×

Quiz Session - Attempts With Random Questions

CompTIA CASP+ Exam Questions

Page 2 of 50

21.

Authentication methods are divided into four broad categories. Which category is a PIN number in?

  • Something you know

  • Where you are

  • Something you are

  • Something you have

Correct answer: Something you know

The four main types of authentication factors are:

  •  Something a person knows
  •  Something a person has
  • Something a person is
  • Where a person is

PIN numbers and passphrases are examples of something you know. 

22.

A security analyst wants to look through log files on a Linux server to find patterns related to known threats. What can they use to search for various sequences of characters to help discover these types of threats?

  • Regular expressions

  • XCCDF

  • PowerShell

  • EUBA

Correct answer: Regular expressions

Regular expressions are sequences of characters used to define search patterns. They can help find patterns within data even if they are not exact matches.

The eXtensible Configuration Checklist Description Format (XCCDF) is used to share security configuration checklists, benchmarks, and best practices. PowerShell is a scripting language used with Microsoft products. End User Behavior Analytics (EUBA) is used to detect anomalies by users.

23.

Which of the following options is a benefit of a network design that places a VPN appliance in a screened subnet on the network firewall?

  • It enables inspection of decrypted VPN traffic

  • It is highly scalable

  • It eliminates the need for a DNS server

  • It enables DNSSEC

Correct answer: It enables inspection of decrypted VPN traffic

There are multiple options for VPN placement in a network. The different options include:

  • VPN in parallel with the firewall
  • VPN inside a screened subnet
  • An integrated VPN and firewall appliance

A key benefit of running a VPN in a screened subnet on a network firewall is that the firewall can inspect decrypted VPN traffic. A tradeoff of this approach is it may lead to limitations on bandwidth scalability. 

Running a VPN in a screened subnet does not directly impact the need for or use of a DNS server or DNSSEC.

24.

Bob is a citizen in the European Union. Acme Inc.'s website collects that can identify Bob and has it processed by Third Party Processing LLC. Third Party Processing LLC processes the data based on Acme Inc.'s specific instructions. 

Under GDPR, what is the data that can identify Bob called?

  • Personal data

  • PII

  • GCM

  • PKI

Correct answer: Personal data

GDPR (General Data Protection Regulation) is an EU (European Union) data privacy law that grants data subjects multiple rights and enforces data security and privacy requirements related to how organizations handle data belonging to citizens of the EU. Data that can identify an individual under GDPR is called "personal data." Other regulations, like PCI DSS, use the term PII (personally indentifiable information), but GDPR uses "personal data." Personal data tends to be broader in scope than PII. 

PKI (public key infrastructure) enables public key cryptography and secure digital certificates in an environment.

GCM (Galois/counter mode) is a mode of operation for symmetric encryption.

25.

A company is worried about holding customer payment information because they do not want to be responsible in case the data is breached. To address this, they outsource their payment processing to a third party. What type of risk strategy are they taking in this situation?

  • Transference

  • Avoidance

  • Acceptance

  • Mitigation

Correct answer: Transference

One strategy for dealing with risk is to transfer it to another company. This can be done through outsourcing or even by purchasing insurance.

Risk avoidance involves not engaging in the risky process. Risk acceptance involves accepting the current amount of risk that an activity entails. Risk mitigation involves trying to reduce the risk level from the activity.

26.

A company needs to make sure that visitors to its website will use encrypted communications when filling out web forms. What technology should they implement for this?

  • TLS

  • S/MIME

  • SSH

  • EAP

Correct answer: SSL/TLS

Secure Sockets Layer (SSL)/Transport Layer Security (TLS) is used to protect web traffic. A site that uses SSL/TLS can be identified because it uses "HTTPS" in the URL. 

S/MIME is used to encrypt email. SSH (Secure Shell) is used for secure connections to a remote server's console. EAP (Extensible Authentication Protocol) is an authentication protocol.

27.

IPsec is a suite of  protocols. Of the following IPsec protocols, which handles the creation of a security association for the session and key exchange?

  • ISAKMP

  • IKE

  • ESP

  • AH

Correct answer: ISAKMP

Internet Security Association and Key Management Protocol (ISAKMP) handles the creation of the security association for the session and key exchange.

Authentication Header (AH) provides data integrity, data origin authentication, and protection from replay attacks.

Encapsulating security payload (ESP) provides all that AH does plus data confidentiality.

Internet Key Exchange (IKE) is also sometimes referred to as IPsec key exchange. IKE provides the authentication material used to create the keys exchanged by ISAKMP during peer authentication. This was proposed to be performed by a protocol called Oakley that relied on the Diffie-Hellman algorithm, but Oakley was superseded by IKE.

28.

A company has started using web conferencing software so employees can conduct meetings remotely. All of the following are risks that employees should be made aware of about this method EXCEPT:

  • Side loading

  • Data leakage

  • Uninvited guests

  • Data capture en route

Correct answer: Side loading

Side loading is the process of installing an app on a mobile device by using a source other than the official app store.

Data leakage can occur if the video is stored on a shared server for a while. Uninvited guests can show up if the meeting does not have a code. Streaming video can be captured if the web conferencing application does not support encryption.

29.

What does RFC stand for and what is its purpose?

  • Requests for comments; to describe research and innovations on the internet and its systems

  • Replies for commission; to collect comments from the industry and provide answers about the new technology

  • Requests for commands; to officially request instruction from a governmental organization

  • Requests for comments; to provide acknowledgment to new, emerging technologies

Correct answer: Requests for comments; to describe research and innovations on the internet and its systems

The Internet Engineering Task Force (IETF) is an international body of internet professionals. This body is responsible for creating requests for comments (RFCs) that describe research and innovations on the internet and its systems. Most RFCs are submitted for peer review and, once approved, many are published as internet standards.

30.

Of the following, which is NOT a safe computer operating practice?

  • Enabling autorun for USB drives

  • Performing daily security scans

  • Not clicking suspicious email links

  • Keeping anti-malware applications current

Correct answer: Enabling autorun for USB drives

Disabling autorun for USB drives is a common vector-oriented security control. Enabling autorun increases exposure to vulnerability risks from USB drives infected with malware. 

Daily security scans, not clicking suspicious email links, and keeping anti-malware applications updated are all good security practices.

31.

What is the minimum number of drives that RAID 0 and RAID 1 need to operate?

  • 2

  • 3

  • 4

  • 1

Correct answer: 2

RAID 0 and RAID 1 require a minimum of 2 drives.

32.

Which of these threats can DNSSEC help prevent?

  • DNS cache poisoning

  • Sniffing DNS traffic

  • DDoS attacks against a DNS server

  • DNS amplification attacks

Correct answer: DNS cache poisoning

DNSSEC is a protocol that helps prevent man-in-the-middle attacks against DNS by using digital signatures to sign DNS responses. With DNSSEC, you can limit the risk of attacks like DNS cache poisoning and DNS hijacking. 

DNSSEC does not encrypt the actual DNS traffic. Traffic can still be sniffed even if DNSSEC is implemented. DNSSEC does not prevent denial of service (DoS) attacks. DDoS and DNS amplification attacks are types of DoS attacks.

33.

Which of the following is a type of certificate that allows a single certificate to be used for multiple subdomains?

  • Wildcard 

  • Root CA

  • Thumbprint

  • Public key

Correct answer: Wildcard

A wildcard certificate is a public key certificate used with several subdomains of a domain, enabling an organization to more easily manage and control its certificate security. 

A root certificate authority (CA) is a trusted entity that signs digital certificates and is often the root of trust in a certificate signing hierarchy. A thumbprint is an output of a one-way hash function. A public key is a digital key used to encrypt messages in public key (asymmetric) cryptography. 

34.

What does "vulnerability time" measure?

  • The time from discovery to patching

  • The time it takes to exploit a vulnerability 

  • The time it takes to discover a vulnerability 

  • The time it takes to publish a CVE number for a vulnerability 

Correct answer: The time from discovery to patching

Vulnerability time represents the time that elapses from a vulnerability being discovered in an environment to a patch being applied to address that vulnerability. 

It does not directly relate to the time it takes to exploit, discover, or publish a CVE for a vulnerability.

35.

Of the following approaches to cloud computing, which provides the maximum amount of control of a company over its own data?

  • Private

  • Public

  • Hybrid

  • Community

Correct answer: Private

A private cloud is wholly under the control of the company and thus provides the maximum amount of control. The drawback to this approach is that it requires on-site staff and support in order to ensure that it is operational to meet the company's needs.

With community cloud, infrastructure is shared by a set of organizations with shared concerns, but not with the general public. With private cloud, resources are dedicated to a single organization. With hybrid cloud, other cloud models—usually public and private—are combined and connected. 

36.

An Acme Inc. web server was compromised by a threat actor, bringing it offline and disrupting service for an entire region. Currently, the system's administration and cybersecurity teams are working to restore service. 

Which of the NIST Cybersecurity Framework (CSF) functions do the teams' activities map to?

  • Recover

  • Detect

  • Protect

  • Restore

Correct answer: Recover

The NIST Cybersecurity Framework (CSF) has five main functions:

  • Identify - Focuses on understanding cybersecurity risks
  • Protect - Details safeguards for securing infrastructure
  • Detect - Deals with detecting cybersecurity events
  • Respond - Covers the actions to take after an event
  • Recover - Deals with the steps to take to recover from an event and restore normal operations

The teams in the question are carrying out activities related to the "Recover" function. There is no "Restore" function. 

37.

Which of the following is NOT a standard type of HTTP header?

  • Post

  • Request

  • Response

  • Entity

Correct answer: Post

Post is a type of HTTP request, not an HTTP header type.

Request, response, and entity are all standard HTTP header types.

38.

What are some tools designed to uncover buffer overflows in source code?

Choose TWO.

  • RATS

  • FlawFinder

  • SAINT

  • Nessus

  • GFI LanGuard

Buffer overflows occur when an application tries to write more data into a variable than it is designed to hold. Robust Analysis Tool for Security (RATS) and FlawFinder are two tools that can test for buffer overflows.

SAINT, Nessus, and GFI LanGuard are primarily vulnerability scanners.

39.

A company wants its employees to be able to use their mobile devices to gain access to the building. They set up readers that will allow employees to place their devices close enough to authenticate wirelessly. Which protocol should they enable in the users' devices to do this?

  • NFC

  • Bluetooth

  • Wi-Fi

  • Z-wave

Correct answer: NFC

Near-Field Communication (NFC) is a protocol for short-range wireless communication. It is often used for wireless payments or to share contact information.

Bluetooth and Wi-Fi have longer ranges and use more power. Z-wave is used for networking with IoT devices.

40.

It is important to validate that files used for software installations are unmodified and secure from the vendor, as attackers could potentially attach malware to the installation. Of the following, which is a method designed to ensure that users know software is unmodified and original from the vendor?

  • Code signing

  • Certificate signing requests

  • Open source licenses 

  • Trusted third-party code review

Correct answer: Code signing

Code signing allows software vendors to digitally sign software executables and scripts so users can be assured the code is genuine and from a verified author. Code signing uses a cryptographic hash to enable verification that the code has not been altered or corrupted. The signature is the portion that will be verified by third parties, but they only review the signature, not the entire source code.

Certificate signing requests (CSRs) is a request sent to apply for a digital certificate from a certificate authority (CA). 

Open source licenses are a category of software licenses for programs that provide source code to users. 

 A trusted third-party code review is a type of audit for source code.

×