No products in the cart.
CompTIA CASP+ Exam Questions
Page 3 of 50
41.
Which type of solution addresses the threat of data exfiltration?
-
DLP
-
Microsegmentation
-
ACL
-
SNMP trap
Correct answer: DLP
Data Loss Prevention (DLP) is a solution to prevent the exfiltration of data. It can be installed on end-point systems or at the edges of a network to stop the transfer of sensitive data.
Microsegmentation is used to improve security and efficiency by dividing networks into smaller segments. An Access Control List (ACL) is used for controlling access to a resource. An SNMP (Simple Network Management Protocol) trap is used for sending information to an SNMP manager.
42.
A security analyst will perform a vulnerability test on a company's network. Before the test, they discover that exceptions to corporate policy were granted to scan for open ports, the test will exclude facility systems such as the HVAC system, the test will include physical social engineering to try and gain physical access to servers, and a secondary rescan for corrections and changes has been scheduled to occur. Given this information, what should the security analyst recommend?
-
Include facility systems in the test.
-
Scan ports without asking for approval.
-
Ignore physical security tests.
-
Do not require a secondary rescan after the original test.
Correct answer: Include facility systems in the test.
Facility systems should be included in the test because if a system such as the HVAC is attacked, it could impact all operations in the building.
Some level of management should be aware of and give approval for port scans. Physical security should be tested because without physical security, logical security cannot be trusted. A secondary scan is required to check that issues were addressed and that new issues did not arise.
43.
What makes a website considered to be part of the Deep Web?
-
It is not indexed by conventional search engines.
-
It's domain does not show up in WHOIS.
-
It does not contain DNS records.
-
It is not routable by conventional routers.
Correct answer: It is not indexed by conventional search engines.
A Deep Web website is hard to find because it is not indexed by conventional search engines. It can also be password-protected or have other security measures in place.
A Deep Web website can show up in WHOIS, can use DNS records, and is routable through conventional methods.
44.
What technology is often used with cloud data storage and spreads data, parity information, and capacity across multiple drives to improve availability and recovery times relative to RAID?
-
DDP
-
IR
-
MPLS
-
VPC
Correct answer: DDP
A DDP (dynamic disk pool) spreads data and storage capacity across a pool of disks to improve availability and recovery times relative to traditional RAID. The abstraction provided by DDPs makes it significantly faster to recover from failure and increases resilience, which can improve overall availability and uptime.
IR (infrared) is a type of electromagnetic radiation not visible to the human eye that is common in a variety of technological domains.
MPLS (multiprotocol label switching) is a network protocol used to connect multiple network locations.
A VPC (virtual private cloud) is a logically isolated environment in a public cloud.
45.
What are some use cases for the netcat command-line utility?
Choose THREE.
-
Port scanning
-
Data transfers
-
Tunneling
-
Encryption
-
Packet capturing
The netcat command line utility is a popular networking tool that can create a variety of connections. Netcat can be used to check for open ports on a target system. It can transfer data between computers over a network. It can also create simple network tunnels to forward traffic from one network endpoint to another.
Netcat does not natively support encryption. While it can be used in combination with other tools like OpenSSL to add encryption, encryption is not a built-in feature of netcat. Encryption tasks typically require dedicated tools like OpenVPN, SSH, or GPG.
Packet capturing involves capturing and analyzing network packets in real-time, usually for the purpose of network diagnostics or monitoring. This functionality is not within the scope of netcat, which is primarily a data transfer and network interaction tool. Packet capturing is usually done with specialized tools like Wireshark or tcpdump.
46.
In the patch management process, how should new patches be handled?
-
Patches should be deployed after they have been thoroughly tested in a non-production environment.
-
Patches should be applied as soon as they are released.
-
Patches should be delayed until a software package has bundled the latest patches into a new software version.
-
Patches should only be applied if they add increased functionality that will make the systems more effective.
Correct answer: Patches should be deployed after they have been thoroughly tested in a non-production environment.
Applying patches can have unintended consequences. So, they must be thoroughly tested in a non-production environment before applying them throughout the organization.
Patches should be applied after they have been tested. Patches do not need to wait until new software versions. Patches can include security updates, not just new features.
47.
Of the following, which is a nonprofit foundation that maintains a list of the top 10 web application security risks?
-
OWASP
-
CompTIA
-
RFC
-
ISO
Correct answer: OWASP
The Open Web Application Security Project (OWASP) is a nonprofit foundation that aims to improve software security. OWASP maintains a list of top 10 attacks against web apps known as the OWASP Top Ten. OWASP holds regular meetings at chapters throughout the world and provides resources and tools, including testing procedures and development guidelines.
CompTIA is the trade association that offers a variety of certifications, including the CASP+.
ISO (International Organization for Standardization) creates a variety of standards for technical fields.
RFC (request for comments) is a type of standards document.
48.
All of the following are advantages to using immutable systems EXCEPT:
-
Flexible modifications
-
Consistency and reliability
-
Predictable deployment process
-
Prevention of configuration drift
Correct answer: Flexible modifications
An immutable system is designed to stay the same once it has been deployed, and requires complete replacement in order to make updates. This means that it is not flexible towards making any minor modifications to a system that is up and running.
An immutable system has the advantages of being consistent, having a predictable deployment, and avoiding gradual configuration divergence from a system's intended state.
49.
Which of the following responsibilities is delegated to middleware rather than the kernel?
-
Communication between software components
-
Access control
-
Address space layout randomization
-
Resource isolation
Correct answer: Communication between software components
Middleware is software that facilitates communication between different components or systems. Some middleware is called embedded middleware, which is part of the kernel itself and can be used to reduce complexity by centralizing software that would otherwise be in the application layer.
The kernel enforces access control and improves security through Address Space Layout Randomization (ASLR) and resource isolation.
50.
Acme Inc. has decided that they need to secure and lock down all proprietary data currently located on an internal storage server. All of this data resides within a folder titled "Proprietary." Acme Inc. has hired your firm to carry out this procedure.
What should you do?
-
Locate and encrypt the entire proprietary folder
-
Enact a hashing function for all files in the proprietary folder
-
Enact digital signatures for every user in the company who should have access to the proprietary folder
-
Implement an HMAC for the data in the folder
Correct answer: Locate and encrypt the entire proprietary folder
If you were in this situation, the appropriate solution would be to research an algorithm and then locate the folder and implement the encryption on that folder.
Hashing only performs verification that the data has not been altered. Digital signatures are objects that provide sender authentication and message integrity when included with messages. An HMAC (hash-based message authentication code) is a way to authenticate digital messages.
51.
Why might immediately powering off a computer compromised by malware limit the effectiveness of digital forensics?
-
Malware is often designed to store data in RAM
-
Malware is often designed to store data in hard disks
-
Antivirus will not have time to quarantine the malware
-
Malware may spread across the network when it is powered back on
Correct answer: Malware is often designed to store data in RAM
Modern malware authors are reducing hard drive footprints and shifting to storing data in RAM. RAM is volatile memory that is lost when a computer is powered off. As a result, it is recommended to use tooling that can analyze RAM and add it to digital evidence. Note that isolating infected computers from the network is still an important step of limiting the spread of malware.
Data stored in hard disks would not be lost when a computer is powered off. If a computer is already infected with malware, the antivirus program did not quarantine it in time. Computers infected with malware should not be reconnected to production networks as-is. Even if they were, that does not necessarily impact digital forensics capabilities.
52.
What advantage does homomorphic encryption have for security?
-
It allows computations to be performed on encrypted data without decrypting it.
-
It enables a continuously growing list of records that are linked and secured cryptographically.
-
It uses superposition and entanglement to perform computations related to encryption.
-
It makes predictions and decisions based on training data without being explicitly programmed to do so.
Correct answer: It allows computations to be performed on encrypted data without decrypting it.
Homomorphic encryption allows computations on encrypted data without decrypting it. This is useful because it enhances the privacy of the data.
Blockchain enables a continuously growing list of records that are linked and secured cryptographically. Quantum computing uses superposition and entanglement to perform computations. Machine learning makes predictions and decisions based on training data without being explicitly programmed to do so.
53.
Acme Inc. had sensitive data stolen because they purchased a malware-infected server from an IT vendor. What type of attack did Acme Inc. fall victim to?
-
Supply-chain attack
-
DoS attack
-
DDoS attack
-
Phishing attack
Correct answer: Supply-chain attack
Supply-chain attacks occur when a threat actor compromises an organization by first compromising a part of the organization's supply chain such as a vendor or delivery service.
Denial of service (DoS) attacks occur when a threat actor prevents legitimate access to a service. Distributed denial of Service (DDoS) attacks are a form of denial of service attack that involve multiple endpoints (often hundreds or thousands) targeting a service. Phishing is a form of social engineering often conducted via email.
54.
A company has started focusing on threat management activities. They want to be able to keep their business operations running as planned in case of an incident. To this end, they are actively conducting threat emulation to see how their systems will react. What type of intelligence will they gather from this?
-
Operational
-
Strategic
-
Commodity malware
-
Open source
Correct answer: Operational
Operational intelligence refers to the process of collecting, analyzing, and acting on real-time data. It is gathered to develop responses to incidents.
Strategic intelligence is intelligence gathering that looks at a global scale. Commodity malware is a threat that is widely available for download. Open source intelligence is information gathered from publicly available sources.
55.
Which type of attack works by executing between the time a security credential is checked and the result is used?
-
Race condition
-
Buffer overflow
-
SQL injection
-
MitM
Correct answer: Race condition
With a race condition, there is a race between when a check is performed and when the resource is accessed. An example is a Time-of-Check to Time-of Use (TOCTOU) attack, which can give a user unauthorized access to resources.
A buffer overflow attack sends more information than can be accepted in a part of memory so that it leaks to other areas. A SQL injection attack sends SQL statements in input to try and execute them on the server. A Man-in-the-Middle (MitM) attack intercepts and manipulates traffic between two parties on a network.
56.
Acme Inc. has just terminated its contract with a cloud solution provider. The data is being removed but you have concerns about how it is being removed. As per the contract, you're allowed to investigate the resources after deletion, and you discover that some data that was not encrypted has not been recursively deleted.
Of the following, which is the concern?
-
Data remanence
-
Data corruption
-
Improper data backups
-
Erroneous charges resulting from not all data being removed
Correct answer: Data remanence
Data remanence is left behind on a computer or another resource when that resource is no longer used. The best way to protect this data is to employ some sort of data encryption. If the data is encrypted, it cannot be recovered without the original encryption key. If resources, especially hard drives, are reused frequently, an unauthorized user can access data remnants. Similarly, in cloud environments, if data isn't properly encrypted, attackers may gain access to the cloud infrastructure and potentially recover private and confidential data.
Data corruption deals with data that has its integrity compromised in some form.
Data backups and cloud charges are not directly related to the concern raised in the question.
57.
A company has a self-generated certificate that they want to be validated. What do they need to accomplish this?
-
CSR
-
CRL
-
OCSP
-
HSTS
Correct answer: CSR
A Certificate Signing Request (CSR) can be used to request that a self-signed certificate be validated by a Certificate Authority (CA).
A Certificate Revocation List (CRL) is a list of certificates that a CA has revoked. The Online Certificate Status Protocol (OCSP) is for obtaining the revocation status of a certificate. HTTP Strict Transport Security (HSTS) is used to prevent downgrade attacks when using HTTPS.
58.
What does the command "tcpdump -i any" do?
-
Displays all network traffic from all available network interfaces
-
Displays all inbound network traffic, but no outbound network traffic
-
It fails to run. "tcpdump -i any" is not a valid command.
-
Displays all ICMP traffic
Correct answer: Displays all network traffic from all available network interfaces
The command "tcpdump -i any" tells tcpdump to capture network traffic from any available network interface without supplying any additional filters. By default, tcpdump will output the traffic to the terminal (stdout).
The other answers are incorrect because the -i option means "interface," not ICMP or inbound, and "tcmpdump -i any" is a valid command.
59.
Which of the following is NOT true about logs?
-
Linux system log files are typically located at %SystemRoot%\System32\Winevt\Logs
-
Compliance requirements often influence log retention requirements
-
Log files are an excellent source of indicators of compromise (IoC)
-
Access logs include timestamped records of who logged into a system
Correct answer: Linux system log files are typically located at %SystemRoot%\System32\Winevt\Logs
Windows log files that are viewable in Windows Event Viewer are typically located at %SystemRoot%\System32\Winevt\Logs. Linux log files are often found in the /var/log directory.
Log files are an important aspect of system security. They provide security professionals with data that can help analyze security incidents and serve as a data source for security tools like SIEMs.
The data included in log files is often an excellent source to find indicators of compromise (IoC).
In many industries, compliance requirements determine how long logs must be stored (retained).
Access logs include timestamped records of who logged into a system.
60.
Which technology provides a system with a separate CPU that keeps the system protected even if the kernel is compromised?
-
Secure enclave
-
ASLR
-
TPM
-
XN bit
Correct answer: Secure enclave
A secure enclave is a part of a system that cannot be compromised even if the operating system kernel is compromised. It aims to minimize the amount of time that data is unencrypted when it is being used.
Address Space Layout Randomization (ASLR) is used to randomize the address space for a process. A Trusted Platform Module (TPM) is responsible for encryption services. An Execute Never (XN) bit is for specifying areas of memory that cannot be used for execution.