Highmark- CISSP Initial Skill Set Evaluation

43 Questions | Attempts: 438

SettingsSettingsSettings
CISSP Quizzes & Trivia

Describe your quiz in a few sentences


Questions and Answers
  • 1. 
    In order to have strong and effective network security in place the Certified Information Systems Security Professional (CISSP) will employ the use of both system and data access controls. This requires management and development of methodologies which ensure proper authentication, proper authorization and the identification and prevention of system attacks.  Access control is defined as who has access to systems and what their permissions to the system are.  Administrative, technical, and physical techniques assist in protecting data and under technical controls, which measure properly describes a PIV card?
    • A. 

      An access control mechanism

    • B. 

      An encryption device

    • C. 

      A remote access authentication protocol

    • D. 

      An access control list

  • 2. 
    In the use of logical access controls, biometric authentication is considered to be which of the following?
    • A. 

      The strongest authentication available because of the rarity of similar human characteristics such as fingerprints.

    • B. 

      The weakest form of authentication because it can be forged or replicated.

    • C. 

      The strongest form of authentication because it uses two authentication requirements.

    • D. 

      Not the strongest form of authentication because it is based on only one authentication requirement.

  • 3. 
    Centralized access controls are used for authentication of remote users where the access control system maintains the users account information in a central location. From the choices available, which form of centralized access is LEAST reliable?
    • A. 

      PAP

    • B. 

      LDAP

    • C. 

      RAS

    • D. 

      RADIUS

  • 4. 
    The operating system performs many security functions on a computer in order to facilitate applications. In which function does the operating system prevent a process from tampering with other processes?
    • A. 

      Access control

    • B. 

      Authentication

    • C. 

      Network communication

    • D. 

      Process isolation

  • 5. 
    Service level agreements determine how and when work functions will be performed in terms of software applications and their support. Which one of these choices would not be considered a service level agreement?
    • A. 

      Data storage requirements

    • B. 

      Physical security

    • C. 

      Number of concurrent users

    • D. 

      Service desk response

  • 6. 
    Rootkit attacks are designed to hide within the targeted system in order to hide from detection. Rootkits perform malicious acts of destroying, altering, editing, and stealing of data. A rootkit that acts as a virtual machine between the hardware of a computer and the operating system is a what?
    • A. 

      Hardware

    • B. 

      Kernel

    • C. 

      Hypervisor

    • D. 

      Library

  • 7. 
    Business continuity planning includes all of the following steps  EXCEPT?
    • A. 

      Continuity planning

    • B. 

      Application acquisition

    • C. 

      Approval and implementation

    • D. 

      Business impact assessment

  • 8. 
    What is the correct formula for the annualized loss expectancy (ALE) which is the financial loss a business expects to incur as a result of a risk harming an asset over the course of a year?
    • A. 

      ALE=AV x EF

    • B. 

      ALE=SLE + EF

    • C. 

      ALE=SLE x ARO

    • D. 

      ALE=EF-SLE

  • 9. 
    When designing and deploying business continuity plans which resource should be protected first?
    • A. 

      Physical buildings

    • B. 

      People

    • C. 

      Infrastructure

    • D. 

      Financial assets

  • 10. 
    Steganography is the concealing of information within computer files most often large files of data or images. In steganography the information that is to be concealed and transmitted is the?
    • A. 

      Carrier

    • B. 

      Payload

    • C. 

      Stegomedium

    • D. 

      Least significant bit

  • 11. 
    Which of the following cryptography terms would BEST describe a scenario where a symmetric key encrypts data and an asymmetric key encrypts the symmetric key?
    • A. 

      Lucifer

    • B. 

      Hybrid cryptography

    • C. 

      Digital envelope

    • D. 

      Session keys

  • 12. 
    The NIST developed federal government standards beginning in 1991 called digital signature standards. Of the DSS standards RSA and DSA are most commonly used. When two different messages are computed by the same algorithm and the same message digest value results this is what?
    • A. 

      CMAC

    • B. 

      Knapsack algorithm

    • C. 

      Collision

    • D. 

      One-way hatch

  • 13. 
    The Certified Information Systems Security Professional must understand the basic principles which compose the C-I-A triad as well as understanding defense-in-depth and prevention of failure points. Which term is not included in the C-I-A triad?
    • A. 

      Confidentiality

    • B. 

      Integrity

    • C. 

      Availability

    • D. 

      Access

  • 14. 
    "Defense in depth" is an information security strategy which is based on multiple layers of defense. Which of these parts is not a component of "Defense in depth"?
    • A. 

      Vendor software solutions

    • B. 

      Security management principles

    • C. 

      Security technologies

    • D. 

      Physical plant security

  • 15. 
    Managing risk is a key part of information security. The definition of risk includes the threat to and vulnerability of an asset. Which risk management concept involves the absence of a safeguard to protect against a threat?
    • A. 

      Threat

    • B. 

      Asset

    • C. 

      Vulnerability

    • D. 

      Risk treatment

  • 16. 
    Which act or law provides for the "prudent man rule"?
    • A. 

      Government Information Security Reform Act of 2000

    • B. 

      Computer Security Act of 1987

    • C. 

      Federal sentencing guidelines of 1991

    • D. 

      Computer Fraud and Abuse Act of 1984

  • 17. 
    Intangible assets such as a trademarked name is considered intellectual property. Which of the following terms is not a form of intellectual property?
    • A. 

      Business plan template

    • B. 

      Copyrights

    • C. 

      Trademarks

    • D. 

      Trade secrets

  • 18. 
    Which of the following privacy laws prevents internet service providers from making unauthorized disclosures of the content of email and voicemail?
    • A. 

      The Electronic Communications Privacy Act of 1986

    • B. 

      The Communications Assistance for Law Enforcement Act of 1994

    • C. 

      The Economical and Protection of Proprietary Information Act of 1996

    • D. 

      The Gramm-Leach-Bliley Act of 1999

  • 19. 
    In the management of security operations the "need to know principle" requires that users are granted access only to the data needed to perform their assigned tasks. Which of the following is NOT a component of the "need to know principle"?
    • A. 

      Keeps secret information secret

    • B. 

      Is associated with security clearances

    • C. 

      Prevents inadvertent access.

    • D. 

      Ensures subjects receive privileges

  • 20. 
    Patch management involves the development of code which improves performance, corrects a bug, or prevents a vulnerability. Which step in the patch management program would include a change management process?
    • A. 

      Evaluation of patches

    • B. 

      Approval of patches

    • C. 

      Testing of patches

    • D. 

      Deployment of patches.

  • 21. 
    What is the most important aspect in security operations for the separation of duties?
    • A. 

      Prevents one person from retaining business trade secrets.

    • B. 

      Ensures a platform for increased job responsibility.

    • C. 

      It prevents one person from having total control of a function or system.

    • D. 

      Determines the level of security clearance.

  • 22. 
    The process of developing a secure facility plan is called the  critical path analysis. The critical path analysis is used to systematically identify critical operations and processes. Three of the following factors are most suited for  the analysis of a server room. Which would not be a part of a critical path analysis?
    • A. 

      Flood plain level

    • B. 

      Cost of IT equipment upgrade

    • C. 

      Temperature control

    • D. 

      Electrical reliability

  • 23. 
    Physical security controls are grouped into three categories of physical, technical, and administrative. When designing the physical security environment four basic principals are used. 
    • A. 

      Detection

    • B. 

      Deterrence

    • C. 

      Distinguish

    • D. 

      Denial

  • 24. 
    Considering physical access controls which is the most prevalent form of perimeter security?
    • A. 

      Lighting

    • B. 

      Fencing

    • C. 

      Security personnel

    • D. 

      Video monitoring

  • 25. 
    Protection mechanisms for a computer security system may include protection rings which organize code and applications under the operating systems control. Using the four ring model of protection ring which level has the highest privilege level?
    • A. 

      Ring 0

    • B. 

      Ring 3

    • C. 

      Ring 1

    • D. 

      Ring 4

Back to Top Back to top
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.