×

Quiz Session - Attempts With Random Questions

CompTIA CASP+ Exam Questions

Page 4 of 50

61.

A PKI must validate that an entity claiming to have the key is a valid entity using the certificate. Certificates can be issued to:

  • People and organizations

  • Web browsers 

  • Certificate authorities

  • Registration authorities

Correct answer: People and organizations 

A PKI issues a certificate to entities such as a person, a hardware device, a department, or a company. A digital certificate provides an entity, usually a user, with the credentials to prove their identity and associates this identity with a public key.

Web browsers make requests and check certificate validity, but are not generally issued certificates. Certificate authorities (CAs) and registration authorities (RAs) are involved in the process of requesting, issuing, and signing certificates for entities such as a person, a hardware device, a department, or a company.

62.

A security researcher wants to share information about a vulnerability in some software that they have discovered. What language should they use to share the technical details of the vulnerability in a way that security tools and services can interpret it?

  • OVAL

  • SQL

  • SAML

  • NLP

Correct answer: OVAL

The Open Vulnerability and Assessment Language (OVAL) is a standard method for transferring security information. It is one part of the Security Content Automation Protocol (SCAP). 

Structured Query Language (SQL) is used for databases. Security Assertion Markup Language (SAML) is used for exchanging authentication and authorization information. Natural language processing (NLP) is the ability of computers to use AI to understand and generate human language.

63.

Alice, a security analyst at Acme Inc., recently installed a hardware appliance that monitors network activity and restricts connectivity for devices that do not meet certain network security requirements. 

What type of solution is this?

  • Hardware-based NAC

  • FIM

  • Software-based VPNs

  • SIEM

Correct answer: Hardware-based NAC

Hardware-based NAC uses a physical network appliance to monitor and control network access. If non-compliant devices are detected, a hardware based NAC can restrict connectivity. 

FIM (file integrity monitoring) monitors files for changes and can send an alert when a file is modified. 

Software-based VPNs are used to create secure private networks over public networks like the Internet. 

A security information and event management (SIEM) tool aggregates and analyzes logs and other security event information. SIEMs are useful tools for identifying suspicious network activity and determining when and how an attacker may have breached a network. 

64.

A Linux systems administrator wants to monitor how a process interacts with other processes and the kernel. Which tool lets them do this?

  • strace

  • ldd

  • objdump

  • readelf

Correct answer: strace

The strace tool is used in Linux to trace system calls made by a process. It is used to isolate bugs, do sanity checks, and detect race conditions.

The ldd tool is used to print shared libraries used by a program. The objdump tool is used to display information about object files. The readelf tool is used to display information about Executable and Linkable Format (ELF) files.

65.

Of the following, which does NOT describe block ciphers?

  • Require less resources than stream ciphers

  • They are easier to implement

  • They are generally used in software implementations

  • They employ both confusion and diffusion

Correct answer: Require less resources than stream ciphers

Generally, block ciphers require more hardware resources than stream ciphers. 

Block ciphers break down messages into individual blocks and then perform the necessary computation on these blocks to provide the resulting cipher text. Due to this blocking, an error in one symbol can corrupt an entire block. Block ciphers have multiple advantages: implementation is easier than with stream-based ciphers, they are generally more secure and less susceptible to security issues, generally more used in software, and employ both confusion and diffusion.

66.

A company wants to improve its security by hardening user authentication. They would like to add an ownership factor to authentication that is based on something a user has. Which of the following factors will meet this requirement?

  • Token device

  • Password

  • Signature dynamics

  • Finger scan

Correct answer: Token device

Using multiple factors of authentication can improve user identification. Token devices are physical devices issued to a user, so they are ownership factors that a user has.

A password is a knowledge factor that a person knows. Signature dynamics is an action factor that is something a person does. A finger scan is a characteristic factor that is something a person is.

67.

Of the following, which does NOT describe a public cloud?

  • Data resides on servers dedicated to the organization

  • Services are available to the general public

  • The infrastructure must support multitenancy

  • The vendor is responsible for infrastructure and hardware management

Correct answer: Data resides on servers dedicated to the organization

Public clouds are available to the general public and support multitenancy (multiple customers operating in the same environment). With a public cloud, the vendor is responsible for infrastructure and hardware management. Data resides on the servers the vendor controls and those servers generally host data from multiple customers.

68.

Which of the following is TRUE as it relates to log timestamps and admissibility of evidence in court?

  • Modified timestamps may make them inadmissible in court

  • The defense may modify timestamps to correct  technical errors

  • The prosecution may modify timestamps to correct technical errors

  • An authorized 3rd party may modify timestamps to correct technical errors

Correct answer: Modified timestamps may make them inadmissible in court 

For logs to be used as evidence, they generally cannot be modified. If timestamps in logs are modified by anyone, they may be inadmissible in court.  

69.

The increased usage of cloud computing, remote work, and mobile devices has altered how organizations approach security. Which security model have organizations adopted to handle this unique threat?

  • Zero trust

  • RBAC

  • IAM

  • Perimeter security

Correct answer: Zero trust

In the modern computing environment, there are no clear perimeters due to ever-changing network topologies. A zero-trust model is used, which considers even internal devices as untrusted by default.

Role-Based Access Control (RBAC) assigns permissions based on responsibilities in an organization. Identity and Access Management (IAM) focuses on managing user identities and access rights. Perimeter security focuses on external threats.

70.

Of the following, which is a suite of network protocols that can be used to encrypt network communications between two devices using protocols such as authentication header (AH), security associations (SA), and encapsulating security payload (ESP)?

  • IPsec

  • SSL/TLS

  • HTTPS

  • SFTP

Correct answer: IPsec

Internet Protocol Security (IPsec) is a suite of protocols designed to provide a secure channel of communication between two devices. Most commonly implemented over VPN, IPsec has several technologies in its employ, such as authentication header (AH), encapsulating security payload (ESP), and security associations.

SSL/TLS are transport layer protocols used to encrypt data in transit. HTTPS is an application layer protocol used for secure web (HTTP) traffic that uses SSL/TLS encryption. SFTP is an application layer protocol used for file transfer protocol that uses SSH to create a secure connection. 

71.

A software development company needs to analyze their code to see how data is being manipulated throughout it. To perform this analysis, they will need to run the program. What type of analysis should they perform?

  • Dynamic analysis

  • Static analysis

  • Reverse engineering

  • Side-channel analysis

Correct answer: Dynamic analysis

A dynamic analysis is done while the code is being executed. This is useful for following how data changes throughout the program.

A static analysis is done when the code is not running. Reverse engineering is the process of determining how something was created by taking it apart. A side-channel analysis looks at how the application affects the system, such as memory usage or execution time.

72.

What variable in quantitative risk assessment refers to how much a particular asset is worth?

  • AV

  • EF

  • ARO

  • ALE

Correct answer: AV

There are several quantitative risk assessment variables a CASP+ candidate should know. They include:

  • AV (asset value) - How much a particular asset is worth
  • EF (exposure factor) - How much a particular threat could impact a given asset, expressed as a percentage
  • SLE (single loss expectancy) - How much loss to expect if an event occurs
  • ARO (annual rate of occurrence) - How likely the event is to occur in a given year
  • ALE (annualized loss expectancy) - How much loss is expected on a yearly basis

73.

You've recently been hired as the new security analyst for Acme Inc. As your first job duty, you have been asked to identify new technical controls that could be implemented by your organization. Of the following controls, which would be a technical control?

  • Installing antivirus programs on all corporate computers

  • Adding a lock to a server rack in a closet near the break room

  • Adding security cameras throughout your corporate headquarters, including within the server room

  • Conducting security awareness training for all employees every quarter

Correct answer: Installing antivirus programs on all corporate computers 

Technical controls are the various technologies that enable enforcement of security policies. Examples of technical controls include firewalls, antivirus, IPS/IDS, and strong encryption. 

Locks and cameras are examples of physical controls. Security training is an example of an operational control.

74.

Technologies such as load balancing, hot sites, and RAID all address what part of the CIA triad?

  • Availability

  • Accessibility

  • Confidentiality

  • Integrity

Correct answer: Availability

Availability means ensuring that data is accessible when and where it is needed. Only individuals who need access to the data should be allowed access to that data. Availability is the opposite of destruction or isolation. Technologies such as load balancing, hot sites, and RAID all satisfy the availability element because they all give the ability to continually provide functionality via either multiple servers (load balancing), backup environments (hot sites), or data redundancy (RAID).

Integrity, the second part of the CIA triad, ensures that data is protected from unauthorized modifications or data corruption. The goal of integrity is to preserve the consistency of data. This can be performed by technologies, such as digital signatures, to verify data senders and authors and checksums and hashes to ensure that data has not been modified beyond what the original author provided.

To ensure confidentiality, you must prevent the disclosure of data or information to unauthorized entities. As part of confidentiality, the sensitivity level of data must be determined before putting any access controls in place. In this way, technologies such as encryption, steganography, access control lists (ACLs), and data classifications all serve to ensure that only the proper individuals have access to the data.

Accessibility is not part of the CIA triad. 

75.

A company has just suffered a serious incident. They need to develop written responses to the public to detail the incident and the response. Which stakeholders should be responsible for this?

  • Public relations

  • Legal

  • Human resources

  • Senior leadership

Correct answer: Public relations

During or after an incident, proper stakeholder management is essential. A public relations team will be in charge of developing all written responses to the public so that non-trained stakeholders do not divulge inappropriate information.

The legal department does activities such as assessing liability and reviewing agreements. Human resources is in charge of hiring employees for security and creating policies and procedures for handling employees that violate security protocols. Senior leadership is responsible for communicating with all departments, creating agreements, and making final decisions.

76.

When is it possible to perform passive sniffing with a packet sniffer?

Choose TWO.

  • When it is connected to a hub

  • When it is connected to a managed switch with port mirroring

  • When it is connected to an unmanaged switch

  • When it is connected to a VLAN

  • When it is connected to a managed switch with QoS

Network hubs do not break up collision domains and send all traffic to all ports. Therefore, a packet sniffer can passively sniff all traffic sent to a hub. Additionally, a managed switch can set up port mirroring, which copies data to the port where the sniffer is on.

Network switches (including VLANs and switches implementing QoS) break up collision domains and segment networks, so passive sniffing is not possible by default.

77.

Which of the following is a type of data flow enforcement?

  • ACL

  • SSH

  • SMTP

  • HTTPS

Correct answer: ACL

An ACL (access control list) is a type of data flow enforcement in that it can restrict or allow access based on criteria like source, destination, and network port. 

SSH, SMTP, and HTTPS are all network communication protocols.

78.

What report describes the current state of an organization or situation, its desired state, and the steps required to reach the desired state?

  • Gap analysis

  • Information security audit 

  • SCAP

  • GCM

Correct answer: Gap analysis

A gap analysis describes the current state of an organization or situation, its desired state, and the steps required to reach the desired state.

An information security audit reviews the different security controls an organization has, often by following an audit standard like FISMA.

GCM (Galois/counter mode) is a mode of operation for symmetric encryption.

SCAP (Security Content Automation Protocol) is a protocol NIST maintains that focuses on automating cybersecurity tasks such as compliance management and vulnerability management.

79.

What should a well-designed hashing algorithm produce if provided with two different inputs?

  • Two different outputs

  • Two identical outputs

  • One combined output

  • An enterprise OID

Correct answer: Two different outputs

Hashing algorithms are often used for data integrity and authentication. It is important for them to produce different outputs (hash values) given a different input. When two different inputs create the same hash value, cybersecurity professionals call that a collision.

80.

Acme Inc. copies all logs from their firewall, IPS, and IDS appliances to secure cloud storage nightly. Which cybersecurity tenant does this backup strategy address?

  • Availability

  • Integrity

  • Confidentality

  • Encryption

Correct answer: Availability 

Backups help ensure availability in case original copies of data are lost or corrupted. They do not provide integrity or confidentiality directly. Encryption is the process of scrambling data to prevent unauthorized access and helps ensure confidentiality.

×