Highmark- CISSP Initial Skill Set Evaluation

Reviewed by Editorial Team
The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.
Learn about Our Editorial Process
| By Infoseci
I
Infoseci
Community Contributor
Quizzes Created: 2 | Total Attempts: 1,125
| Attempts: 484 | Questions: 43
Please wait...
Question 1 / 43
0 %
0/100
Score 0/100
1. The Certified Information Systems Security Professional must understand the basic principles which compose the C-I-A triad as well as understanding defense-in-depth and prevention of failure points. Which term is not included in the C-I-A triad?

Explanation

The term "Access" is not included in the C-I-A triad. The C-I-A triad refers to the three fundamental principles of information security: Confidentiality, Integrity, and Availability. Access, on the other hand, refers to the ability to interact with or make use of something, such as gaining entry to a system or resource. While access control is an important aspect of information security, it is not one of the core principles represented by the C-I-A triad.

Submit
Please wait...
About This Quiz
Highmark- CISSP Initial Skill Set Evaluation - Quiz

The 'Highmark- CISSP Initial Skill Set Evaluation' assesses foundational skills in network and information security. It evaluates understanding of access controls, authentication methods, and system security techniques, vital... see morefor aspiring CISSP professionals. see less

2. What is the most important aspect in security operations for the separation of duties?

Explanation

The most important aspect in security operations for the separation of duties is to prevent one person from having total control of a function or system. This is crucial because it reduces the risk of fraud, errors, and abuse. By distributing responsibilities among multiple individuals, it ensures that no single person can manipulate or misuse the system for personal gain. This helps to maintain integrity, confidentiality, and availability of critical resources within an organization's security framework.

Submit
3. When designing and deploying business continuity plans which resource should be protected first?

Explanation

When designing and deploying business continuity plans, the resource that should be protected first is people. This is because employees are the most valuable asset of any organization and their safety and well-being should be the top priority. Without people, the physical buildings, infrastructure, and financial assets are meaningless. Therefore, ensuring the safety and security of employees is crucial for the successful implementation of business continuity plans.

Submit
4. The operating system performs many security functions on a computer in order to facilitate applications. In which function does the operating system prevent a process from tampering with other processes?

Explanation

The operating system prevents a process from tampering with other processes through process isolation. This function ensures that each process runs in its own separate memory space, preventing it from accessing or modifying the memory of other processes. By isolating processes, the operating system enhances security by preventing unauthorized access and interference between processes, thereby safeguarding the integrity and stability of the system.

Submit
5. Intangible assets such as a trademarked name is considered intellectual property. Which of the following terms is not a form of intellectual property?

Explanation

A business plan template is not a form of intellectual property because it is a tool or framework used to create a business plan, which is a document outlining a company's goals and strategies. Intellectual property refers to legal rights that protect creations of the mind, such as trademarks, copyrights, and trade secrets. These forms of intellectual property provide exclusive rights and protections for original works, inventions, and confidential information. However, a business plan template itself is not an original creation or invention, but rather a tool used to organize and present information in a business plan.

Submit
6. Managing risk is a key part of information security. The definition of risk includes the threat to and vulnerability of an asset. Which risk management concept involves the absence of a safeguard to protect against a threat?

Explanation

Vulnerability refers to the absence of a safeguard to protect against a threat. In the context of risk management, a vulnerability represents a weakness or flaw in the security measures of an asset. It indicates that there is no protection mechanism in place to mitigate or prevent potential threats from exploiting the asset. By identifying vulnerabilities, organizations can prioritize and implement appropriate safeguards to minimize the risk associated with potential threats.

Submit
7. When using a redundant server system to prevent a single point failure, which redundant server deploys two or more servers to share workload of applications?

Explanation

Clusters are a type of redundant server system that deploys two or more servers to share the workload of applications. This helps prevent a single point of failure by distributing the workload across multiple servers. By dividing the workload, clusters ensure that if one server fails, the other servers in the cluster can continue to handle the workload, maintaining the availability and reliability of the applications.

Submit
8. The process of developing a secure facility plan is called the  critical path analysis. The critical path analysis is used to systematically identify critical operations and processes. Three of the following factors are most suited for  the analysis of a server room. Which would not be a part of a critical path analysis?

Explanation

The critical path analysis is used to identify critical operations and processes that are essential for the functioning of a secure facility. Factors such as flood plain level, temperature control, and electrical reliability are all crucial for the security and operation of a server room. However, the cost of IT equipment upgrade is not directly related to the critical path analysis. While it may be an important consideration for the overall facility plan, it does not specifically pertain to the identification of critical operations and processes.

Submit
9. Which of the following cryptography terms would BEST describe a scenario where a symmetric key encrypts data and an asymmetric key encrypts the symmetric key?

Explanation

Hybrid cryptography is the best term to describe a scenario where a symmetric key encrypts data and an asymmetric key encrypts the symmetric key. In hybrid cryptography, a combination of symmetric and asymmetric encryption techniques is used to achieve both efficiency and security. The symmetric key is used for encrypting the actual data, which is faster and more efficient, while the asymmetric key is used to encrypt the symmetric key, providing an added layer of security. This approach combines the benefits of both encryption methods, ensuring secure communication.

Submit
10. Which of the following privacy laws prevents internet service providers from making unauthorized disclosures of the content of email and voicemail?

Explanation

The correct answer is The Electronic Communications Privacy Act of 1986. This law, also known as ECPA, protects the privacy of electronic communications, including email and voicemail. It prohibits internet service providers from making unauthorized disclosures of the content of these communications. ECPA sets guidelines for government surveillance and requires law enforcement agencies to obtain a warrant in order to access the content of electronic communications. It was enacted to update and strengthen privacy protections in response to advancements in technology and the increasing use of electronic communications.

Submit
11. Business continuity planning includes all of the following steps  EXCEPT?

Explanation

not-available-via-ai

Submit
12. What is the correct formula for the annualized loss expectancy (ALE) which is the financial loss a business expects to incur as a result of a risk harming an asset over the course of a year?

Explanation

The correct formula for the annualized loss expectancy (ALE) is ALE = SLE x ARO. ALE stands for the financial loss a business expects to incur as a result of a risk harming an asset over the course of a year. SLE represents the single loss expectancy, which is the amount of loss expected from a single occurrence of the risk. ARO stands for the annual rate of occurrence, which is the estimated number of times the risk is expected to occur in a year. Multiplying the SLE by the ARO gives the ALE, which represents the expected financial loss over the course of a year.

Submit
13. Virtual private networks provide secure tunnels over public networks. Under level 2 tunneling protocol (L2TP) secure VPN connections are created for client server connections. L2TP will address all of the following requirements for the user EXCEPT?

Explanation

L2TP will address local addressing, authorization, and authentication requirements for the user. However, it does not specifically address limited speed requirements. L2TP is primarily focused on providing secure VPN connections rather than optimizing network speed.

Submit
14. In order to have strong and effective network security in place the Certified Information Systems Security Professional (CISSP) will employ the use of both system and data access controls. This requires management and development of methodologies which ensure proper authentication, proper authorization and the identification and prevention of system attacks.  Access control is defined as who has access to systems and what their permissions to the system are.  Administrative, technical, and physical techniques assist in protecting data and under technical controls, which measure properly describes a PIV card?

Explanation

A PIV card is a Personal Identity Verification card, which is used as an access control mechanism. It is a smart card that contains an individual's personal information and credentials, such as biometric data and digital certificates. The PIV card is used to authenticate and authorize individuals to access systems and resources within an organization. It ensures that only authorized personnel have access to sensitive information and helps prevent unauthorized system attacks. Therefore, the use of a PIV card aligns with the goal of implementing strong and effective network security by employing access control mechanisms.

Submit
15. The NIST developed federal government standards beginning in 1991 called digital signature standards. Of the DSS standards RSA and DSA are most commonly used. When two different messages are computed by the same algorithm and the same message digest value results this is what?

Explanation

When two different messages are computed by the same algorithm and the same message digest value results, it is known as a collision. A collision occurs when different inputs produce the same output in a hash function. In the context of digital signature standards, collisions are undesirable as they can lead to security vulnerabilities. It is important for hash functions to minimize the likelihood of collisions to ensure the integrity and authenticity of digital signatures.

Submit
16. Protection mechanisms for a computer security system may include protection rings which organize code and applications under the operating systems control. Using the four ring model of protection ring which level has the highest privilege level?

Explanation

In computer security systems, protection rings are used to organize code and applications under the control of the operating system. The four ring model consists of Ring 0, Ring 1, Ring 2, and Ring 3. The level with the highest privilege level is Ring 0. This means that code and applications running at Ring 0 have the highest level of access and control over the system.

Submit
17. Service level agreements determine how and when work functions will be performed in terms of software applications and their support. Which one of these choices would not be considered a service level agreement?

Explanation

Physical security would not be considered a service level agreement because it does not pertain to the performance or support of software applications. Service level agreements typically focus on measurable metrics such as response times, availability, and performance of the software, whereas physical security relates to the protection of physical assets and facilities.

Submit
18. Rootkit attacks are designed to hide within the targeted system in order to hide from detection. Rootkits perform malicious acts of destroying, altering, editing, and stealing of data. A rootkit that acts as a virtual machine between the hardware of a computer and the operating system is a what?

Explanation

A rootkit that acts as a virtual machine between the hardware of a computer and the operating system is called a hypervisor. Hypervisors are designed to create and manage virtual machines, allowing multiple operating systems to run on a single physical machine. In the context of a rootkit attack, a hypervisor rootkit would hide itself by running as a layer between the hardware and the operating system, making it difficult to detect and remove. This allows the rootkit to perform malicious activities such as data destruction, alteration, editing, and theft without being detected by traditional security measures.

Submit
19. Steganography is the concealing of information within computer files most often large files of data or images. In steganography the information that is to be concealed and transmitted is the?

Explanation

In steganography, the information that is to be concealed and transmitted is referred to as the "payload". The payload is the actual data or message that is hidden within the carrier file. The carrier file can be any type of computer file, such as an image or a large file of data, and it serves as a cover for the hidden payload. The goal of steganography is to hide the existence of the payload within the carrier file, making it difficult for anyone to detect the hidden information.

Submit
20. Physical security controls are grouped into three categories of physical, technical, and administrative. When designing the physical security environment four basic principals are used. 

Explanation

The principle of "distinguish" in designing the physical security environment refers to the ability to differentiate between authorized individuals and unauthorized individuals. This can be achieved through various means such as identification badges, access control systems, or biometric authentication. By implementing measures that distinguish between authorized and unauthorized individuals, organizations can ensure that only those with proper credentials or permissions are granted access to protected areas or resources. This helps to enhance the overall security of the physical environment by preventing unauthorized individuals from gaining entry.

Submit
21. The MAC sub layer operates between the logical link control sub layer and the physical layer. Which of the following is NOT a function of the MAC sub layer?

Explanation

The MAC sub layer is responsible for identifying hardware device addresses, performing error control, and controlling media access. However, it does not encrypt LLC sub layers. Encryption is typically handled by higher layers of the network protocol stack, such as the network or transport layer.

Submit
22. Telephone communications systems are susceptible to security breaches as networks. Which of these choices is NOT  a corporate telecommunications switch to be protected with security measures?

Explanation

TeleNet iX is not a corporate telecommunications switch that needs to be protected with security measures. The other options, PBX, POTS, and VoIP, are all types of corporate telecommunications switches that are susceptible to security breaches and require security measures to protect them.

Submit
23. In the management of security operations the "need to know principle" requires that users are granted access only to the data needed to perform their assigned tasks. Which of the following is NOT a component of the "need to know principle"?

Explanation

The "need to know principle" is a concept in security operations that ensures users are only given access to the data necessary for their assigned tasks. It focuses on granting access based on a user's specific needs, rather than providing unrestricted access to all information. The other options mentioned in the question - keeping secret information secret, being associated with security clearances, and preventing inadvertent access - are all components of the "need to know principle" as they contribute to the restriction and control of data access. However, ensuring subjects receive privileges is not a component of this principle, as it does not pertain to the restriction of access based on necessity.

Submit
24. Which security mode provides access where control is based on whether the users security clearance level dominates the object's sensitivity level? 

Explanation

Multilevel mode provides access based on the dominance of the user's security clearance level over the object's sensitivity level. This means that a user with a higher security clearance can access objects with lower sensitivity levels, but a user with a lower security clearance cannot access objects with higher sensitivity levels. This mode allows for controlled access to information based on the security needs of the users and the sensitivity of the objects.

Submit
25. In the use of logical access controls, biometric authentication is considered to be which of the following?

Explanation

Biometric authentication is not considered the strongest form of authentication because it is based on only one authentication requirement. While biometric characteristics such as fingerprints are unique to individuals, they can still be compromised or replicated. The strongest form of authentication typically involves the use of multiple factors, such as something the user knows (password), something the user has (smart card), and something the user is (biometric).

Submit
26. Which act or law provides for the "prudent man rule"?

Explanation

The "prudent man rule" is provided for in the Federal sentencing guidelines of 1991. This rule requires that individuals in positions of authority exercise reasonable care, skill, and caution when making decisions on behalf of others. It is particularly relevant in the context of financial management and investment decisions, where fiduciaries are expected to act in the best interests of their clients or beneficiaries. The Federal sentencing guidelines of 1991 outline the principles and standards for imposing criminal sentences in the United States federal courts, including considerations for white-collar crimes such as fraud and embezzlement.

Submit
27. Patch management involves the development of code which improves performance, corrects a bug, or prevents a vulnerability. Which step in the patch management program would include a change management process?

Explanation

The step in the patch management program that would include a change management process is the approval of patches. This is because before any patch can be deployed, it needs to go through a thorough evaluation and approval process to ensure that it meets the necessary criteria and does not introduce any new issues. The change management process helps in assessing the impact of the patch on the overall system and ensures that it aligns with the organization's policies and procedures.

Submit
28. Centralized access controls are used for authentication of remote users where the access control system maintains the users account information in a central location. From the choices available, which form of centralized access is LEAST reliable?

Explanation

RADIUS (Remote Authentication Dial-In User Service) is the least reliable form of centralized access control among the given options. RADIUS is a protocol that allows remote users to authenticate and gain access to a network. However, it has some limitations that make it less reliable compared to the other options. For example, RADIUS does not support strong encryption, making it vulnerable to security breaches. Additionally, RADIUS has limited scalability and can struggle to handle high volumes of authentication requests, leading to potential performance issues. Therefore, when considering reliability, RADIUS is the least preferable option.

Submit
29. Considering physical access controls which is the most prevalent form of perimeter security?

Explanation

Lighting is the most prevalent form of perimeter security because it helps to deter potential intruders by illuminating the area around the perimeter. Well-lit areas make it difficult for individuals to hide or approach undetected, increasing the chances of being noticed by security personnel or surveillance cameras. Adequate lighting also enhances the effectiveness of other security measures, such as video monitoring, by providing clear visibility. Additionally, lighting can create a sense of safety and discourage criminal activities, making it an essential component of physical access controls.

Submit
30. "Defense in depth" is an information security strategy which is based on multiple layers of defense. Which of these parts is not a component of "Defense in depth"?

Explanation

"Defense in depth" is an information security strategy that involves implementing multiple layers of defense to protect against potential threats. This includes various components such as vendor software solutions, security management principles, and security technologies. However, physical plant security, which refers to the physical protection of the facility where the information is stored, is not considered a component of "Defense in depth."

Submit
31.
Years at Highmark

Explanation

not-available-via-ai

Submit
32.
Years of Overall Professional Experience:

Explanation

not-available-via-ai

Submit
33. Your Job Title:

Explanation

not-available-via-ai

Submit
34. Years in Current Job Title:

Explanation

not-available-via-ai

Submit
35. On a scale of 1-5 with 5 being the highest, rate your expertise level in the CISSP Domain of Access Control.

Explanation

The given correct answer is 1. This indicates that the person has the lowest level of expertise in the CISSP Domain of Access Control. A rating of 1 suggests that the person has very limited knowledge and understanding of access control concepts and practices. They may have little to no experience in implementing access control measures or managing access to systems and resources.

Submit
36. On a scale of 1-5 with 5 being the highest, rate your expertise level in the CISSP Domain of Application Security.

Explanation

The given correct answer is 5. This indicates that the person has the highest level of expertise in the CISSP Domain of Application Security.

Submit
37. On a scale of 1-5 with 5 being the highest, rate your expertise level in the CISSP Domain of Business Continuity.

Explanation

This question is asking the respondent to rate their expertise level in the CISSP Domain of Business Continuity on a scale of 1-5, with 5 being the highest. The correct answer is "3". This indicates that the respondent has a moderate level of expertise in the CISSP Domain of Business Continuity.

Submit
38. On a scale of 1-5 with 5 being the highest, rate your expertise level in the CISSP Domain of Cryptography.

Explanation

The given correct answer is "1". This indicates that the individual has the lowest level of expertise in the CISSP Domain of Cryptography. A rating of 1 suggests that the person has limited knowledge and understanding of the concepts and principles of cryptography. They may have a basic understanding of encryption algorithms, key management, and cryptographic protocols, but their expertise in this domain is minimal.

Submit
39. On a scale of 1-5 with 5 being the highest, rate your expertise level in the CISSP Domain of Information Security & Risk Management.

Explanation

This question asks the respondent to rate their expertise level in the CISSP Domain of Information Security & Risk Management on a scale of 1-5, with 5 being the highest. The correct answer is 3. This means that the respondent considers themselves to have a moderate level of expertise in this domain.

Submit
40. On a scale of 1-5 with 5 being the highest, rate your expertise level in the CISSP Domain of Legal Regulations, Compliance, & Investigations.

Explanation

The question asks the respondent to rate their expertise level in the CISSP Domain of Legal Regulations, Compliance, & Investigations on a scale of 1-5. The correct answer is "3". This indicates that the respondent has a moderate level of expertise in this domain. They have some knowledge and understanding of legal regulations, compliance, and investigations, but may still have room for improvement and further learning in this area.

Submit
41. On a scale of 1-5 with 5 being the highest, rate your expertise level in the CISSP Domain of Physical (Environmental) Security.

Explanation

The question asks the respondent to rate their expertise level in the CISSP Domain of Physical (Environmental) Security on a scale of 1-5, with 5 being the highest. The correct answer is "1". This implies that the respondent has the lowest level of expertise in this domain.

Submit
42. On a scale of 1-5 with 5 being the highest, rate your expertise level in the CISSP Domain of Security Architecture & Design.

Explanation

This question is asking the respondent to rate their expertise level in the CISSP Domain of Security Architecture & Design on a scale of 1-5, with 5 being the highest. The correct answer is "5" as it indicates that the respondent has the highest level of expertise in this domain.

Submit
43. On a scale of 1-5 with 5 being the highest, rate your expertise level in the CISSP Domain of Telecommunications & Network Security.

Explanation

The given correct answer is "1". This indicates that the person has the lowest expertise level in the CISSP Domain of Telecommunications & Network Security.

Submit
View My Results

Quiz Review Timeline (Updated): Jun 18, 2024 +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Jun 18, 2024
    Quiz Edited by
    ProProfs Editorial Team
  • Nov 20, 2013
    Quiz Created by
    Infoseci
Cancel
  • All
    All (43)
  • Unanswered
    Unanswered ()
  • Answered
    Answered ()
The Certified Information Systems Security Professional must...
What is the most important aspect in security operations for the...
When designing and deploying business continuity plans which resource...
The operating system performs many security functions on a computer in...
Intangible assets such as a trademarked name is considered...
Managing risk is a key part of information security. The definition of...
When using a redundant server system to prevent a single point...
The process of developing a secure facility plan is called the...
Which of the following cryptography terms would BEST describe a...
Which of the following privacy laws prevents internet service...
Business continuity planning includes all of the following steps...
What is the correct formula for the annualized loss expectancy (ALE)...
Virtual private networks provide secure tunnels over public networks....
In order to have strong and effective network security in place the...
The NIST developed federal government standards beginning in 1991...
Protection mechanisms for a computer security system may include...
Service level agreements determine how and when work functions will be...
Rootkit attacks are designed to hide within the targeted system in...
Steganography is the concealing of information within computer files...
Physical security controls are grouped into three categories of...
The MAC sub layer operates between the logical link control sub layer...
Telephone communications systems are susceptible to security breaches...
In the management of security operations the "need to know...
Which security mode provides access where control is based on whether...
In the use of logical access controls, biometric authentication is...
Which act or law provides for the "prudent man rule"?
Patch management involves the development of code which improves...
Centralized access controls are used for authentication of remote...
Considering physical access controls which is the most prevalent form...
"Defense in depth" is an information security strategy which...
Years at Highmark
Years of Overall Professional Experience:
Your Job Title:
Years in Current Job Title:
On a scale of 1-5 with 5 being the highest, rate your expertise level...
On a scale of 1-5 with 5 being the highest, rate your expertise level...
On a scale of 1-5 with 5 being the highest, rate your expertise level...
On a scale of 1-5 with 5 being the highest, rate your expertise level...
On a scale of 1-5 with 5 being the highest, rate your expertise level...
On a scale of 1-5 with 5 being the highest, rate your expertise level...
On a scale of 1-5 with 5 being the highest, rate your expertise level...
On a scale of 1-5 with 5 being the highest, rate your expertise level...
On a scale of 1-5 with 5 being the highest, rate your expertise level...
Alert!

Advertisement