Asset - and Vulnerability Evaluation
risk catagories
27. Responsible for information classification and protection
exposure factor
protocol analyzer
integrity
data owner
28. COSO
Committee of Sponsoring Organizations
delayed
ISO 17799
L0phtCrack
29. CobiT
blueprints
vulnerability
Control Objectives for Information and related Technology
L0phtCrack
30. Mitigates a potential risk
OCTAVE
usage
Information Technology Infrastructure Library (ITIL)
countermeasure
31. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
security program
FMEA
performance monitor
network mapping
32. SLE x ARO - (ALE)
COSO
CISO
ISO/IEC 27004
annualized loss expectancy
33. Risk assessment that is scenario based - ranks threats and countermeasures - uses experience - judgment - intuition and opinion
risk
ISO/IEC 27004
ISO/IEC 27005
qualitative
34. Port scanners - vulnerability scanners - protocol analyzers - password crackers - network mappers - open vulnerability and assessment language (OVAL) are all tool used in a ___________________ assessment
vulnerability
countermeasure
operational
risk
35. Made up of ten domains - a mechanism to describe security processes
OCTAVE
port scanner
ISO 17799
ITIL
36. Guide to illustrate how to protect personal health information
vulnerability
usage
No events - Errors only - Errors and warnings - All events
ISO/IEC 27799
37. An password cracker that uses dictionary and brute force attacks - rainbow tables - can test password strength and recover passwords - was originally free - but now a commercial product
Information Technology Infrastructure Library (ITIL)
L0phtCrack
firewall
planning horizon
38. Corporate governance at the strategic level
Information Security Management
COSO
No events - Errors only - Errors and warnings - All events
planning horizon
39. NIST risk management methodology
SP 800-30
Control Objectives for Information and related Technology
Failure Modes and Effect Analysis
mappers
40. Risk mgmt method with much broader focus than IT security
exposure
SP 800-30
network mapping
AS/NZS 4360
41. A quantative risk assesment process that allows for tests to be conducted to allow users to determine areas that require a risk analysis
network mapping
FRAP
CobiT
physical
42. An open language from mitre.org for determining vulnerabilities and problems on computer systems
performance monitor
OVAL
Information risk management
COSO
43. Tools to ID - develop - and design security requirements for business needs
threat
blueprints
security officer
privilege
44. Ensures reliable timely access to data/resources to authorized individuals
availability
CobiT
vulnerability
strategic
45. De facto standard of best practices for IT service mgmt
confidentiality
privilege
risk mitigation
Information Technology Infrastructure Library (ITIL)
46. A tool that maps weaknesses of systems / networks by scanning for ports - checking for applications - determining OS and patch level - and attempting exploits
vulnerability scanner
availability
planning horizon
escalation
47. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
mappers
SP 800-30
vulnerability scanner
elcomsoft
48. The tools - personnel and business processes necessary to ensure that security meets needs
port scanner
security governanace
performance baseline
risk
49. Number of time the incident might occur annually - (ARO)
annualized rate of occurrence
firewall
annualized loss expectancy
risk
50. Type of audit that checks information classification and change control procedures
performance baseline
administrative
Facilitated Risk Analysis Process
FMEA