Highmark- CISSP Initial Skill Set Evaluation

Approved & Edited by ProProfs Editorial Team
The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.
Learn about Our Editorial Process
| By Infoseci
I
Infoseci
Community Contributor
Quizzes Created: 2 | Total Attempts: 1,035
Questions: 43 | Attempts: 470
SettingsSettingsSettings
Please wait...
Create your own Quiz
Highmark- CISSP Initial Skill Set Evaluation - Quiz

Describe your quiz in a few sentences

Questions and Answers
  • 1. 

    In order to have strong and effective network security in place the Certified Information Systems Security Professional (CISSP) will employ the use of both system and data access controls. This requires management and development of methodologies which ensure proper authentication, proper authorization and the identification and prevention of system attacks.  Access control is defined as who has access to systems and what their permissions to the system are.  Administrative, technical, and physical techniques assist in protecting data and under technical controls, which measure properly describes a PIV card?

    • A.

      An access control mechanism

    • B.

      An encryption device

    • C.

      A remote access authentication protocol

    • D.

      An access control list

    Correct Answer
    A. An access control mechanism
    Explanation
    A PIV card is a Personal Identity Verification card, which is used as an access control mechanism. It is a smart card that contains an individual's personal information and credentials, such as biometric data and digital certificates. The PIV card is used to authenticate and authorize individuals to access systems and resources within an organization. It ensures that only authorized personnel have access to sensitive information and helps prevent unauthorized system attacks. Therefore, the use of a PIV card aligns with the goal of implementing strong and effective network security by employing access control mechanisms.

    Rate this question:

  • 2. 

    In the use of logical access controls, biometric authentication is considered to be which of the following?

    • A.

      The strongest authentication available because of the rarity of similar human characteristics such as fingerprints.

    • B.

      The weakest form of authentication because it can be forged or replicated.

    • C.

      The strongest form of authentication because it uses two authentication requirements.

    • D.

      Not the strongest form of authentication because it is based on only one authentication requirement.

    Correct Answer
    D. Not the strongest form of authentication because it is based on only one authentication requirement.
    Explanation
    Biometric authentication is not considered the strongest form of authentication because it is based on only one authentication requirement. While biometric characteristics such as fingerprints are unique to individuals, they can still be compromised or replicated. The strongest form of authentication typically involves the use of multiple factors, such as something the user knows (password), something the user has (smart card), and something the user is (biometric).

    Rate this question:

  • 3. 

    Centralized access controls are used for authentication of remote users where the access control system maintains the users account information in a central location. From the choices available, which form of centralized access is LEAST reliable?

    • A.

      PAP

    • B.

      LDAP

    • C.

      RAS

    • D.

      RADIUS

    Correct Answer
    D. RADIUS
    Explanation
    RADIUS (Remote Authentication Dial-In User Service) is the least reliable form of centralized access control among the given options. RADIUS is a protocol that allows remote users to authenticate and gain access to a network. However, it has some limitations that make it less reliable compared to the other options. For example, RADIUS does not support strong encryption, making it vulnerable to security breaches. Additionally, RADIUS has limited scalability and can struggle to handle high volumes of authentication requests, leading to potential performance issues. Therefore, when considering reliability, RADIUS is the least preferable option.

    Rate this question:

  • 4. 

    The operating system performs many security functions on a computer in order to facilitate applications. In which function does the operating system prevent a process from tampering with other processes?

    • A.

      Access control

    • B.

      Authentication

    • C.

      Network communication

    • D.

      Process isolation

    Correct Answer
    D. Process isolation
    Explanation
    The operating system prevents a process from tampering with other processes through process isolation. This function ensures that each process runs in its own separate memory space, preventing it from accessing or modifying the memory of other processes. By isolating processes, the operating system enhances security by preventing unauthorized access and interference between processes, thereby safeguarding the integrity and stability of the system.

    Rate this question:

  • 5. 

    Service level agreements determine how and when work functions will be performed in terms of software applications and their support. Which one of these choices would not be considered a service level agreement?

    • A.

      Data storage requirements

    • B.

      Physical security

    • C.

      Number of concurrent users

    • D.

      Service desk response

    Correct Answer
    B. pHysical security
    Explanation
    Physical security would not be considered a service level agreement because it does not pertain to the performance or support of software applications. Service level agreements typically focus on measurable metrics such as response times, availability, and performance of the software, whereas physical security relates to the protection of physical assets and facilities.

    Rate this question:

  • 6. 

    Rootkit attacks are designed to hide within the targeted system in order to hide from detection. Rootkits perform malicious acts of destroying, altering, editing, and stealing of data. A rootkit that acts as a virtual machine between the hardware of a computer and the operating system is a what?

    • A.

      Hardware

    • B.

      Kernel

    • C.

      Hypervisor

    • D.

      Library

    Correct Answer
    C. Hypervisor
    Explanation
    A rootkit that acts as a virtual machine between the hardware of a computer and the operating system is called a hypervisor. Hypervisors are designed to create and manage virtual machines, allowing multiple operating systems to run on a single physical machine. In the context of a rootkit attack, a hypervisor rootkit would hide itself by running as a layer between the hardware and the operating system, making it difficult to detect and remove. This allows the rootkit to perform malicious activities such as data destruction, alteration, editing, and theft without being detected by traditional security measures.

    Rate this question:

  • 7. 

    Business continuity planning includes all of the following steps  EXCEPT?

    • A.

      Continuity planning

    • B.

      Application acquisition

    • C.

      Approval and implementation

    • D.

      Business impact assessment

    Correct Answer
    B. Application acquisition
  • 8. 

    What is the correct formula for the annualized loss expectancy (ALE) which is the financial loss a business expects to incur as a result of a risk harming an asset over the course of a year?

    • A.

      ALE=AV x EF

    • B.

      ALE=SLE + EF

    • C.

      ALE=SLE x ARO

    • D.

      ALE=EF-SLE

    Correct Answer
    C. ALE=SLE x ARO
    Explanation
    The correct formula for the annualized loss expectancy (ALE) is ALE = SLE x ARO. ALE stands for the financial loss a business expects to incur as a result of a risk harming an asset over the course of a year. SLE represents the single loss expectancy, which is the amount of loss expected from a single occurrence of the risk. ARO stands for the annual rate of occurrence, which is the estimated number of times the risk is expected to occur in a year. Multiplying the SLE by the ARO gives the ALE, which represents the expected financial loss over the course of a year.

    Rate this question:

  • 9. 

    When designing and deploying business continuity plans which resource should be protected first?

    • A.

      Physical buildings

    • B.

      People

    • C.

      Infrastructure

    • D.

      Financial assets

    Correct Answer
    B. People
    Explanation
    When designing and deploying business continuity plans, the resource that should be protected first is people. This is because employees are the most valuable asset of any organization and their safety and well-being should be the top priority. Without people, the physical buildings, infrastructure, and financial assets are meaningless. Therefore, ensuring the safety and security of employees is crucial for the successful implementation of business continuity plans.

    Rate this question:

  • 10. 

    Steganography is the concealing of information within computer files most often large files of data or images. In steganography the information that is to be concealed and transmitted is the?

    • A.

      Carrier

    • B.

      Payload

    • C.

      Stegomedium

    • D.

      Least significant bit

    Correct Answer
    B. Payload
    Explanation
    In steganography, the information that is to be concealed and transmitted is referred to as the "payload". The payload is the actual data or message that is hidden within the carrier file. The carrier file can be any type of computer file, such as an image or a large file of data, and it serves as a cover for the hidden payload. The goal of steganography is to hide the existence of the payload within the carrier file, making it difficult for anyone to detect the hidden information.

    Rate this question:

  • 11. 

    Which of the following cryptography terms would BEST describe a scenario where a symmetric key encrypts data and an asymmetric key encrypts the symmetric key?

    • A.

      Lucifer

    • B.

      Hybrid cryptography

    • C.

      Digital envelope

    • D.

      Session keys

    Correct Answer
    B. Hybrid cryptograpHy
    Explanation
    Hybrid cryptography is the best term to describe a scenario where a symmetric key encrypts data and an asymmetric key encrypts the symmetric key. In hybrid cryptography, a combination of symmetric and asymmetric encryption techniques is used to achieve both efficiency and security. The symmetric key is used for encrypting the actual data, which is faster and more efficient, while the asymmetric key is used to encrypt the symmetric key, providing an added layer of security. This approach combines the benefits of both encryption methods, ensuring secure communication.

    Rate this question:

  • 12. 

    The NIST developed federal government standards beginning in 1991 called digital signature standards. Of the DSS standards RSA and DSA are most commonly used. When two different messages are computed by the same algorithm and the same message digest value results this is what?

    • A.

      CMAC

    • B.

      Knapsack algorithm

    • C.

      Collision

    • D.

      One-way hatch

    Correct Answer
    C. Collision
    Explanation
    When two different messages are computed by the same algorithm and the same message digest value results, it is known as a collision. A collision occurs when different inputs produce the same output in a hash function. In the context of digital signature standards, collisions are undesirable as they can lead to security vulnerabilities. It is important for hash functions to minimize the likelihood of collisions to ensure the integrity and authenticity of digital signatures.

    Rate this question:

  • 13. 

    The Certified Information Systems Security Professional must understand the basic principles which compose the C-I-A triad as well as understanding defense-in-depth and prevention of failure points. Which term is not included in the C-I-A triad?

    • A.

      Confidentiality

    • B.

      Integrity

    • C.

      Availability

    • D.

      Access

    Correct Answer
    D. Access
    Explanation
    The term "Access" is not included in the C-I-A triad. The C-I-A triad refers to the three fundamental principles of information security: Confidentiality, Integrity, and Availability. Access, on the other hand, refers to the ability to interact with or make use of something, such as gaining entry to a system or resource. While access control is an important aspect of information security, it is not one of the core principles represented by the C-I-A triad.

    Rate this question:

  • 14. 

    "Defense in depth" is an information security strategy which is based on multiple layers of defense. Which of these parts is not a component of "Defense in depth"?

    • A.

      Vendor software solutions

    • B.

      Security management principles

    • C.

      Security technologies

    • D.

      Physical plant security

    Correct Answer
    D. pHysical plant security
    Explanation
    "Defense in depth" is an information security strategy that involves implementing multiple layers of defense to protect against potential threats. This includes various components such as vendor software solutions, security management principles, and security technologies. However, physical plant security, which refers to the physical protection of the facility where the information is stored, is not considered a component of "Defense in depth."

    Rate this question:

  • 15. 

    Managing risk is a key part of information security. The definition of risk includes the threat to and vulnerability of an asset. Which risk management concept involves the absence of a safeguard to protect against a threat?

    • A.

      Threat

    • B.

      Asset

    • C.

      Vulnerability

    • D.

      Risk treatment

    Correct Answer
    C. Vulnerability
    Explanation
    Vulnerability refers to the absence of a safeguard to protect against a threat. In the context of risk management, a vulnerability represents a weakness or flaw in the security measures of an asset. It indicates that there is no protection mechanism in place to mitigate or prevent potential threats from exploiting the asset. By identifying vulnerabilities, organizations can prioritize and implement appropriate safeguards to minimize the risk associated with potential threats.

    Rate this question:

  • 16. 

    Which act or law provides for the "prudent man rule"?

    • A.

      Government Information Security Reform Act of 2000

    • B.

      Computer Security Act of 1987

    • C.

      Federal sentencing guidelines of 1991

    • D.

      Computer Fraud and Abuse Act of 1984

    Correct Answer
    C. Federal sentencing guidelines of 1991
    Explanation
    The "prudent man rule" is provided for in the Federal sentencing guidelines of 1991. This rule requires that individuals in positions of authority exercise reasonable care, skill, and caution when making decisions on behalf of others. It is particularly relevant in the context of financial management and investment decisions, where fiduciaries are expected to act in the best interests of their clients or beneficiaries. The Federal sentencing guidelines of 1991 outline the principles and standards for imposing criminal sentences in the United States federal courts, including considerations for white-collar crimes such as fraud and embezzlement.

    Rate this question:

  • 17. 

    Intangible assets such as a trademarked name is considered intellectual property. Which of the following terms is not a form of intellectual property?

    • A.

      Business plan template

    • B.

      Copyrights

    • C.

      Trademarks

    • D.

      Trade secrets

    Correct Answer
    A. Business plan template
    Explanation
    A business plan template is not a form of intellectual property because it is a tool or framework used to create a business plan, which is a document outlining a company's goals and strategies. Intellectual property refers to legal rights that protect creations of the mind, such as trademarks, copyrights, and trade secrets. These forms of intellectual property provide exclusive rights and protections for original works, inventions, and confidential information. However, a business plan template itself is not an original creation or invention, but rather a tool used to organize and present information in a business plan.

    Rate this question:

  • 18. 

    Which of the following privacy laws prevents internet service providers from making unauthorized disclosures of the content of email and voicemail?

    • A.

      The Electronic Communications Privacy Act of 1986

    • B.

      The Communications Assistance for Law Enforcement Act of 1994

    • C.

      The Economical and Protection of Proprietary Information Act of 1996

    • D.

      The Gramm-Leach-Bliley Act of 1999

    Correct Answer
    A. The Electronic Communications Privacy Act of 1986
    Explanation
    The correct answer is The Electronic Communications Privacy Act of 1986. This law, also known as ECPA, protects the privacy of electronic communications, including email and voicemail. It prohibits internet service providers from making unauthorized disclosures of the content of these communications. ECPA sets guidelines for government surveillance and requires law enforcement agencies to obtain a warrant in order to access the content of electronic communications. It was enacted to update and strengthen privacy protections in response to advancements in technology and the increasing use of electronic communications.

    Rate this question:

  • 19. 

    In the management of security operations the "need to know principle" requires that users are granted access only to the data needed to perform their assigned tasks. Which of the following is NOT a component of the "need to know principle"?

    • A.

      Keeps secret information secret

    • B.

      Is associated with security clearances

    • C.

      Prevents inadvertent access.

    • D.

      Ensures subjects receive privileges

    Correct Answer
    D. Ensures subjects receive privileges
    Explanation
    The "need to know principle" is a concept in security operations that ensures users are only given access to the data necessary for their assigned tasks. It focuses on granting access based on a user's specific needs, rather than providing unrestricted access to all information. The other options mentioned in the question - keeping secret information secret, being associated with security clearances, and preventing inadvertent access - are all components of the "need to know principle" as they contribute to the restriction and control of data access. However, ensuring subjects receive privileges is not a component of this principle, as it does not pertain to the restriction of access based on necessity.

    Rate this question:

  • 20. 

    Patch management involves the development of code which improves performance, corrects a bug, or prevents a vulnerability. Which step in the patch management program would include a change management process?

    • A.

      Evaluation of patches

    • B.

      Approval of patches

    • C.

      Testing of patches

    • D.

      Deployment of patches.

    Correct Answer
    B. Approval of patches
    Explanation
    The step in the patch management program that would include a change management process is the approval of patches. This is because before any patch can be deployed, it needs to go through a thorough evaluation and approval process to ensure that it meets the necessary criteria and does not introduce any new issues. The change management process helps in assessing the impact of the patch on the overall system and ensures that it aligns with the organization's policies and procedures.

    Rate this question:

  • 21. 

    What is the most important aspect in security operations for the separation of duties?

    • A.

      Prevents one person from retaining business trade secrets.

    • B.

      Ensures a platform for increased job responsibility.

    • C.

      It prevents one person from having total control of a function or system.

    • D.

      Determines the level of security clearance.

    Correct Answer
    C. It prevents one person from having total control of a function or system.
    Explanation
    The most important aspect in security operations for the separation of duties is to prevent one person from having total control of a function or system. This is crucial because it reduces the risk of fraud, errors, and abuse. By distributing responsibilities among multiple individuals, it ensures that no single person can manipulate or misuse the system for personal gain. This helps to maintain integrity, confidentiality, and availability of critical resources within an organization's security framework.

    Rate this question:

  • 22. 

    The process of developing a secure facility plan is called the  critical path analysis. The critical path analysis is used to systematically identify critical operations and processes. Three of the following factors are most suited for  the analysis of a server room. Which would not be a part of a critical path analysis?

    • A.

      Flood plain level

    • B.

      Cost of IT equipment upgrade

    • C.

      Temperature control

    • D.

      Electrical reliability

    Correct Answer
    B. Cost of IT equipment upgrade
    Explanation
    The critical path analysis is used to identify critical operations and processes that are essential for the functioning of a secure facility. Factors such as flood plain level, temperature control, and electrical reliability are all crucial for the security and operation of a server room. However, the cost of IT equipment upgrade is not directly related to the critical path analysis. While it may be an important consideration for the overall facility plan, it does not specifically pertain to the identification of critical operations and processes.

    Rate this question:

  • 23. 

    Physical security controls are grouped into three categories of physical, technical, and administrative. When designing the physical security environment four basic principals are used. 

    • A.

      Detection

    • B.

      Deterrence

    • C.

      Distinguish

    • D.

      Denial

    Correct Answer
    C. Distinguish
    Explanation
    The principle of "distinguish" in designing the physical security environment refers to the ability to differentiate between authorized individuals and unauthorized individuals. This can be achieved through various means such as identification badges, access control systems, or biometric authentication. By implementing measures that distinguish between authorized and unauthorized individuals, organizations can ensure that only those with proper credentials or permissions are granted access to protected areas or resources. This helps to enhance the overall security of the physical environment by preventing unauthorized individuals from gaining entry.

    Rate this question:

  • 24. 

    Considering physical access controls which is the most prevalent form of perimeter security?

    • A.

      Lighting

    • B.

      Fencing

    • C.

      Security personnel

    • D.

      Video monitoring

    Correct Answer
    A. Lighting
    Explanation
    Lighting is the most prevalent form of perimeter security because it helps to deter potential intruders by illuminating the area around the perimeter. Well-lit areas make it difficult for individuals to hide or approach undetected, increasing the chances of being noticed by security personnel or surveillance cameras. Adequate lighting also enhances the effectiveness of other security measures, such as video monitoring, by providing clear visibility. Additionally, lighting can create a sense of safety and discourage criminal activities, making it an essential component of physical access controls.

    Rate this question:

  • 25. 

    Protection mechanisms for a computer security system may include protection rings which organize code and applications under the operating systems control. Using the four ring model of protection ring which level has the highest privilege level?

    • A.

      Ring 0

    • B.

      Ring 3

    • C.

      Ring 1

    • D.

      Ring 4

    Correct Answer
    A. Ring 0
    Explanation
    In computer security systems, protection rings are used to organize code and applications under the control of the operating system. The four ring model consists of Ring 0, Ring 1, Ring 2, and Ring 3. The level with the highest privilege level is Ring 0. This means that code and applications running at Ring 0 have the highest level of access and control over the system.

    Rate this question:

  • 26. 

    Which security mode provides access where control is based on whether the users security clearance level dominates the object's sensitivity level? 

    • A.

      Compartmental mode

    • B.

      System High mode

    • C.

      Multilevel mode

    • D.

      Dedicated mode

    Correct Answer
    C. Multilevel mode
    Explanation
    Multilevel mode provides access based on the dominance of the user's security clearance level over the object's sensitivity level. This means that a user with a higher security clearance can access objects with lower sensitivity levels, but a user with a lower security clearance cannot access objects with higher sensitivity levels. This mode allows for controlled access to information based on the security needs of the users and the sensitivity of the objects.

    Rate this question:

  • 27. 

    When using a redundant server system to prevent a single point failure, which redundant server deploys two or more servers to share workload of applications?

    • A.

      Database shadowing

    • B.

      Clusters

    • C.

      Electronic vaulting

    • D.

      Server mirroring

    Correct Answer
    B. Clusters
    Explanation
    Clusters are a type of redundant server system that deploys two or more servers to share the workload of applications. This helps prevent a single point of failure by distributing the workload across multiple servers. By dividing the workload, clusters ensure that if one server fails, the other servers in the cluster can continue to handle the workload, maintaining the availability and reliability of the applications.

    Rate this question:

  • 28. 

    The MAC sub layer operates between the logical link control sub layer and the physical layer. Which of the following is NOT a function of the MAC sub layer?

    • A.

      Identifies hardware device addresses

    • B.

      Encrypts LLC sub layers

    • C.

      Performs error control

    • D.

      Controls media access

    Correct Answer
    B. Encrypts LLC sub layers
    Explanation
    The MAC sub layer is responsible for identifying hardware device addresses, performing error control, and controlling media access. However, it does not encrypt LLC sub layers. Encryption is typically handled by higher layers of the network protocol stack, such as the network or transport layer.

    Rate this question:

  • 29. 

    Virtual private networks provide secure tunnels over public networks. Under level 2 tunneling protocol (L2TP) secure VPN connections are created for client server connections. L2TP will address all of the following requirements for the user EXCEPT?

    • A.

      Local Addressing

    • B.

      Authorization

    • C.

      Limited speed requirements

    • D.

      Authentication

    Correct Answer
    C. Limited speed requirements
    Explanation
    L2TP will address local addressing, authorization, and authentication requirements for the user. However, it does not specifically address limited speed requirements. L2TP is primarily focused on providing secure VPN connections rather than optimizing network speed.

    Rate this question:

  • 30. 

    Telephone communications systems are susceptible to security breaches as networks. Which of these choices is NOT  a corporate telecommunications switch to be protected with security measures?

    • A.

      PBX

    • B.

      POTS

    • C.

      VoIP

    • D.

      TeleNet iX

    Correct Answer
    D. TeleNet iX
    Explanation
    TeleNet iX is not a corporate telecommunications switch that needs to be protected with security measures. The other options, PBX, POTS, and VoIP, are all types of corporate telecommunications switches that are susceptible to security breaches and require security measures to protect them.

    Rate this question:

  • 31. 

    Your Job Title:

    Correct Answer
    N/A
  • 32. 

    Years of Overall Professional Experience:

    Correct Answer
    N/A
  • 33. 

    Years in Current Job Title:

    Correct Answer
    N/A
  • 34. 

    On a scale of 1-5 with 5 being the highest, rate your expertise level in the CISSP Domain of Access Control.

    • A.

      1

    • B.

      2

    • C.

      3

    • D.

      4

    • E.

      5

    Explanation
    The given correct answer is 1. This indicates that the person has the lowest level of expertise in the CISSP Domain of Access Control. A rating of 1 suggests that the person has very limited knowledge and understanding of access control concepts and practices. They may have little to no experience in implementing access control measures or managing access to systems and resources.

    Rate this question:

  • 35. 

    On a scale of 1-5 with 5 being the highest, rate your expertise level in the CISSP Domain of Application Security.

    • A.

      1

    • B.

      2

    • C.

      3

    • D.

      4

    • E.

      5

    Explanation
    The given correct answer is 5. This indicates that the person has the highest level of expertise in the CISSP Domain of Application Security.

    Rate this question:

  • 36. 

    On a scale of 1-5 with 5 being the highest, rate your expertise level in the CISSP Domain of Business Continuity.

    • A.

      1

    • B.

      2

    • C.

      3

    • D.

      4

    • E.

      5

    Explanation
    This question is asking the respondent to rate their expertise level in the CISSP Domain of Business Continuity on a scale of 1-5, with 5 being the highest. The correct answer is "3". This indicates that the respondent has a moderate level of expertise in the CISSP Domain of Business Continuity.

    Rate this question:

  • 37. 

    On a scale of 1-5 with 5 being the highest, rate your expertise level in the CISSP Domain of Cryptography.

    • A.

      1

    • B.

      2

    • C.

      3

    • D.

      4

    • E.

      5

    Explanation
    The given correct answer is "1". This indicates that the individual has the lowest level of expertise in the CISSP Domain of Cryptography. A rating of 1 suggests that the person has limited knowledge and understanding of the concepts and principles of cryptography. They may have a basic understanding of encryption algorithms, key management, and cryptographic protocols, but their expertise in this domain is minimal.

    Rate this question:

  • 38. 

    On a scale of 1-5 with 5 being the highest, rate your expertise level in the CISSP Domain of Information Security & Risk Management.

    • A.

      1

    • B.

      2

    • C.

      3

    • D.

      4

    • E.

      5

    Explanation
    This question asks the respondent to rate their expertise level in the CISSP Domain of Information Security & Risk Management on a scale of 1-5, with 5 being the highest. The correct answer is 3. This means that the respondent considers themselves to have a moderate level of expertise in this domain.

    Rate this question:

  • 39. 

    On a scale of 1-5 with 5 being the highest, rate your expertise level in the CISSP Domain of Legal Regulations, Compliance, & Investigations.

    • A.

      1

    • B.

      2

    • C.

      3

    • D.

      4

    • E.

      5

    Explanation
    The question asks the respondent to rate their expertise level in the CISSP Domain of Legal Regulations, Compliance, & Investigations on a scale of 1-5. The correct answer is "3". This indicates that the respondent has a moderate level of expertise in this domain. They have some knowledge and understanding of legal regulations, compliance, and investigations, but may still have room for improvement and further learning in this area.

    Rate this question:

  • 40. 

    On a scale of 1-5 with 5 being the highest, rate your expertise level in the CISSP Domain of Physical (Environmental) Security.

    • A.

      1

    • B.

      2

    • C.

      3

    • D.

      4

    • E.

      5

    Explanation
    The question asks the respondent to rate their expertise level in the CISSP Domain of Physical (Environmental) Security on a scale of 1-5, with 5 being the highest. The correct answer is "1". This implies that the respondent has the lowest level of expertise in this domain.

    Rate this question:

  • 41. 

    On a scale of 1-5 with 5 being the highest, rate your expertise level in the CISSP Domain of Security Architecture & Design.

    • A.

      1

    • B.

      2

    • C.

      3

    • D.

      4

    • E.

      5

    Explanation
    This question is asking the respondent to rate their expertise level in the CISSP Domain of Security Architecture & Design on a scale of 1-5, with 5 being the highest. The correct answer is "5" as it indicates that the respondent has the highest level of expertise in this domain.

    Rate this question:

  • 42. 

    On a scale of 1-5 with 5 being the highest, rate your expertise level in the CISSP Domain of Telecommunications & Network Security.

    • A.

      1

    • B.

      2

    • C.

      3

    • D.

      4

    • E.

      5

    Explanation
    The given correct answer is "1". This indicates that the person has the lowest expertise level in the CISSP Domain of Telecommunications & Network Security.

    Rate this question:

  • 43. 

    Years at Highmark

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Jun 18, 2024
    Quiz Edited by
    ProProfs Editorial Team
  • Nov 20, 2013
    Quiz Created by
    Infoseci

Related Topics

Recent Quizzes

Trivia quiz on CISSP exam! Trivia quiz on CISSP exam!
CISSP Study Quiz 2 CISSP Study Quiz 2
Highmark- CISSP Initial Skill Set Evaluation Highmark- CISSP Initial Skill Set Evaluation
CISSP- Telecommunications & Networking CISSP- Telecommunications & Networking
CISSP- Security Architecture and Design CISSP- Security Architecture and Design
CISSP Quiz: Physical and Environmental Security! CISSP Quiz: Physical and Environmental Security!

Featured Quizzes

Scholarship Exam Quiz: Questions and Answers Scholarship Exam Quiz: Questions and Answers
Take the Does He Like Me Quiz to Decode His True Feelings Take the Does He Like Me Quiz to Decode His True Feelings
What Ethnicity Do I Look Like? Quiz What Ethnicity Do I Look Like? Quiz
Am I Handsome? Quiz Am I Handsome? Quiz
Which BTS Member Are You? Quiz Which BTS Member Are You? Quiz
Do I Have a Crush on Him? Quiz Do I Have a Crush on Him? Quiz

Popular Topics

+ Show more
Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.