×

Quiz Session - Attempts With Random Questions

CompTIA CASP+ Exam Questions

Page 10 of 50

181.

An IT administrator wants a system that has multiple power supplies, network cards, and CPUs so that it can automatically recover from a hardware failure. What term describes this type of solution?

  • Self-healing hardware

  • System on a chip

  • Field-programmable gate array

  • Programmable logic controller

Correct answer: Self-healing hardware

Self-healing hardware refers to a system with redundant hardware components that can automatically detect a problem and switch to good hardware.

A System on a Chip (SoC) is an integrated circuit that has most of its components integrated. A Field-Programmable Gate Array (FPGA) is a circuit that can be reconfigured. A Programmable Logic Controller (PLC) is a computer used in industrial settings.

182.

Encryption algorithms typically employ one of two methods to provide secure encryption: symmetric or asymmetric encryption. Of the following, which is NOT a symmetric algorithm?

  • RSA

  • IDEA

  • AES

  • DES

Correct answer: RSA

RSA is the only asymmetric algorithm listed. IDEA, AES, and DES are all symmetric forms of encryption.

  • Digital Encryption Standard (DES), a symmetric algorithm, uses a 64-bit key and divides the message into 64-bit blocks, with 16 rounds of transposition and substitution performed on each block.
  • Advanced Encryption Standard (AES), another symmetric algorithm, is the replacement for DES. It can provide three different block sizes: 128, 192, and 256. Each goes through more iterations of computing the algorithm applied to the message.
  • International Data Encryption Algorithm (IDEA) is a symmetric block cipher that uses 64-bit blocks. Each block is divided into 16 smaller blocks and then computed several times.

183.

Which of the following functions is an Application Delivery Controller (ADC) PRIMARILY used for?

  • Load balancing traffic across multiple servers

  • Translating IP addresses to domain names

  • Authenticating users in a Windows-based environment

  • Encrypting end-to-end connection for remote access

Correct answer: Load balancing traffic across multiple servers

An ADC has many functions for optimizing the delivery and performance of applications. One feature is load balancing, which distributes traffic across multiple servers to provide fault tolerance and prevent overloading of a single server.

A DNS server translates IP addresses to domain names. A domain controller is for authenticating users in a Windows-based environment. A VPN encrypts end-to-end connections for remote access.

184.

Which of the following artifacts is used for physical security?

  • Visitor logs

  • Access logs

  • Network logs

  • Vulnerability logs

Correct answer: Visitor logs

A visitor log is a record of every person that visits an organization's building. This is an important artifact for investigating any incidents concerning physical security.

Access logs are used to record users that access network resources. Network logs are log files created by network devices. Vulnerability logs are logs created by vulnerability scanners.

185.

The text below is an example of what?

192.88.99.11 - - [1/Aug/2022:21:38:34 +0000] "GET /home HTTP/1.1" 404 456 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_3 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13G34 Safari/601.1"

  • Web server access log message

  • Output of the command bash -r

  • Cisco router global configuration mode prompt

  • Apache configuration file

Correct answer: Web server access log message

192.88.99.11 - - [1/Aug/2022:21:38:34 +0000] "GET /home HTTP/1.1" 404 456 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_3 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13G34 Safari/601.1" is the type of message you would see in an Apache web server access.log file. The access.log file is the access log for Apache and details requests sent to the web server and can help detect malicious behavior. The popular nginx web server offers a similar access log. 

The bash -r command runs the bash shell in restricted mode. A Cisco router global configuration mode prompt looks similar to "Router(config)#" by default and is a prompt where users can input commands. Apache configuration files do not use the formatting in the example message. 

186.

Which of the following network protocols can provide detailed information on bandwidth utilization and network traffic data such as point of origin and destination? 

  • NetFlow

  • eBGP

  • iBGP

  • SFTP 

Correct answer: NetFlow

NetFlow provides detailed information on bandwidth utilization and network traffic data such as point of origin and destination.

eBGP and iBGP are routing protocols. 

SFTP is a file-transfer protocol. 

187.

Acme Inc. is building out their public key infrastructure (PKI). What type of certificates will the applications that use their PKI likely use?

  • X.509

  • 802.1x

  • Poly1305

  • VPC

Correct answer: X.509

X.509 is a standard type of certificate used for digital signatures and certificates based on PKI. 

802.1x is a network standard for port-based access. 

Poly1305 is a hashing algorithm. 

A VPC (virtual private cloud) is a logically isolated environment in a public cloud.

188.

What term describes a valuable item within an organization and includes software, hardware, and data?

  • Asset

  • Infrastructure

  • Endpoint

  • Actor

Correct answer: Asset

An asset is a valuable item within an organization. Much of cybersecurity focuses on protecting assets such as software applications, sensitive data, and hardware. 

Infrastructure supports and includes assets, but is not the term that describes the entire class of items described by the term asset. Similarly, an endpoint may be an asset, but not all assets are endpoints. Actor is a distractor answer choice.

189.

Which of the following statements about asymmetric encryption is FALSE?

  • It is faster than symmetric encryption

  • It provides nonrepudiation

  • It provides confidentiality 

  • It is more scalable than symmetric encryption

Correct answer: It is faster than symmetric encryption

Asymmetric encryption is slower than symmetric encryption. 

While symmetric encryption provides confidentiality only, asymmetric encryption provides nonrepudiation, authentication, integrity, and confidentiality.

Because asymmetric encryption is better at key management and can securely exchange keys in-band, it is highly scalable. It is often used in e-commerce and comparable applications because of its scalability.

190.

Acme Inc. was a victim of fraud; it was the fault of one employee with no involvement from any others. After an investigation by security auditors, the recommendation Acme Inc. receives is that they should make sure the position requires multiple employees to complete critical tasks. 

What control are the security experts suggesting be implemented?

  • Dual control

  • Mandatory vacation

  • Job rotation

  • Delphi Technique

Correct answer: Dual control

Dual control is an employee control that requires two or more employees to work together to complete a task. 

Job rotation is an employee control that rotates employees between different assignments. 

Mandatory vacation is an employee control that requires employees to take time off and allows employers to conduct audits. This control is common in finance. 

The Delphi Technique is a qualitative risk assessment technique.

191.

Of the following, which is NOT a command-line utility?

  • RDP

  • ping

  • netstat

  • nslookup

Correct answer: RDP

Microsoft's Remote Desktop Protocol (RDP) is used in their Remote Desktop program on Windows systems. The other commands, ping, netstat, and nslookup, all operate within the command prompt on the appropriate operating systems. Combined with switches and input information, they are used through a console, while the RDP protocol is used with a graphical user interface (GUI).

192.

An attacker has gained access to a LAN with virtual machine hosts. They gain access to a virtual machine running in a type 1 hypervisor and exploit it to run malicious code on the hypervisor. 

What type of attack is this?

  • Hyperjacking

  • VM escape

  • DoS

  • VM insertion attack

Correct answer: Hyperjacking

A hyperjacking attack occurs when a guest operating system is able to "break out" from the encapsulation provided by a type 1 hypervisor and interact with the host directly. Comparable attacks against type 2 hypervisors are called VM escape attacks.

DoS (denial of service) attacks are a category of attacks that aim to bring a system offline by overloading its resources. DDoS (distributed DoS) and reflection attacks are types of DoS attacks.

Insertion attacks involve an attacker using a specially crafted time-to-live (TTL) to send different traffic to an endpoint and security appliance to limit the effectiveness of the appliance's threat detection. "VM insertion attack" is a distractor answer.

193.

Which of the following is NOT a benefit of VLANs?

  • Physical network isolation

  • Reduced network congestion

  • Smaller broadcast domains

  • Logical network isolation

Correct answer: Physical network isolation

Virtual local area networks (VLANs) separate networks by logically isolating them. VLANs are implemented by network devices like managed switches and do not provide physical isolation. Devices connected to the same physical switch could be on different VLANs.

By logically isolating networks, VLANs also reduce network congestion and create smaller broadcast domains than a network that includes all connected devices. 

194.

What are the transport protocols and default port numbers for DNS?

  • TCP and UDP: Port 53

  • TCP: Port 53

  • TCP and UDP: Port 22

  • TCP: Port 80

Correct answer: TCP and UDP: Port 53

As a CASP candidate, it is very important that you know the port numbers of both secure and insecure services and applications. In cases where you need to block or allow a traffic type, you need to know the port number of the traffic type. DNS queries are transmitted using UDP port 53 by default. DNS zone transfers use TCP port 53 by default.

195.

A company has finished recovering from an incident. What process should they complete next so that they prevent a similar threat from happening again?

  • Start the lessons learned process

  • Evaluate the nature of the incident

  • Isolate the affected systems

  • Engage in security awareness training

Correct answer: Start the lessons learned process

After an incident has been responded to, the next process is the lessons learned process. This involves making changes that will better posture the organization against future attacks.

Evaluating the nature of the incident is done in the analysis phase. Isolating the affected systems is part of the containment phase. Engaging in security awareness training is part of the preparation phase.

196.

You are a security consultant working for Acme, Inc. The CISO asks you to draft a document that ensures employees handle personal data in a way that is compliant with General Data Protection Regulation (GDPR). 

What type of document will meet this requirement?

  • Regulatory policy

  • Advisory policy

  • Access control list

  • Access log

Correct answer: Regulatory policy

A regulatory policy is a policy based on a law or regulatory standards. A policy that aligns internal processes with GDPR is an example of a regulatory policy. 

Advisory policies explain the consequencies of not performing certain actions or not following specific guidelines. An acceptable use policy is a textbook example of an advisory policy. 

An access control list (ACL) is a set of rules that limit access to resources. A common example of an ACL is a set of firewall rules that limit access based on network address ranges. 

An access log is a log file that contains information on who accessed a system and what requests were made.

197.

Of the following, which is NOT an advantage of wildcard certificates compared to individual certificates?

  • Certificate revocation is easier with wildcard certificates 

  • Wildcards are easier to manage, deploy, and renew

  • Wildcard certificates can provide cost savings over individual certificate purchases

  • Wildcards can secure unlimited subdomains

Correct answer: Certificate revocation is easier with wildcard certificates 

With wildcard certificates, certificate revocation can be much harder than with individual certificates, as each web server using the certificate needs to have it removed. If they have not been removed, they can be compromised. In addition, some mobile devices do not recognize wildcard certificates.

A single wildcard certificate is generally easier to manage, deploy, and renew because one certificate can be used for multiple subdomains instead of sourcing a certificate for each individual subdomain. 

A single wildcard certificate can provide cost savings when compared to the cost of multiple individual certificates. 

A single wildcard certificate is valid for all subdomains within a given domain, while individual certificates are only valid for one subdomain.  

198.

Which of the following is an internationally recognized standard that details information security controls for domains including compliance, supplier relationships, and asset management?

  • ISO 27001

  • RFC3227

  • UL 1449

  • Sarbanes-Oxley Act of 2002

Correct answer: ISO 27001

ISO 27001 is a standard published by the International Organization for Standardization (ISO) that details information security controls for 14 domains including compliance, supplier relationships, and asset management.

RFC3227 covers best practices related to "guidelines for evidence collection and archiving."

UL 1449 is an Underwriter's Laboratory standard for surge suppressors. 

The Sarbanes-Oxley (SOX) Act of 2002 is a United States federal law related to financial regulations.

199.

Which situation is an example of a streaming pipeline?

  • A financial company processing real-time market data and news to make trading decisions

  • A health device monitoring a user's heart rate to report on daily activity levels

  • A retail company analyzing daily sales to generate a report on the day's profits

  • A security monitoring program analyzing a log file to detect anomalies

Correct answer: A financial company processing real-time market data and news to make trading decisions

A streaming pipeline is a pipeline that operates in real-time to analyze, filter, and report on events. A financial company monitors multiple input sources in real time to make its decisions.

A data processing pipeline is performed on batched data and not in real-time, such as monitoring heart rate, analyzing daily sales, and analyzing a log file.

200.

Which of the following tools is used for reverse engineering software?

  • diStorm3

  • Nessus

  • MetaSploit

  • Burp Suite

Correct answer: diStorm3

There are many software tools to help reverse engineer software, such as Apktool, dex2jar, diStorm3, edb-debugger, Jad Debugger, and JavaSnoop. These tools are important when new malware is discovered and it needs to be better understood.

Nessus, MetaSploit, and Burp Suite are vulnerability scanners.

×