Comptia Security +: Assessment And Risk Mgmt MCQs
Comptia Security +: Assessment And Risk Mgmt MCQs
Our experts have gathered these Comptia Security +: Assessment And Risk Mgmt MCQs through research, and we hope that you will be able to see how much knowledge base you have for the subject of Comptia Security +: Assessment And Risk Mgmt by answering these 20 multiple-choice questions.
Get started now by scrolling down!
1: Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company
A. Exposure factor
B. Risk
C. OCTAVE
D. Countermeasure
2: Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs
A. Security officer
B. CobiT
C. Integrity
D. Risk analysis
3: Type of audit that checks information classification and change control procedures
A. Fault tree analysis
B. ISO/IEC 27004
C. Administrative
D. COSO
4: Daily goals focused on productivity and task-oriented activities
A. Confidentiality
B. Operational
C. ISO 17799
D. ISO/IEC 27001
5: Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting
A. Fault tree analysis
B. COSO
C. Annualized rate of occurrence
D. Annualized loss expectancy
6: Ensures necessary level of secrecy and prevents unauthorized disclosure
A. Performance monitor
B. ISO/IEC 27004
C. ISO/IEC 27002
D. Confidentiality
7: Strategic - tactical and operational planning
A. Performance monitor
B. Planning horizon
C. Data owner
D. Network mapping
8: An instance of being exposed to losses from a threat
A. Risk
B. Control Objectives for Information and related Technology
C. Exposure
D. Vulnerability scanner
9: An open language from mitre.org for determining vulnerabilities and problems on computer systems
A. Tactical
B. Performance monitor
C. Vulnerability scanner
D. OVAL
10: A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk
A. Risk mitigation
B. Administrative
C. Risk analysis
D. Vulnerability scanner
11: A log that can record outgoing requests - incoming traffic - and internet usage
A. Mappers
B. Corporate security officer
C. Firewall
D. COSO
12: Tools to ID - develop - and design security requirements for business needs
A. Blueprints
B. Security program
C. Information Technology Infrastructure Library (ITIL)
D. John the ripper
13: Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate
A. AS/NZS 4360
B. Security program
C. Information Security Management
D. Technical
14: Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________
A. Mappers
B. Due care
C. Data owner
D. Performance monitor
15: Used to predict changes based on trends - detect deviations - and watch events across multiple system components
A. Performance monitor
B. ITIL
C. Risk analysis
D. BS7799
16: Guide to illustrate how to protect personal health information
A. Risk analysis
B. Committee of Sponsoring Organizations
C. Information Security Management
D. ISO/IEC 27799
17: Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation
A. CobiT
B. Vulnerability
C. ISO 17799
D. Committee of Sponsoring Organizations
18: Responsible for communicating to senior mgmt organizational risks and compliance regulations
A. Planning horizon
B. IRM
C. Exposure
D. CISO
19: Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)
A. ITIL
B. FMEA
C. Control Objectives for Information and related Technology
D. Operational
20: Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)
A. Single loss expectancy
B. ISO/IEC 27001
C. Administrative
D. COSO
21: Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.
A. Vulnerability scanner
B. IRM
C. Performance baseline
D. Strategic
22: Controls that include policies - standards - procedures -risk management - personnel screening - training - change control
A. Risk anlysis
B. Risk analysis
C. CobiT
D. Administrative
23: IT governance at the operational level
A. Facilitated Risk Analysis Process
B. Committee of Sponsoring Organizations
C. CobiT
D. Chief information security officer
24: Event levels available for logging in a MS DNS server
A. Operationally Critical Threat - Asset - and Vulnerability Evaluation
B. Delayed
C. Planning horizon
D. No events - Errors only - Errors and warnings - All events
25: Guide assist in the implemenation of information security based on risk managent approach
A. Vulnerability scanner
B. Blueprints
C. CISO
D. ISO/IEC 27005
26: IRM
A. Information risk management
B. Administrative
C. ISO 17799
D. CISO
27: Ensures managment security directives are fulfilled
A. Security officer
B. FMEA
C. John the ripper
D. Technical
28: Controls that implement access control - password mangement - identification and authentication methods - configuration
A. Committee of Sponsoring Organizations
B. Technical
C. Qualitative
D. Administrative
29: Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate
A. CobiT
B. ISO/IEC 27002
C. Vulnerability scanner
D. CISO
List of Comptia Security +: As...
Available in:
Comptia Security +: Assessment And Risk Mgmt MCQs
