×

Quiz Session - Attempts With Random Questions

CompTIA CASP+ Exam Questions

Page 9 of 50

161.

A company wants to check email attachments to be sure that they do not contain malware. To do so, they will run each attachment in a controlled environment and discard the message if it is unsafe. Which technology can they use for this?

  • Sandbox detonation

  • Hardening

  • Database activity monitoring

  • VM escape

Correct answer: Sandbox detonation

A sandbox is a controlled environment where an application can be executed without affecting the rest of the system. Email attachments can be sent to a detonation chamber where they are automatically tested before being forwarded to the recipient.

Hardening is the process of making a system more secure. Database activity monitoring is used to monitor databases. VM escape is when an attacker breaks out of a virtualized environment.

162.

Which of the following is one of the four ways to handle risk?

  • Accept

  • Control

  • React

  • Detect

Correct answer: Accept

The four ways to handle risk are:

  • Avoid - Eliminate the risk in some way. For example, an organization may avoid doing something or stop doing something.
  • Accept - Accept the risk and proceed anyway. An informed decision has been made to move forward despite the risk.
  • Transfer - Transfer the risk to some other organization or person. A common example of transferring risk is purchasing insurance.
  • Mitigate - A control(s) is implemented to reduce risk.

163.

A software development company wants to check that its code is written to specific standards and is consistent for readability. Which type of analysis should they run to verify this?

  • Static analysis

  • Dynamic analysis

  • Side-channel analysis

  • Reverse engineering

Correct answer: Static analysis

Static analysis involves examining software while it is not running. This can be useful for such purposes as checking the code's business logic or for readability.

A dynamic analysis is done while the code is running. A side-channel analysis looks at other effects of a process, such as memory consumption or execution time. Reverse engineering involves breaking down tools to figure out how they were made.

164.

You are discussing biometric technologies with a coworker, and they question how often valid users get rejected from the system when they attempt to identify themselves. Of the following, which type of error is the coworker referring to?

  • FRR

  • FAR

  • CER

  • Accuracy

Correct answer: FRR

FFR (false rejection rate), also known as Type 1 errors, are false negatives. They occur when a legitimate user is rejected by a biometric system. 

FAR (false acceptance rate), also known as Type 2 errors, are false positives. They occur when an illegitimate user is incorrectly authorized by a biometric system.

CER (crossover error rate) is where FAR and FFR are equal and describes the accuracy of a biometric system overall.

165.

Of the following, which is a group that creates cybersecurity related documentation, methods, and tools for web applications?

  • OWASP

  • SCAP

  • ISO

  • IEC

Correct answer: OWASP

The Open Web Application Security Project (OWASP) is a group that monitors attacks, specifically web attacks. They seek to provide additional information to those affected by any cyber attacks and maintain a list of the top 10 attacks impacting web applications (the "OWASP Top 10).

The Security Content Automation Protocol (SCAP) is maintained by the National Institute of Standards (NIST) and includes specifications that help standardize cybersecurity automation tasks including vulnerability and compliance management.

The International Electrotechnical Commission (IEC) maintains electronic and electrical engineering standards. 

The International Organization for Standardization (ISO) maintains a variety of engineering standards, but not electronic and electrical engineering standards (which are maintained by the IEC).

166.

A form that prompts for personal information including name and birth date on a web application does not properly sanitize or validate input. As a result, attackers are able to exploit the form to execute malicious SQL statements. 

What type of attack is this? 

  •  Injection attack

  • Social engineering attack

  • Man-in-the-middle attack

  • Birthday attack

Correct answer: Injection attack

When an attacker executes malicious SQL statements due to improper input sanitization and validation, that is a SQL injection (SQLi) attack. SQLi is a type of injection attack.

Social engineering attacks attempt to trick users into performing an insecure action.

Man-in-the-middle (MITM) attacks occur when an attacker positions themselves between a sender and receiver of data to eavesdrop on communications. 

Birthday attacks occur when an attacker attempts to crack hashes by recreating them. 

167.

A security analyst wants to test a company's defenses against social engineering attacks. What type of activity can they perform to do this?

  • Call employees and ask for their passwords while claiming to be from the IT department

  • Run a vulnerability scanner on the network as an authorized user

  • Send malformed and incomplete data to a web application server

  • Intercepting and modifying communications between two parties connecting over the network

Correct answer: Call employees and ask for their passwords while claiming to be from the IT department

A social engineering attack is an attack that uses social measures to get users to divulge sensitive information. This can happen through various means, such as phone calls, emails, or messages on social media.

Running a vulnerability scanner on the network as an authorized user is a credentialed scan. Sending malformed and incomplete data to a web application server is fuzz testing.

168.

Your organization is looking for solutions for their data storage. Currently, there is not adequate storage and you expect the data to grow exponentially over the next few years and then to return to its original storage demand. Management has asked you to implement a solution that will provide for current and future needs without investing in hardware that will no longer be needed. 

Which recommendation should you make?

  • Contract with a public cloud service provider

  • Deploy a private cloud service in your corporate datacenter

  • Deploy a community cloud service in a colocation data center in conjunction with another enterprise

  • Deploy a virtual server on the existing machines

Correct answer: Contract with a public cloud service provider

A public cloud is the easiest option to scale up and down to meet the spike, and subsequent reduction, in demand. Since management requested no investment in hardware, the solution is to contract with a third-party vendor who can provide the cloud storage necessary to meet the current demands and then reduce services in the future to meet the reduced demands. 

Deploying either a private cloud or a community cloud would still require significant investment. New virtual servers would also be an investment, albeit less, but would still require system upgrades to meet storage demands.

169.

Which of the following is an open source password cracking tool? 

  • John the Ripper 

  • Wireshark

  • 7zip

  • Bcrypt

Correct answer: John the Ripper

John the Ripper is an opensource tool for cracking and auditing passwords. It is supported on a variety of operating systems, including macOS, Linux, and Windows. 

Wireshark is a packet capture tool. 

7zip is an archiver and file compression tool. 

Bcrypt is a cryptographic hashing algorithm often used to hash passwords.

170.

Which of the following techniques are representative of a denial of service (DoS) attack?

Choose THREE.

  • Sending malformed packets that are fragmented and then reassembled by the target

  • Sending a packet with the same source and destination address to the target

  • Sending a large number of packets to the target with the SYN flag set

  • Sending TCP keep-alive packets regularly to the target

  • Sending ICMP echo requests with the -t flag set to 64 to the target

Sending malformed packets that are fragmented and then reassembled by the target is an example of a teardrop DoS attack. Sending a packet with the same source and destination address to the target is an example of a land DoS attack. Sending a large number of packets with the SYN flag set to the target is an example of a SYN flood attack.

Sending TCP keep-alive packets regularly to the target is part of a normal connection.

Sending ICMP echo requests with the -t flag set to 64 to the target sends regular pings with time-to-live of 64.

171.

What does the iptables command below do?

iptables -A INPUT -s 192.0.2.11 -j DROP

  • Block all inbound traffic from IP address 192.0.2.11

  • Allow all outbound traffic to 192.0.2.11

  • Allow all inbound traffic from IP address 192.0.2.11

  • Update iptables to use the last rules for interface eth1

Correct answer: Block all inbound traffic from IP address 192.0.2.11

iptables is a popular open-source firewall used on many Linux systems. CASP+ candidates should be familiar with configuring iptables on Linux systems. The command in the question appends (the A parameter) a rule for input (inbound) traffic from 192.0.2.11 that blocks (DROPs) traffic. It does not specify an interface or allow traffic. 

172.

What type of security solution is an "all-in-one" tool that bundles multiple security functions into a single appliance?

  • UTM

  • RADIUS

  • NAT

  • VPN

Correct answer: UTM

A UTM (Unified Threat Management) appliance rolls functions like firewalling, antivirus, IPS/IDS, and anti-spyware into a single solution. 

RADIUS is an open standard for centralizing authentication, authorization, and accounting (AAA).

NAT (network address translation) is a networking technique that helps devices with private IPv4 addresses connect to the Internet. 

VPN (virtual private network) is a solution that enables the creation of a secure private network over another "insecure" network like the public Internet.

173.

Which of the following pieces of information should a security administrator use SCAP to obtain? 

  • Percentage of guest accounts disabled

  • IP address to MAC address mappings

  • DNS records

  • SNMP Traps

Correct answer: Percentage of guest accounts disabled

The Security Content Automation Protocol (SCAP) is used to automate processes like compliance and vulnerability management. Percentage of guest accounts enabled across an organization is an example of information security administrators can obtain using SCAP. 

The ARP protocol can be used to obtain IP address to MAC address mappings. Nslookup is commonly used to obtain DNS records. SNMP Traps are messages sent by an SNMP agent. A program like an SNMP Manager software can be used to receive SNMP Trap messages.

174.

Which of the following provisions certificates to devices contained on a network, including mobile devices?

  • SCEP

  • OTA

  • Sideloading

  • Application wrapping

Correct answer: SCEP

SCEP (simple certificate enrollment protocol) is used by devices to obtain digital certificates. CERT VU#971035 calls out authentication issues that make SCEP risky outside of closed environments.

OTA (over-the-air) is taken from the term "OTA updates." OTA updates allow teams responsible for applying updates to software or firmware to apply them remotely without requiring physical access to the devices.

Application wrapping is the process of building a management layer to help implement control over an app without directly modifying it. 

Sideloading is the process of installing an app from an unauthorized or unofficial source.

175.

What default UDP ports does SNMP (simple network management protocol) use?

  • 161 and 162

  • 80 and 443

  • 25, 456, and 587

  • 20 and 21

Correct answer: 161 and 162

SNMP (simple network management protocol) uses UDP ports 161 and 162 by default. Port 161 is used for queries (e.g., SNMP GET requests) from an SNMP manager to an SNMP agent. Port 162 is used for messages (e.g., SNMP TRAP messages) from an SNMP agent to an SNMP manager.

176.

What type of algorithm uses the same shared secret to encrypt and decrypt data?

  • Symmetric encryption 

  • Asymmetric

  • Hashing

  • MD5

Correct answer: Symmetric encryption 

Symmetric encryption algorithms use the same shared secret (key) to encrypt and decrypt data. That makes key distribution a challenge with symmetric encryption. To remain secure, keys should be shared over a secure out-of-band (OOB) communication channel. 

Asymmetric encryption does not use the same shared key to encrypt and decrypt data, making it better suited to solve the key distribution problem.

Hashing algorithms are one-way functions that create a "hashed" output from a given input. MD5 is a type of hashing algorithm.

177.

A network breach at Acme Inc. occurred because a 3rd party network monitoring service Acme uses was compromised. What type of attack is this?

  • Supply chain attack

  • Script kiddie attack

  • Password cracking

  • Software composition attack

Correct answer: Supply chain attack 

A supply chain attack occurs when a service, component, or product outside of an organization's direct control is compromised. The SolarWinds SUNBURST attacks that began in 2019 are a popular example of a supply chain attack. 

A script kiddie is a type of threat actor that carries out unsophisticated attacks. 

Password cracking is a technique for guessing passwords.

Software composition attack is not a standard term to describe an attack type. Software composition analysis (SCA) is a tool for enumerating and analyzing the open source components used in a system.

178.

What type of services are used to provide organizational information such as users, servers, printers, other resources on a network?

  • Directory

  • Federation

  • Peering

  • STARTTLS

Correct answer: Directory

Directory services are used to provide organizational information such as users, servers, printers, other resources on a network. LDAP is an example of a directory service protocol. 

A federation is a group of domains with an established trust.

Peering is a technique for directly connecting two networks.

STARTTLS is a command that initiates the use of encrypted network communications.

179.

Which of the following BEST describes a cybersecurity vulnerability?

  • A weakness in a system, procedure, control, or implementation that a threat actor could exploit

  • The potential exploitation of a given weakness in a system, procedure, control, or implementation by a threat actor

  • The potential loss to an organization if a threat actor exploits a given weakness in a system, procedure, control, or implementation

  • The allowable amount of data an organization can lose between backups

Correct answer: A weakness in a system, procedure, control, or implementation that a threat actor could exploit

A vulnerability is a weakness in a system, procedure, control, or implementation that a threat actor could exploit. Threats, risks, and vulnerabilities are not the same.

Threats are the potential exploitation of a given weakness in a system, procedure, control, or implementation by a threat actor. Risk is the potential loss to an organization if a threat actor exploits a given weakness in a system, procedure, control, or implementation. The allowable amount of data an organization can lose between backups is its recovery point objective (RPO).

180.

Which of the following is a standard for authorization that allows users to share private resources on one site with another site, without using credentials?

  • OAUTH

  • 802.1x

  • PKI

  • GCM

Correct answer: OAUTH

OAUTH is a standard for authorization that allows users to share private resources on one site with another site, without providing their credentials. It is sometimes described as the valet key for the web. In the same way that a valet key gives the valet the ability to park your car but not to access the trunk, OAUTH uses tokens to allow restricted access to a user's data when a client application requires access.

GCM (Galois/counter mode) is a mode of operation for symmetric encryption.

PKI (public key infrastructure) enables public key cryptography and secure digital certificates in an environment.

802.1x is a network standard for port-based access.

×