Highmark- CISSP Initial Skill Set Evaluation

43 Questions | Total Attempts: 60

SettingsSettingsSettings
CISSP Quizzes & Trivia

Describe your quiz in a few sentences


Questions and Answers
  • 1. 
    Your Job Title:
  • 2. 
    Years in Current Job Title:
  • 3. 
    Years of Overall Professional Experience:
  • 4. 
    Years at Highmark
  • 5. 
    On a scale of 1-5 with 5 being the highest, rate your expertise level in the CISSP Domain of Access Control.
    • A. 

      1

    • B. 

      2

    • C. 

      3

    • D. 

      4

    • E. 

      5

  • 6. 
    On a scale of 1-5 with 5 being the highest, rate your expertise level in the CISSP Domain of Application Security.
    • A. 

      1

    • B. 

      2

    • C. 

      3

    • D. 

      4

    • E. 

      5

  • 7. 
    On a scale of 1-5 with 5 being the highest, rate your expertise level in the CISSP Domain of Business Continuity.
    • A. 

      1

    • B. 

      2

    • C. 

      3

    • D. 

      4

    • E. 

      5

  • 8. 
    On a scale of 1-5 with 5 being the highest, rate your expertise level in the CISSP Domain of Cryptography.
    • A. 

      1

    • B. 

      2

    • C. 

      3

    • D. 

      4

    • E. 

      5

  • 9. 
    On a scale of 1-5 with 5 being the highest, rate your expertise level in the CISSP Domain of Information Security & Risk Management.
    • A. 

      1

    • B. 

      2

    • C. 

      3

    • D. 

      4

    • E. 

      5

  • 10. 
    On a scale of 1-5 with 5 being the highest, rate your expertise level in the CISSP Domain of Legal Regulations, Compliance, & Investigations.
    • A. 

      1

    • B. 

      2

    • C. 

      3

    • D. 

      4

    • E. 

      5

  • 11. 
    On a scale of 1-5 with 5 being the highest, rate your expertise level in the CISSP Domain of Physical (Environmental) Security.
    • A. 

      1

    • B. 

      2

    • C. 

      3

    • D. 

      4

    • E. 

      5

  • 12. 
    On a scale of 1-5 with 5 being the highest, rate your expertise level in the CISSP Domain of Security Architecture & Design.
    • A. 

      1

    • B. 

      2

    • C. 

      3

    • D. 

      4

    • E. 

      5

  • 13. 
    On a scale of 1-5 with 5 being the highest, rate your expertise level in the CISSP Domain of Telecommunications & Network Security.
    • A. 

      1

    • B. 

      2

    • C. 

      3

    • D. 

      4

    • E. 

      5

  • 14. 
    In order to have strong and effective network security in place the Certified Information Systems Security Professional (CISSP) will employ the use of both system and data access controls. This requires management and development of methodologies which ensure proper authentication, proper authorization and the identification and prevention of system attacks.  Access control is defined as who has access to systems and what their permissions to the system are.  Administrative, technical, and physical techniques assist in protecting data and under technical controls, which measure properly describes a PIV card?
    • A. 

      An access control mechanism

    • B. 

      An encryption device

    • C. 

      A remote access authentication protocol

    • D. 

      An access control list

  • 15. 
    In the use of logical access controls, biometric authentication is considered to be which of the following?
    • A. 

      The strongest authentication available because of the rarity of similar human characteristics such as fingerprints.

    • B. 

      The weakest form of authentication because it can be forged or replicated.

    • C. 

      The strongest form of authentication because it uses two authentication requirements.

    • D. 

      Not the strongest form of authentication because it is based on only one authentication requirement.

  • 16. 
    Centralized access controls are used for authentication of remote users where the access control system maintains the users account information in a central location. From the choices available, which form of centralized access is LEAST reliable?
    • A. 

      PAP

    • B. 

      LDAP

    • C. 

      RAS

    • D. 

      RADIUS

  • 17. 
    The operating system performs many security functions on a computer in order to facilitate applications. In which function does the operating system prevent a process from tampering with other processes?
    • A. 

      Access control

    • B. 

      Authentication

    • C. 

      Network communication

    • D. 

      Process isolation

  • 18. 
    Service level agreements determine how and when work functions will be performed in terms of software applications and their support. Which one of these choices would not be considered a service level agreement?
    • A. 

      Data storage requirements

    • B. 

      Physical security

    • C. 

      Number of concurrent users

    • D. 

      Service desk response

  • 19. 
    Rootkit attacks are designed to hide within the targeted system in order to hide from detection. Rootkits perform malicious acts of destroying, altering, editing, and stealing of data. A rootkit that acts as a virtual machine between the hardware of a computer and the operating system is a what?
    • A. 

      Hardware

    • B. 

      Kernel

    • C. 

      Hypervisor

    • D. 

      Library

  • 20. 
    Business continuity planning includes all of the following steps  EXCEPT?
    • A. 

      Continuity planning

    • B. 

      Application acquisition

    • C. 

      Approval and implementation

    • D. 

      Business impact assessment

  • 21. 
    What is the correct formula for the annualized loss expectancy (ALE) which is the financial loss a business expects to incur as a result of a risk harming an asset over the course of a year?
    • A. 

      ALE=AV x EF

    • B. 

      ALE=SLE + EF

    • C. 

      ALE=SLE x ARO

    • D. 

      ALE=EF-SLE

  • 22. 
    When designing and deploying business continuity plans which resource should be protected first?
    • A. 

      Physical buildings

    • B. 

      People

    • C. 

      Infrastructure

    • D. 

      Financial assets

  • 23. 
    Steganography is the concealing of information within computer files most often large files of data or images. In steganography the information that is to be concealed and transmitted is the?
    • A. 

      Carrier

    • B. 

      Payload

    • C. 

      Stegomedium

    • D. 

      Least significant bit

  • 24. 
    Which of the following cryptography terms would BEST describe a scenario where a symmetric key encrypts data and an asymmetric key encrypts the symmetric key?
    • A. 

      Lucifer

    • B. 

      Hybrid cryptography

    • C. 

      Digital envelope

    • D. 

      Session keys

  • 25. 
    The NIST developed federal government standards beginning in 1991 called digital signature standards. Of the DSS standards RSA and DSA are most commonly used. When two different messages are computed by the same algorithm and the same message digest value results this is what?
    • A. 

      CMAC

    • B. 

      Knapsack algorithm

    • C. 

      Collision

    • D. 

      One-way hatch