×

Quiz Session - Attempts With Random Questions

CompTIA CASP+ Exam Questions

Page 6 of 50

101.

Which of the following involves injecting invalid or unexpected input into an application to document how it reacts?

  • Fuzzing

  • ASLR

  • RUM

  • RAM

Correct answer: Fuzzing

During the process of fuzzing, also known as fuzz testing, random inputs and erroneous entries are stuffed into the application to ensure that it reacts appropriately. Ideally, input sanitization and validation will kick in to avoid any exploitation or vulnerabilities. There are two types of fuzzing that are best used to determine susceptibility to a fault injection attack:

  • Mutation fuzzing: Involves changing the existing input values blindly
  • Generation-based fuzzing: Involves generating inputs from scratch, based on a specification

Address space layout randomization (ASLR) is a technique that helps prevent attacks that attempt to corrupt memory. Real user monitoring (RUM) is a form of performance monitoring commonly associated with web applications. Random access memory (RAM) is a type of temporary computer storage that is faster than disk storage. 

102.

What process protects an LDAP server from LDAP injection?

  • Input validation

  • Sandboxing

  • Code signing

  • Cross-certification

Correct answer: Input validation

LDAP (Lightweight Directory Access Protocol) injection involves entering metacharacters into queries to change the behavior and response of the LDAP server. This can be addressed by properly validating and sanitizing input to LDAP servers.

Sandboxing is a solution for protecting an application from accessing resources outside of its designated area. Code signing is used to ensure the authenticity and integrity of an application. Cross-certification is used for building trust between different certificate authorities.

103.

Which term describes the concept of data being subject to the laws in which it resides or passes through?

  • Data sovereignty

  • Data ownership

  • Data retention

  • Data sanitation

Correct answer: Data sovereignty

Organizations need to be aware that they are responsible for where their data resides or passes through. Data sovereignty can inform decisions such as where to locate servers and which routes data should take as it travels to its destination.

Data ownership refers to who is ultimately responsible for data. Data retention refers to the policies in place to retain and destroy data. Data sanitation refers to completely removing any traces of data.

104.

What qualitative impact categories are used in NIST SP 800-53?

  • Low, moderate, and high

  • A 1-10 scale

  • Confidentiality, integrity, and availability score

  • ALE, SLE, and ARO

Correct answer: Low, moderate, and high

NIST SP 800-53 assigns impact rankings based on the impact that may occur in the context of the CIA (confidentiality, integrity, and availability) triad. The impact rankings are:

  • Low
  • Moderate (medium)
  • High

ALE, SLE, and ARO are quantitative risk variables. 

105.

The data backup administrator is provided permissions strictly over the backup systems and read-only access to the data that he is responsible for backing up and restoring. This is an example of what kind of control?

  • Least privilege

  • Mandatory vacation

  • Separation of duties

  • Dual control

Correct answer: Least privilege

Least privilege is an employee control that limits access to only what an employee needs to do the job. The permissions granted in the question are an example of how a database administrator could be granted least privilege required to perform their duties. 

Mandatory vacation is an employee control that requires employees to take time off and allows employers to conduct audits. This control is common in finance. 

Separation of duties places limits on what a single employee can do.

Dual control is an employee control that requires two or more employees to work together to complete a task.

106.

Which of the following is a system that receives information from logs and centralizes this data for analysis?

  • SIEM

  • INE

  • HSM

  • IDS

Correct answer: SIEM

Security information and event management (SIEM) utilities receive information from log files of critical systems and centralize the collection and analysis of this data. SIEM technology is an intersection of two closely related technologies: security information management (SIM) and security event management (SEM).

An inline network encryptor (INE), also called a high-assurance internet protocol encryptor (HAIPE), is a type 1 encryption device. Type 1 designation indicates that it is a system certified by the NSA for use in securing US government classified documents. To achieve this designation, the system must use NSA-approved algorithms.

A hardware security module (HSM) is an appliance that safeguards and manages digital keys used with strong authentication and provides crypto processing. It attaches directly to a computer or server.

An intrusion detection system (IDS) is a cybersecurity tool that helps detect potentially malicious behavior. There are a couple of intrusion-based technologies. An anomaly-based IDS watches the network for a period of time to establish a baseline of operation. After this point, it monitors the network and can determine when things change, such as with a suspected network breach, and alert administrators. Signature-based IDS systems analyze network traffic and match it to known attack patterns. This is similar to antivirus detection, where the system maintains a database of known attacks and what they look like and, thus, can detect them when they appear on the network. This is called pattern matching. The other type is stateful matching, which monitors the operating system state and recognizes any changes that violate the specifically defined rules.

107.

Joe in the sales department received an email from the CEO demanding certain upcoming sales information that had not been released to the public. In the email, the CEO refers to pictures on Facebook of a party that Joe recently attended. Joe trusts the CEO and sends the data. Later that day, a competitor released sales info about the non-public product Joe was working on. 

What type of attack is this?

  • Spear phishing

  • Pharming

  • Sideloading

  • Cross domains

Correct answer: Spear phishing

Spear phishing is the process of foisting a phishing attack on a specific person rather than a random set of people. The attack can be made more convincing by using details about the person learned through social media. In this case, the attacker was able to spoof an email to look like it came from the CEO and to dig through Joe's Facebook page. Proper user training in spotting social engineering attacks would have equipped Joe with the proper techniques to handle this situation.

Pharming attacks point users to fake or malicious websites to trick them into revealing sensitive data. Sideloading is the process of installing an app from an unauthorized or unofficial source. Cross domains are solutions that enable secure data access across different networks.

108.

Of the following, which is a benefit of OTA updates?

  • Enables remote firmware updates

  • Enables local software updates

  • Allows users to update devices from their docking stations

  • Prevents devices from booting with unauthorized code

Correct answer: Enables remote firmware updates

OTA (over-the-air) updates allow teams responsible for applying updates to software or firmware to apply them remotely without requiring physical access to the devices. 

OTA updates do not:

  • Perform local (non-networked) software updates
  • Directly prevent devices from booting with unauthorized code
  • Directly allow users to update devices from their docking stations

109.

Which of these usually comes first in a malware attack? 

  • Reconnaissance

  • Lateral movement 

  • Mitigation

  • Exfiltration of data

Correct answer: Reconnaissance

Reconnaissance is the act of capturing information about a target system and is often the first step in an attack. 

Lateral movement comes after a breach occurs. A mitigation is a way to limit attack risk. Exfiltration of data is the removal or transfer of data. Exfiltration occurs after a breach is successful.

110.

A systems administrator notices that a Windows server has a sudden decrease in performance. They want to investigate the issue, but without using Task Manager because of its overhead. What is a BETTER toll they can use to accomplish this?

  • Sysinternals

  • NESSUS

  • MSConfig

  • Top

Correct answer: Sysinternals

The sysinternals tool can be used in Windows to see which processes have caused a spike in usage. The specific functionality in the tool is called Process Explorer.

NESSSUS is a vulnerability scanner. MSConfig is used for configuring a system's startup behavior. The "top" command is used to show processes in Linux.

111.

Which parts of a penetration test occur before gaining access to vulnerable systems?

Choose TWO.

  • Footprinting

  • Scanning

  • Privilege escalation

  • Covering tracks

  • Determining recommendations

Correct answer: Footprinting

Penetration tests typically follow steps in this order:

  1. Footprinting: Examining information about a target
  2. Scanning: Running scans to determine information about services, ports, and assets available on the network
  3. Gaining access: Actually breaching one of the assets on the network
  4. Privilege escalation: After gaining access, attempting to escalate privileges
  5. Persistence: Maintaining access even after countermeasures and controls block or reduce the scope of breach
  6. Covering tracks: Removing artifacts that were placed on the network as part of the penetration test
  7. Determining recommendations: Reviewing findings and actions
  8. Writing a report: Documenting and reporting findings to the target

112.

Which term refers to code that is designed to be executed in a virtual environment?

  • Bytecode

  • Machine code

  • Interpreted code

  • Open-source code

Correct answer: Bytecode

Bytecode is generated from compiling source code and is run in a simulated environment. It is meant to be platform-independent and is at a higher level of abstraction than machine code.

Machine code is a binary set of instructions that is run directly on a CPU. Interpreted code is not compiled before it runs on a system. Open-source code is code that can be freely accessed and modified by anyone.

113.

What type of service acts as a secure gateway between an organization and cloud service providers?

  • CASB

  • DNSSEC

  • PaaS

  • CHAP

Correct answer: CASB

A CASB (cloud access security broker) acts as a secure gateway between an organization and different cloud platforms. The CASB may provide a variety of different security functions such as IDS/IPS functionality, but specific features vary from broker to broker. Fundamentally, CASBs help solve the problem of securing connectivity between public cloud platforms and other endpoints on an organization's network. 

DNSSEC is a protocol that helps prevent man-in-the-middle attacks against DNS by using digital signatures to sign DNS records.

PaaS (platform as a service) is a cloud service model where the provider offers users a specific operating environment to build their own solutions. 

CHAP (challenge handshake authentication protocol) is an authentication protocol.

114.

Acme Inc. has a use case where data must be encrypted quickly and confidentiality assured. They are not concerned with authentication and anyone with a shared key can be allowed to decrypt the data. 

What type of encryption is best for this use case?

  • Symmetric

  • Asymmetric

  • Hash

  • MD5

Correct answer: Symmetric 

Symmetric encryption only provides confidentially, uses shared keys, and is generally faster than asymmetric encryption. 

Hashing algorithms are one-way functions that cannot be decrypted. 

MD5 is a hashing algorithm. 

115.

Which of the following threats is an air-gapped system MOST vulnerable to?

  • An insider threat

  • Malware from a malicious public file sharing site

  • Cryptojacking by a compromised Internet-based video streaming platform

  • DDoS by a botnet

Correct answer: An insider threat

Air-gapped systems are not connected to the Internet. Therefore, attacks that depend on Internet access (like malware on the Internet or cryptominers embedded in a streaming platform that uses the Internet) are unlikely to impact an air-gapped system. Similarly, botnets generally carry out DDoS attacks against Internet-facing resources. 

An insider could potentially compromise an air-gapped system because they can gain access to it without the Internet.

116.

Which of the following is NOT a form of obfuscation?

  • Anonymization

  • Encryption

  • Tokenization

  • Masking

Correct answer: Anonymization

Obfuscation refers to a set of techniques that make data difficult to understand or use. Encryption, tokenization, and masking are all examples of obfuscation.

Anonymization is a way to remove sensitive personal data from a data set so it can be analyzed and consumed without the personal data.

117.

As a security analyst at Acme Inc., you are tasked with creating a complete list of all the open source components in the Acme App code base to help identify potential security vulnerabilities related to those components. 

Which type of tool should you use?

  • SCA

  • Port scanner

  • John the Ripper

  • Protocol analyzer

Correct answer: SCA 

Software composition analysis (SCA) tools help organizations automatically scan their code bases and identify open source components. SCA tools also identify security vulnerabilities that may affect those components. 

A port scanner scans network endpoints to determine what ports are open and services are running. John the Ripper is a type of password cracker. A protocol analyzer is a tool that analyzes data sent over a specific protocol(s) or medium(s).

118.

What type of attack involves the data written to a temporary storage area exceeding the storage area's limit?

  • Buffer overflow

  • XSS

  • CSRF

  • DNSSEC bypass

Correct answer: Buffer overflow

A buffer is a type of temporary storage area on a system. A buffer overflow occurs when the data written to a buffer exceeds its limit. Buffer overflows can cause applications to crash or enable a threat actor to execute code. 

XSS (cross-site scripting) is a type of injection attack commonly used against websites.

DNSSEC is a protocol for using digital signatures to authenticate DNS servers. DNSSEC bypass is not a standard name for an attack type.

Cross-Site Request Forgery (CSRF) attacks, a.k.a. one-click attacks, aim to get users to perform an unintended action on a web application, usually by clicking a malicious link while they are logged into the app.

119.

Of the following, which does NOT describe a SAN?

  • Typically on the same local area network (LAN) as other network devices

  • Is easily scalable with ability to add additional storage

  • Maintenance can be performed without taking servers offline

  • Provides block-level access to data

Correct answer: Typically on the same local area network (LAN) as other network devices

A SAN (storage area network) is generally a dedicated network used to access specific storage devices. A SAN is not typically on the same LAN as other network devices.

These points about SANs are all true:

  • SANs are easily scalable with ability to add additional storage
  • SANs are able to have maintenance performed without taking servers offline
  • SANs provide block-level access to data

120.

Which type of attack involves redirecting network requests to IP addresses under that attacker's control?

  • BGP route hijacking

  • DDoS

  • VLAN hopping

  • Command injection

Correct answer: BGP route hijacking

The Border Gateway Protocol (BGP) is an outdated protocol for exchanging router information. It can allow an attacker to hijack traffic to IP addresses that the attacker controls.

A Distributed Denial of Service (DDoS) is an attack that takes down a service by sending too much traffic. VLAN (Virtual Local Area Network) hopping is an attack that gives an attacker access to network segments they shouldn't be able to. Command injection is an attack that attempts to run a command on the target system.

×