×

Quiz Session - Attempts With Random Questions

CompTIA CASP+ Exam Questions

Page 5 of 50

81.

How can a company mitigate the threat of on-path attacks when migrating a VM from one host to another?

  • Encryption of images

  • Utilization of cable locks

  • Automation of system updates

  • Configuration of security logs

Correct answer: Encryption of images

In a modern virtualized environment, VM (Virtual Machines) images are transferred between hosts when needed. To protect against an attacker intercepting and modifying those images, they should be encrypted.

Utilizing cable locks is for physical security. Automating system updates and configuring security logs does not protect against on-path attacks.

82.

A company wants to detect attackers by triggering an alert whenever a sensitive document is accessed. The document is designed to look like a spreadsheet that shows payroll information. What type of technology should they use to accomplish this?

  • Decoy file

  • Honeynet

  • Runbook

  • Hex dump

Correct answer: Decoy file

A decoy file is a file that baits an attacker to access it. Once it is accessed, it alerts the organization about the attacker.

A honeynet is a network designed to attract attackers. A runbook is a document that outlines the steps to take in case of an incident. A hex dump is a representation of binary data in hexadecimal format.

83.

Attacks that make use of improperly configured prompts to the user, such as SQL injection, can be solved with what technique?

  • Input validation

  • Entry sanitation

  • Secure session management

  • PKI

Correct answer: Input validation

Input validation can solve issues that arise from web applications that do not validate the data entered by the user (or a hacker). Input validation is the process of checking all input for things such as proper format and proper length. In many cases, these validators use either the blocklisting of characters or patterns or an allow list of characters or patterns.

"Entry sanitation" is not a standard cybersecurity term. Secure session management does not directly relate to user input and is a generic term for securely handling how user sessions are created, maintained, and ended. Public key infrastructure (PKI) is a system for managing digital certificates.

84.

A security analyst is looking at a company's firewall rules. Some things they discovered include that they: run the iptables firewall on Linux systems; allow all traffic in from the 10.0.0.0/8 IP address range; block all traffic from the 127.0.0.0/8 IP address range; and have a deny all rule placed as the last line. Given this information, what should the security analyst recommend?

  • Deny all traffic from the 10.0.0.0/8 IP address range

  • Switch to the ipchains firewalll

  • Allow traffic from the 127.0.0.0/8 IP address range

  • Place the deny all rule at the start of the list

Correct answer: Deny all traffic from the 10.0.0.0/8 IP address range

The 10.0.0.0/8 IP address range is for private IP address, and should not be coming into the network. If these addresses show up from outside the network, it is likely a spoofing attempt.

The iptables firewall is preferable over ipchains. The 127.0.0.0/8 IP address range is for the loopback address and can be blocked when seen as incoming packets on the external interface of a firewall. If the deny all rule is at the start of the list, no traffic will be able to pass.

85.

Which of the following aims to detect malicious code by running it in a computer and analyzing its behavior and traits?

  • Sandboxing

  • Memory dumping

  • Runtime debugging

  • Social engineering

Correct answer: Sandboxing

Sandboxing is a process intended to detect malware by running suspicious or quarantined software in a specially contained environment and analyzing its behavior. One of the primary use cases for sandboxing is to detect zero-day malware, which is malware that has yet to be identified by commercial anti-malware systems and, thus, has no file signature or patch.

A core dump, or memory dump, exports the information stored in the memory of a computer system, as it can contain sensitive information such as passwords, usernames, and encryption keys. It is possible for an attacker to use programs that analyze the entirety of the memory contents to locate this information.

Runtime debugging is the process of using a specialized programming tool to detect and discover problems in the code related to syntax, as well as weaknesses that lead to outcomes such as memory leaks or buffer overflows. The tools operate by observing the memory operations and monitoring them for any issues.

Social engineering attacks are when attackers manage to convince individuals that they are who they are impersonating. The attacker seeks sensitive information such as passwords, specific managers or executives to target, or other elements that assist them to further penetrate the organization's security defenses.

86.

What is the purpose of requiring that mobile apps be signed?

  • To ensure the authenticity and integrity of an app

  • To allow for the app to be sideloaded

  • To make sure that the app is compatible with multiple devices

  • To show that the app has been tested and is free of bugs

Correct answer: To ensure the authenticity and integrity of an app

Code signing is used to verify the authenticity and integrity of a mobile app. If an unsigned app is installed on a device, the device should be assumed to be untrusted.

Sideloading involves installing an app from a location other than the device's main app store. Compatibility and bug testing are related to app development.

87.

An organization needs an open-source encryption system to enable the signing and encryption of email messages using keys the organization themselves manages. Which of the following meets their requirements?

  • GPG

  • SSH

  • SSL

  • DRM

Correct answer: GPG

GNU Privacy Guard (GPG) is an open-source encryption system closely related to Pretty Good Privacy (PGP). Both programs were developed to protect electronic communications and enable digital signing and encryption. GPG is a rewrite or upgrade of PGP. It is considered more secure than PGP. Sending secure emails is a common use for GPG. 

Secure Shell (SSH) is a network protocol for securely connecting to remote computers. Digital rights management (DRM) is used to protect digital intellectual property from unauthorized use. Secure Sockets Layer (SSL) is an option for creating secure connections to servers. It interfaces with the Application and Transport layers but does not really operate within these layers. Its functionality is embedded in most web browsers and, for the most part, is transparent to the user.

88.

A company is looking to improve the resiliency of its website. They already have a cluster of load-balanced servers. They now want to build in logic that can help the cluster better react to changes in the environment in real time. What type of solution should they implement?

  • Course of action orchestration

  • Distributed allocation

  • Runbooks

  • Steganalysis

Correct answer: Course of action orchestration

Course of action orchestration is used to automate entire workflows. It can be used to address changing workflows.

Distributed allocation refers to locating critical assets in different locations. Runbooks are step-by-step instructions for IT teams to follow during incidents. Steganalysis is the process of finding hidden information in digital media.

89.

In a Cisco IOS environment, what are the two actions that can be taken for each subject in an ACL entry?

  • Permit and deny

  • Read and write

  • List and execute

  • Protocol and port

Correct answer: Permit and deny

The two actions that can be taken for each subject in an IOS Access Control List (ACL) entry are "permit" and "deny". The "permit" action will allow traffic to pass through the interface while the "deny" action will block traffic from it.

Read, write, list, and execute are not actions in an ACL for IOS. Protocols and ports are part of the criteria for defining what is allowed or denied in an ACL.

90.

A company is concerned about employees becoming victims of social engineering attacks. Which of the following countermeasures should they put in place to address this?

  • Security awareness training

  • Antimalware software

  • ACL

  • Impact/effort matrix

Correct answer: Security awareness training

Security awareness training is useful for teaching employees about social engineering threats. This training should be performed regularly to keep employees up-to-date on the latest threats.

Antimalware software is used to protect against cyber threats. An Access Control List (ACL) is used to control access to resources. An impact/effort matrix is used to determine how much effort to put into a security project based on its perceived impact.

91.

Which two factors are MOST important in determining the effectiveness of a threat actor in meeting their objectives?

  • Time and money

  • Motivation and geographic location

  • Age and education level

  • Tools and sophistication

Correct answer: Time and money

Threat actors with the greatest resources will be the hardest to defend against. The most important resources are time and money.

Motivation, location, age, education level, tools, and sophistication can be factors, but are not as important and fundamental as time and money.

92.

Which of the following is an advantage of a third-party security assessment compared to a self-assessment?

  • Objectivity

  • Continuous improvement

  • Cost savings

  • Flexibility

Correct answer: Objectivity

There are some advantages to a company doing a security self-assessment, such as lowered costs, employees working on continually improving security themselves, and the flexibility to perform the assessment at any time. However, a self-assessment is subjective and can be biased. Therefore, third-party assessments are periodically required for their objectivity and because they give better results.

93.

Acme Inc.'s CISO asks you to identify the key systems and services the organization would have to bring online to support business in the event of a disaster. Which of the following should you perform?

  • BIA

  • DRP

  • RPO

  • RTO

Correct answer: BIA

A BIA (business impact analysis) is a process that identifies the critical functions and systems that must be restored in the event of a disaster.

A DRP (disaster recovery plan) details how an organization can restore operations and recover from a disaster.

RPO (recovery point objective) is the maximum amount of allowable lost data in the event of a service disruption.

RTO (recovery time objective) is the maximum amount of allowable downtime before service is restored in the event of a service disruption.

94.

Which process refers to automatically replacing a key with a new one after a set amount of time, even if it is in the process of transferring and securing data?

  • Rekeying

  • Crypto shredding

  • Cryptographic obfuscation

  • Hashing

Correct answer: Rekeying

Rekeying refers to automatically changing a key, even during use. An example of this is the Temporal Key Integrity Protocol (TKIP) in Wi-Fi Protected Access (WPA).

Crypto shredding is the destruction of a key to make the data it encrypted inaccessible. Cryptographic obfuscation refers to making source code or plaintext hard to understand even without encryption. Hashing is a one-way process of making a fixed-length value for an input of any length.

95.

As you're reviewing the new biometric system that is going to be implemented, you are concerned about unauthorized personnel being accepted by the system. Knowing this is a dangerous threat, you want to evaluate it immediately. 

What type of error are you worried about?

  • FAR

  • FRR

  • CER

  • Acceptability

Correct answer: FAR

FFR (false rejection rate), also known as Type 1 errors, are false negatives. They occur when a legitimate user is rejected by a biometric system. 

FAR (false acceptance rate), also known as Type 2 errors, are false positives. They occur when an illegitimate user is incorrectly authorized by a biometric system.

CER (crossover error rate) is where FAR and FFR are equal and describes the accuracy of a biometric system overall. 

The acceptability of a biometric system is how likely users are to accept and use the system.

96.

Of the following, which is a correct matching of the secure versions of the email protocols and their default ports?

  • IMAP: 993, POP: 995, SMTP: 465 and 587

  • IMAP: 995 and 587, POP: 993, SMTP: 465

  • IMAP: 465 and 587, POP: 993, SMTP: 995

  • IMAP: 993, POP: 465 and 587, SMTP: 995

Correct answer: IMAP: 993, POP: 995, SMTP: 465 and 587

These email protocols and their default ports are IMAP: 143, POP: 110, and SMTP : 25.

The protocols also support encryption on these ports: IMAP: 993, POP: 995, and SMTP: 465 (implicit encryption) and 587 (explicit encryption).

97.

Acme Inc. owns both Smith IT and Smith Manufacturing. They are separate entities; Smith Manufacturing contracts services from Smith IT. They have an agreement that outlines the information exchange between the two.

What kind of agreement is this?

  • Interconnection security agreement

  • Memorandum of understanding

  • Operation level agreement

  • FRAP

Correct answer: Interconnection security agreement

An ISA (interconnection security agreement) is a specific contract related to network connections and exchanging traffic.

An OLA (operation level agreement) is an agreement about responsibilities between different support teams.

An MOU (memorandum of understanding) is an agreement between multiple parties that is often non-binding, but formally details a shared understanding or agreement.

FRAP (Facilitated Risk Assessment Process) is a qualitative risk assessment technique.

98.

Which of the following occurs when an attacker uses believable language in order to obtain user credentials or other valuable organizational information?

  • Social engineering

  • Pivoting

  • Reconnaissance

  • Shoulder surfing

Correct answer: Social engineering

Social engineering attacks are when attackers manage to convince individuals they are who they are impersonating. The attacker seeks sensitive information such as passwords, specific managers or executives to target, or other elements that assist them to further penetrate the organization's security defenses.

Pivoting is a technique used by attackers and pen testers alike to further their access from an already compromised host to other hosts on the network. It allows leveraging of the pen test tools installed on the compromised machine to route traffic of other hosts on the subnet and potentially provide access to other subnets.

An attack on a network is typically preceded by a phase of information-gathering called reconnaissance. Similar to casing a joint in a bank robbery, reconnaissance is done with the focus of avoiding drawing any attention and mainly surveying the target to gather as much intel as possible.

Shoulder surfing occurs when an attacker is capable of watching over an end user's shoulder to obtain confidential data. It is important that users are aware of their surroundings at all times to ensure that there is no errant snooping by shoulder surfers.

99.

A company has started using cloud services for its applications. However, they do not trust the cloud provider for storing or having any access to their encryption keys. Which option for key ownership and location should they implement?

  • HYOK

  • BYOK

  • Provider-owned keys

  • Hybrid cloud key management

Correct answer: HYOK

Storing keys in with a cloud provider can introduce threat vectors. With a Hold Your Own Key (HYOK) approach, the customer generates and manages their own encryption keys.

A Bring Your Own Key (BYOK) approach generates the keys locally, but imports them to the cloud's key management service. Provider-owned keys involve the cloud provider generating and managing keys. Hybrid cloud key management combines on-premises and cloud key management.

100.

Bob, a security engineer at Acme Inc., configures an IDS threshold that compares this week's network traffic to last week's and alerts if the difference is too high. What type of IDS threshold is this?

  • Historical

  • State-based

  • Fixed

  • Static

Correct answer: Historical 

Historical thresholds consider past and present values and are often used to compare different periods. An IDS threshold that compares one week's traffic to a previous week is an example of a historical threshold. 

Alert thresholds based on fixed numeric values or calculations are called fixed thresholds. A 95% CPU utilization threshold is an example of a fixed value. 

State-based thresholds are triggered when a system state changes, such as a server beginning a graceful shutdown or starting up after rebooting. 

Static is not a standard type of IDS threshold.

×