×

Quiz Session - Attempts With Random Questions

CompTIA CASP+ Exam Questions

Page 1 of 50

1.

Acme Inc. is concerned about the potential risk of critical business data being lost to a ransomware attack. As a result, they purchase cyber-insurance that will compensate them if the data is compromised by ransomware. 

What approach to handling risk is this?

  • Transfer

  • Control

  • Mitigate

  • Observe

Correct answer: Transfer

The four ways to handle risk are:

  • Avoid - Eliminate the risk in some way. For example, an organization may avoid doing something or stop doing something.
  • Accept - Accept the risk and proceed anyway. An informed decision has been made to move forward despite the risk.
  • Transfer - Transfer the risk to some other organization or person. A common example of transferring risk is purchasing insurance.
  • Mitigate - A control(s) is implemented to reduce risk.

2.

Which of the following are free tools that can be used to collect process, ARP cache, and routing table evidence?

Choose TWO.

  • PSTools

  • Sysinternals

  • FTK Imager

  • Carbon Black

  • Autopsy

PSTools and Sysinternals are free tools used for various system administration tasks, including collecting process information, ARP cache, and routing table evidence.

FTK Imager is used for capturing RAM and hard disk data.

Carbon Black is a commercial product for endpoint protection.

Autopsy is a product for analyzing forensic data.

3.

A software development company wants to test its code in an environment where it cannot make changes to the operating system or other files outside of its restricted area. Which type of solution should they use for this?

  • Sandboxing

  • Code signing

  • Jailbreaking

  • Clustering

Correct answer: Sandboxing

Sandboxing is a technique for limiting the ability of code to affect the rest of the system. This can be useful for testing an application in development or for running untrusted applications.

Code signing is used to verify an application's author and that the code has not changed in transit. Jailbreaking is the process of removing restrictions imposed by a device's manufacturer or provider. Clustering is used for improved performance and fault tolerance.

4.

As a security engineer at Acme Inc., you're tasked with helping secure video conferences within the organization. Which of the following practices should you recommend?

  • Create strong passcodes for periodic meetings and change them for each meeting

  • Create strong passcodes for periodic meetings and keep them the same for each meeting

  • Don't use videoconferencing software for corporate meetings

  • Don't use passcodes for one-time events

Correct answer: Create strong passcodes for periodic meetings and change them for each meeting

Videoconferencing systems are a common collaboration tool in modern organizations. They also create a number of security risks. Practices that help limit the risks associated with videoconferencing include:

  • Creating strong passcodes for meetings
  • Changing passcodes for periodic meetings
  • Installing antivirus on computers
  • Using caution when opening attachments and installing software

Not using videoconferencing software at all is not a valid solution for a business requirement that calls for videoconferencing.

5.

What term describes residual data that remains on storage media after deletion?

  • Data remanence

  • Watermarked data 

  • Protected enclaves

  • Memory leak data

Correct answer: Data remanence 

Data remanence is residual data that remains on storage media after deletion. In many cases, simply deleting data does not completely remove it from a storage media. Ensuring data remanence is addressed is an important part of avoiding data leakage. 

Watermarking is a digital rights management technique that indicates data ownership. For example, a watermark on a photo may indicate the marketing agency that owns it. 

Protected enclaves is an approach to data zone creation that focuses on implementing controls based on the importance and sensitivity of the data in a given area.

A memory leak occurs when programs do not properly release unused memory allocations. 

6.

A small-sized company of a few people will start hiring more employees soon. Currently, each user manages their own workstation, and each user takes a different approach to making sure their computer is secure. What should the company implement in order to ensure that each user has a baseline of security for their system?

  • Policies

  • Availability zones

  • NAC lists

  • FIM

Correct answer: Policies

Policies are used to enforce a standard operating system environment. In Windows, Group Policy is used with Active Directory to administer settings.

Availability zones are independent locations within a region when using cloud computing. A Network Access Control (NAC) list is a list of rules that define who can access a resource. File Integrity Monitoring (FIM) is used to keep track of changes to important files.

7.

What type of isolation do containers provide?

  • Isolation between applications

  • Isolation between network segments

  • Operating system kernel isolation

  • Hypervisor isolation

Correct answer: Isolation between applications

Containers enable the isolation of applications running on the same server. However, containers running on the same server share the same underlying operating system kernel. 

Isolating network segments is not a primary function of containers, and "hypervisor isolation" is a distractor answer. 

8.

A company wants a group of testers to try their product, but does not want them to share any details about it to the public. What type of agreement should they have the participants sign?

  • NDA

  • MOU

  • SLA

  • ISA

Correct answer: NDA

A Non-Disclosure Agreement (NDA) is used to define information that cannot be shared with others.

A Memorandum of Understanding (MOU) is an agreement that shows a common line of action without legal binding. A Service Level Agreement (SLA) defines the levels of service that will be provided to a client. An Interconnection Security Agreement (ISA) is used to outline how two companies will share connected IT systems.

9.

Which of these would NOT generally be part of an audit trial?

  • Plaintext passwords 

  • Access logs

  • Data from a SIEM

  • Vulnerability logs

Correct answer: Plaintext passwords 

Audit trials often include a variety of logs and security information. Access logs, data from a SIEM, and vulnerability logs are all possible examples of data that is part of an audit trial. Passwords should not be stored in plaintext and plaintext passwords would not generally be part of an audit trial.

10.

Of the following, which type of chip makes full-drive encryption possible?

  • TPM

  • Out-of-band

  • ASLR

  • TLS

Correct answer: TPM

Full-disk encryption implementations, like Windows BitLocker, often require a Trusted Platform Module (TPM). The TPM is a chip located in the motherboard that can store and use password protection, digital rights management, and enables full-disk encryption. The TPM chip houses the keys used to encrypt a system drive and decrypt it upon startup. This can protect against the hard drive being removed and inserted into another system to attempt to exfiltrate data.

TLS is a common form of encryption for data in transit, but not a type of chip. Out-of-band is a form of access that does not use a standard network, such as dial-in or cellular access to an Ethernet LAN. Address space layout randomization (ASLR) is a technique that helps prevent attacks that attempt to corrupt memory.

11.

Which of the following is a command-line utility that can be used for port scanning, file transfers, and port listening?

  • nc

  • nbtstat

  • tshark

  • netstat

Correct answer: nc

nc (Netcat) is a command-line utility with many investigative operations, including port scanning, file transfers, port listening and more. The following command would scan the specified IP address for ports 1 through 2000:

nc -v 10.0.0.1 1-2000

The netstat command displays network statistics and open ports on a computer or server. The nbstat command displays NetBIOS over TCP statistics on a computer or server. Tshark is a protocol analyzer that allows users to create packet captures compatible with tools like WireShark. 

12.

Acme Inc. runs a database server. They value the server and associated data at $10,000. The server's operating system is out of date and it cannot be patched. You have determined there is a 20% chance of compromise in the next year, and that a compromise would lead to a loss of 50% of the value (half of the data) on the server. 

From a quantitative risk assessment perspective, what is the EF?

  • 50%

  • $5,000

  • 20%

  • $2,000

Correct answer: 50%

EF (exposure factor) is how much a particular threat could impact a given asset, expressed as a percentage. The question tells us that a compromise would lead to a 50% loss of value. Therefore, EF = 50%.

13.

Which of the following is NOT an access authentication protocol?

  • DNSSEC

  • LDAP

  • CHAP

  • PAP

Correct answer: DNSSEC

LDAP, CHAP, PAP, and MS-CHAP v2 are all examples of an access authentication protocol. DNSSEC is not an access authentication protocol. DNSSEC uses digital signatures to validate the authenticity of DNS servers. 

14.

What data sensitivity label should be applied to PHI?

  • High impact

  • Unrestricted 

  • Moderate impact

  • Public

Correct answer: High impact 

PHI (protected health information) is subject to HIPAA regulations in the U.S. and could cause severe negative impact if leaked. Using NIST data sensivity labels, PHI should be labeled "high impact."

PHI data disclosure would generally be considered greater than moderate impact and PHI should not be labeled unrestricted or public.

15.

Which of the following is one of the primary issues with symmetric encryption?

  • It only provides confidentiality 

  • It is not as fast as asymmetric encryption 

  • It only provides authentication

  • Ciphertext cannot be decrypted

Correct answer: It only provides confidentiality 

  • Key distribution - Symmetric encryption requires shared keys that encrypt plaintext and decrypt ciphertext to be distributed over a secure out-of-band (OOB) channel to remain secure.
  • Key management - As the number of participants that need to exchange keys increases with symmetric encryption, key management gets significantly more complex. Specifically, the formula for the number of keys required per participant (N) is: N(N - 1) ÷ 2.
  • Only provides confidentiality - Symmetric encryption provides confidentiality, but does not provide authentication like asymmetric key authentication does.

Generally, symmetric encryption is faster than asymmetric encryption.

16.

Which of the following is a regulation that requires financial institutions to implement vulnerability scanning?

  • SOX

  • NIST

  • OSHA

  • VMaaS 

Correct answer: SOX

SOX (The Sarbanes–Oxley Act) is a U.S. federal law that applies to financial institutions. One of the requirements of SOX is for financial organizations to implement vulnerability scanning.

NIST is the National Institute for Standards.

OSHA (Occupational Safety and Health Administration) is a U.S. regulatory body that deals with workplace safety.

VMaaS (Vulnerability Management as a Service) is a way to outsource vulnerability management to a 3rd party.

17.

The CISO at Acme Inc. asks you to assess the maturity of their security operations center. Which of the following is the MOST applicable model to use for the assessment?

  • CMMI

  • NIST

  • GDPR

  • COPPA

Correct answer: CMMI

CMMI (Capability Maturity Model Integration) is a method improvement tool that groups projects and organizational units into one of five maturity levels. From lowest to highest, the five maturity levels are:

  1. Initial
  2. Managed
  3. Defined
  4. Qualitatively Managed
  5. Optimized

NIST (National Institute of Standards) is a United States Department of Commerce agency focused on creating standards and promoting innovation.

GDPR (General Data Protection Regulation) is an EU (European Union) data privacy law that grants data subjects multiple rights and enforces data security and privacy requirements related to how organizations handle data belonging to citizens of the EU.

COPPA (The Children's Online Privacy Protection Rule) is a United States law about protecting children under the age of 13 online.

18.

A company wants to enable integration by using middleware to move messages between unlike services. What type of solution should they adopt for this?

  • ESB

  • SOA

  • DNS

  • LDAP

Correct answer: ESB

The Enterprise Service Bus (ESB) is the middleware that handles the communication between software applications in an SOA. Different providers of ESB provide products with varying functionalities.

Service-Oriented Architecture (SOA) is an approach to building modular, reusable, and interoperable services. DNS is used to translate domain names to IP addresses. LDAP (Lightweight Directory Access Protocol) is a directory service.

19.

Which of the following is one of the primary issues with symmetric encryption?

  • Key distribution

  • Lack of shared keys

  • Ciphertext cannot be decrypted

  • Plaintext cannot be encrypted

Correct answer: Key distribution

The 3 primary issues with symmetric encryption are:

  • Key distribution - Symmetric encryption requires shared keys that encrypt plaintext and decrypt ciphertext to be distributed over a secure out-of-band (OOB) channel to remain secure.
  • Key management - As the number of participants that need to exchange keys increases with symmetric encryption, key management gets significantly more complex. Specifically, the formula for the number of keys required per participant (N) is: N(N - 1) ÷ 2.
  • Only provides confidentiality - Symmetric encryption provides confidentiality, but does not provide authentication like asymmetric key authentication does.

20.

Which of the following decouples the network hardware layer from the network control layer?

  • SDN

  • MPLS

  • VLAN

  • VPC

Correct answer: SDN

SDN (software-defined networking) is the virtualization of network technologies that creates a software-defined control plane that is decoupled from hardware. Virtualizing the control plane enables more flexibility and control in network management. 

MPLS (multiprotocol label switching) is a network protocol used to connect multiple network locations. 

A VLAN (virtual local area network) is a logically isolated network segment. 

A VPC (virtual private cloud) is a logically isolated environment in a public cloud.

×