Comptia Security +: Assessment And Risk Mgmt MCQ Questions Answers

1. Plan and Organize - Acquire and Implement - Deliver and Support - Monitor and Evaluate

2. Controls that implement access control - password mangement - identification and authentication methods - configuration

3. Ensures managment security directives are fulfilled

4. IRM

5. Guide assist in the implemenation of information security based on risk managent approach

6. Event levels available for logging in a MS DNS server

7. IT governance at the operational level

8. Controls that include policies - standards - procedures -risk management - personnel screening - training - change control

9. Process of ID and assessing risk - reducing to acceptable level - implementing mechanisms to maintain.

10. Establish - implement - control and improve the Information Security Managment System (based on BS7799 Part 2)

11. Used in assurance risk mgmt - methodical way to ID major failure modes (not useful for complex failure modes)

12. Responsible for communicating to senior mgmt organizational risks and compliance regulations

13. Security policy - map business objectives to security - Security infrastructure - security officer - reviews - Assest classification/control - inventory - Personnel security - screening - training - roles - Physical security - Communication/operation

14. Guide to illustrate how to protect personal health information

15. Used to predict changes based on trends - detect deviations - and watch events across multiple system components

16. Hp OpenView - Nmap - Qualys - Solana Networks - SolarWinds are all network _____________

17. Plan and Organize - Implement - Operate and Maintain - Monitor and Evaluate

18. Tools to ID - develop - and design security requirements for business needs

19. A log that can record outgoing requests - incoming traffic - and internet usage

20. A plan of action to deal with risks defined in the risk assessment - may remediate or transfer risk

21. An open language from mitre.org for determining vulnerabilities and problems on computer systems

22. An instance of being exposed to losses from a threat

23. Strategic - tactical and operational planning

24. Ensures necessary level of secrecy and prevents unauthorized disclosure

25. Developed by the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting

26. Daily goals focused on productivity and task-oriented activities

27. Type of audit that checks information classification and change control procedures

28. Framework/set of best practices that define goals for controls used to properly manage IT and to ensure IT maps to business needs

29. Risk mgmt method created by Carnegie Mellon University - people manage/direct the risk evaluation for IT security in a company