CASP Practice Test Flashcards
Which of the following is known as a ROT 3 cipher?
A. Caesar
B. Scytale
C. DES
D. AES
A. Caesar
Caesar cipher is an early form of encryption and is also known as a ROT3 cipher.
Which of the following is not one of the four common goals of cryptography?
A. Privacy
B. Authentication
C. Availability
D. Integrity
C. Availability
The four common goals of cryptography include privacy, authentication, integrity, and non-repudiation.
The act of obtaining plain text from cipher text without a cryptographic key is known as what?
A. Encryption
B. Cryptanalysis
C. Hashing
D. Integrity verification
B. Cryptanalysis
Cryptanalysis is the act of obtaining plain text from cipher text without a cryptographic key.
______ is a measure of the randomness of data collected by an application or even an operating system and used to create a cryptography key
A. Encryption
B. Hashing
C. Entropy
D. Confusion
C. Entropy
While key size is important, the randomness of the key is also critical. Entropy is a measure of the randomness of data collected by an application or even an operating system and used to create a cryptography key
Which of the following is not a symetric algrothim?
A. CAST
B. RC5
C. DES
D. RSA
D. RSA
Example of symmetric encryption techniques include CAST, DES, and RC5. RSA is a asymmetric algorithm
DES does how many rounds during the encryption process?
A. 2
B. 8
C. 16
D. 48
C. 16
DES does 16 rounds of substitution and transposition during the encryption process.
3DES does how many rounds during the encryption process?
A. 2
B. 8
C. 16
D. 48
D. 48
3DES does 48 rounds of substitution and transposition during the encryption process.
Which of the following makes use of a stream cipher process?
A. DES ECB
B. RC4
C. RC5
D. CAST
B. RC4
RC4 is considered a stream cipher whereas DES ECB, RC5, and RC6 are block ciphers.
SAFER uses ___ blocks of data?
A. 8
B. 32
C. 64
D. 256
C. 64
Secure and Fast Encryption Routine is a block-based cipher that processes data in blocks of 64 and 128 bits.
DES has an effective key length of?
A. 32
B. 56
C. 64
D. 256
B. 56
The DES key size is 56- bits, and DES has four primary modes of operation
Cisco first came up with which of the following remote access technology?
A. TACACS
B. RADIUS
C. Diameter
D. XTACACS
A. TACACS
Cisco has implemented a variety of remote access methods through its networking hardware and software. Originally, this was Terminal Access Controller Access Control System (TACACS).
These devices have the ability to perform deep packet inspection and look at requests and responses within the HTTP/HTTPS/SOAP/XML-RPC/Web Service layers.
A. Proxy
B. IDS
C. DMZ
D. WAF
D. WAF
A WAF is a firewall sitting between a web- client and a web server, analyzing OSI Layer-7 traffic.
What is another name for digital controllers?
A. SCADA
B. JK Flip/Flops
C. Cyber systems
D. NAC
A. SCADA
Yesterday’s analog controls have become today’s digital systems. These digital controls are known as Supervisory Control And Data Acquisition (SCADA) systems.
Which of the following doe VoIP not use?
A. IAX
B. H.121
C. SIP
D. RTP
B. H.121
VoIP makes use of protocols such as Session Initiation Protocol (SIP), H.323, Inter-Asterisk eXchange protocol (IAX), and Real-time Transport Protocol (RTP).
HTTP functions at which layer of the TCP model?
A. Application
B. Host-to-host
C. Internet
D. Data link
A. Application
HTTP, and other protocols like Telnet and SNMP, function at the application layer where they provide network services.
What TCP port does SMTP use?
A. 21
B. 23
C. 25
D. 80
C. 25
SMTP uses TCP port 25
What UDP port does TFTP use?
A. 21
B. 69
C. 25
D. 161
B. 69
UDP port 69 is used for TFTP
This protocol is no longer used in IPv6?
A. ICMP
B. TCP
C. ARP
D. DNS
C. ARP
Say goodbye to ARP. While ARP is an integral part of IPv4, it is not used with IPv6. IPV6 makes use of NDP, the neighbor discovery protocol (NDP).
An IPv4 header has a default length of _______________ .
A. 16 bytes
B. 8 bytes
C. 20 bytes
D. 40 bytes
C. 20 bytes
IPv4 has a 20 byte default header length and can be 60 bytes maximum with options.
An ICMP type 8 message is best defined as?
A. Unreachable
B. Ping
C. Redirect
D. Time exceeded
B. Ping
ICMP is used for logical errors and diagnostics. An ICMP type 8 is a ping request.
___________________ describes a cloud solution where you are buying infrastructure
A. IaaS
B. BasF
C. MaaS
D. SaaS
A. IaaS
This approach includes monitoring for networks, application, servers, applications, and remote systems .
A. IaaS
B. BasF
C. MaaS
D. SaaS
C. MaaS
Another name for a confused deputy attack is?
A. XSS
B. DoS
C. Session hijacking
D. Sniffing
A. XSS
This Cisco VLAN technology wraps the Ethernet frame, yet but it is not a standard used by all vendors.
A. ISL
B. QLAN
C. 802.1q
D. STP
A. ISL
This VLAN standard places information inside the Ethernet frame.
A. ISL
B. QLAN
C. 802.1q
D. STP
C. 802.1q
______ is an attack in which an attacker tries to send data to hosts that belong to other VLANs
A. Spanning
B. VLAN hopping
C. Bridging
D. Scanning
B. VLAN hopping
______ is a SAN standard used for connecting data storage facilities and allowing remote SCSI devices to communicate
A. HBA
B. vSCAN
C. FCoE
D. iSCSI
D. iSCSI
______ can operate at speeds of 10 Gigabits gigabits per second and rides on top of the Ethernet protocol.
A. HBA
B. vSCAN
C. FCoE
D. iSCSI
C. FCoE
_______ is implemented primarily at the HBA level.
A. LUN masking
B. vSCAN
C. FCoE
D. iSCSI
A. LUN masking
_________ is the process of removing redundant data to improve enterprise storage utilization.
A. Data scanning
B. Data aggregation
C. Data duplication
D. Data mining
C. Data duplication
What implict command is at the end of every ACL?
A. A default deny all
B. An end statement
C. A default allow all
D. An allow statement
A. A default deny all
Snort can not filter on which of the following traffic types
A. IP
B. TCP
C. UDP
D. OSPF
D. OSPF
Extended ACL’s cannot by default examine which of the following?
A. Protocol
B. IPSEC data
C. DSCP
D. Precedent value
B. IPSEC data
What is wrong with the following ACL?
interface Eth0 deny ip any any
deny tcp 10.10.10.128 0.0.0.63 any eq smtp deny tcp any eq 23 int ethernet 0 ip access-group 110 out
A. Access-group statement
B. Interface Eth0
C. Deny TCP statement
D. Deny all statement
D. Deny all statement
Which model uses the following, “This property states that an object at one level of integrity is not permitted to write to an object of higher integrity.”
A. Bell-LaPadula
B. Biba
C. Clark Wilson
D. Brewer Nash
B. Biba
Which of the following Evaluation Assurance Levels (EAL) matches methodically designed tested, and reviewed?
A. EAL 1
B. EAL 2
C. EAL 3
D. EAL 4
D. EAL 4
Structurally tested is what EAL level?
A. EAL 1
B. EAL 2
C. EAL 3
D. EAL 4
B. EAL 2
ITSEC was designed for use in what region of the world?
A. China
B. Canada
C. Europe
D. USA
D. USA
Which of the following is used of identifying the version of OS running on a computer?
A. Nmap -O
B. Nmap -sS
C. Nmap -sU
D. Nmap –sT
A. Nmap -O
Which of the following is a confidentiality based model?
A. Bell-LaPadula
B. Biba
C. Clark Wilson
D. Brewer Nash
A. Bell-LaPadula
______ is not a replacement for a traditional firewall but simply adds another layer of protection
A. NAC
B. IDP
C. IDS
D. WAF
D. WAF
You just finished a port scan and have found port 88 open. What application uses port 88?.
A. TFTP
B. Kerberos
C. LDAP
D. Finger
B. Kerberos
How many steps of the TCP startup are completed in a stealth scan?
A. One
B. Two
C. Three
D. None
B. Two
After completing a port scan you have identified TCP port 80 as open. What should be your next step?
A. Banner grab
B. Map the attack surface
C. Launch a IIS exploit
D. Launch a Apache exploit
A. Banner grab
With this form of test there is very little or no knowledge of the target network or its systems.
A. Crystal box
B. White box
C. Gray box
D. Black box
D. Black box
This type of attack targets availability and is characterized by large amounts of traffic.
A. Session hijacking
B. Sniffing
C. DoS
D. SQL injection
C. DoS
You have identified a system that may not have a functioning antivirus program. How can you check to see if it is working properly?
A. EICAR
B. Load known malware
C. Port scan
D. FERPA
A. EICAR
Your IDS has identified network traffic that appears to be a series of ARP replies with no corresponding ARP requests. What might be the purpose of this activity?
A. DNS poisoning
B. IPv6 traffic
C. ARP cache poisoning
D. Network discovery traffic
C. ARP cache poisoning
This technique is used to determine the OS of a system by injecting traffic.
A. Hijacking
B. Active OS fingerprinting
C. Sniffing
D. Passive OS fingerprinting
B. Active OS fingerprinting
_______ is the process of configuring a switch to see all the traffic on one specific port.
A. SPAN
B. ARP poisoning
C. Spoofing
D. Hijacking
A. SPAN
Which of the following is the formula for SLE?
A. AV * ALE
B. AV * EF
C. AV / EF
D. AV * ARO
B. AV * EF
Which of the following is the formula for ALE?
A. SRE * ARO
B. AV * SLE
C. EF * ARO
D. SLE * ARO
D. SLE * ARO
An ______is an item of value to an institution such as data, hardware, software, or physical property
A. Asset
B. Vulnerability
C. Tangible item
D. Risk
A. Asset
A _________ can be best defined as a type of business entity in which two or more entities share potential profit and risk with each other
A. Incorporation
B. Partnership
C. Merger
D. Sole proprietorship
B. Partnership
A ________ is a weakness in a system design, a weakness in the implementation of an operational procedure, or a weakness in how software or code
A. Asset
B. Vulnerability
C. Tangible item
D. Risk
B. Vulnerability
This law was signed into law in 1999 and resulted in the most sweeping overhaul of financial services regulation in the United States
A. Patriot Act
B. HIPAA
C. GLBA
D. FISMA
C. GLBA
This encryption method is a type of secure cryptoprocessor targeted at managing cryptographic keys.
A. TrueCrypt
B. HSM
C. EFS
D. TPM
B. HSM
Which of the following is a specialized chip that can be installed on the motherboard of a client and is used for encryption.
A. TrueCrypt
B. HSM
C. EFS
D. TPM
D. TPM
Which of the following encryption algorithms can be used for data at rest and is based on the Rijndael algorithm?
A. AES
B. DES
C. RC
D. CAST
A. AES
ANSI X12 is used for which of the following?
A. Unix file transfers
B. PKI
C. Digital certificates
D. EDI
D. EDI
This document dictates management’s commitment to the use, operation, and security of information systems
A. Procedure
B. Policy
C. Standard
D. Baseline
B. Policy
This document is considered step by step and can be tied closely to hardware.
A. Procedure
B. Policy
C. Guideline
D. Baseline
A. Procedure
These are considered tactical documents, as they lay out specific steps or processes required to meet a certain requirement
A. Procedure
B. Policy
C. Standard
D. Baseline
C. Standard
While preparing to develop a document on patch management you have been asked to review current vulnerabilities. Which U.S. government agency is responsible for the creation of lists of known vulnerabilities in operating systems?
A. DoD
B. Secret service
C. NSA
D. NIST
C. NSA
In the realm of Internet standards what document is used fore the creation of new requirements?
A. MOU
B. RFC
C. RFP
D. SLA
B. RFC
This document specifies conditions and applied terms for outsourcing partner organizations that must share data and information resources.
A. MOU
B. RFC
C. RFP
D. SLA
A. MOU
This document specifies the maximum amount of outage time?
A. MOU
B. RFC
C. RFP
D. SLA
D. SLA
This document can be used to specify what former employees can discuss about company business after leaving the company.
A. BPA
B. MOU
C. NDA
D. SLA
C. NDA
_______ is another example of a legally binding document that is designed to provide safeguards and compel certain actions among business partners
A. BPA
B. MOU
C. NDA
D. SLA
A. BPA
This personal control is used to reduce fraud and ensure a backup if the employee is unavailable.
A. PKCS
B. SSL
C. TTS
D. Telnet
B. SSL
Which of the following is not a vulnerability scanner?
A. Nessus
B. Wireshark
C. Satan
D. Saint
B. Wireshark
An Nmap full connect scan uses which of the following?
A. Nmap -O
B. Nmap -sS
C. Nmap -sU
D. Nmap –sT
D. Nmap –sT
Which of the following would best be used for forensic examination of a hard disk?
A. Helix
B. Backtrack
C. Knoppix
D. Auditor
A. Helix
You have captured he following traffic with Windump. What best describes this protocol or application?
ICMP Type 3 Code 13
A. Ping message
B. Unreachable message
C. Redirect message
D. TTL failure message
B. Unreachable message
Type 1 errors are also know as?
A. CER
B. FRR
C. Zepher
D. FAR
B. FRR
Type 2 errors are also known as?
A. CER
B. FRR
C. Zepher
D. FAR
D. FAR
Which of the following is true about CER?
A. A higher number is better
B. The number should always be 100%
C. A lower number is better
D. The number is always zero
C. A lower number is better
This form of biometric authentication can report false errors because of heart disease or other vascular problems.
A. Iris
B. Palm
C. Retina
D. Hand geometry
C. Retina
This RFC defines the Internet protocol.
A. RFC 1766
B. RFC 791
C. RFC 792
D. RFC 1700
B. RFC 791
The CIA4N concept includes all of the following except.
A. Authorization
B. Non-repudiation
C. Identification
D. Accounting
C. Identification
Which of the following is about finding the balance between the costs of security against the value of assets.
A. Performance management
B. Value delivery
C. Integration
D. Resource management
B. Value delivery
_________ is about utilizing the security infrastructure efficiently and effectively with minimum waste.
A. Performance management
B. Value delivery
C. Enterprise architecture
D. Resource management
D. Resource management
___________________ is the practice within information technology of organizing and documenting a company’s IT assets so that planning, management, and expansion can be enhanced
A. Performance management
B. Value delivery
C. Enterprise architecture
D. Resource management
A. Performance management
This risk assessment method is similar to the structured review yet individuals present for the meeting must write their responses down and hand them to the team lead for review
A. Alpha Review
B. Structured Review
C. ODFM
D. Modified Delphi
D. Modified Delphi
Security awareness is an example of which control category?
A. Detective
B. Preventive
C. Corrective
D. Compensating
B. Preventive
Clustering is an example of a ____________ control.
A. Detective
B. Preventive
C. Corrective
D. Compensating
D. Compensating
Patching is an example of which of the following controls?
A. Detective
B. Preventive
C. Corrective
D. Compensating
C. Corrective
Reviewing audit logs is an example of which of the following?
A. Detective
B. Preventive
C. Corrective
D. Compensating
A. Detective
Another name for the software vulnerability version model is which of the following?
A. Plan, do, check, and correct
B. Plan, secure, confirm, and remediate
C. Plan, detect, respond, and improve
D. Initial, repeatable, defined, and optimized
B. Plan, secure, confirm, and remediate
You have completed a port scan and found port 31337 open. What application commonly uses this port?
A. NetBus
B. Beast
C. Back orifice
D. Loki
C. Back orifice
You have completed a port scan and found port 12345 open. What application commonly uses this port?
A. NetBus
B. Beast
C. Back orifice
D. Loki
A. NetBus
Presence is used for which of the following?
A. Video conferencing for PC’s
B. Remote access for Apple computers
C. Video conferencing for Apple computers
D. Remote access for PC’s
D. Remote access for PC’s
Which email application uses TCP port 143 by default?
A. SMTP
B. POP3
C. IMAP
D. SNMP
C. IMAP
Which email application uses TCP port 110 by default?
A. SMTP
B. POP3
C. IMAP
D. SNMP
B. POP3
What is a SPAN port used for?
A. Mirroring traffic on a switch
B. A type of port scan
C. Used with VLAN’s to segment traffic
D. Used with VoIP
A. Mirroring traffic on a switch
Which of the following best defines SPIT?
A. A type of session hijack
B. Used for sniffing
C. A form on MiTM attack
D. A type of SPAM
D. A type of SPAM
______ is the variations in transmission latency that can cause packet loss and degraded VoIP call quality
A. Wow
B. Jitter
C. Flutter
D. Latency
B. Jitter
_______ is a delay in the transmission of a data packet
A. Wow
B. Jitter
C. Flutter
D. Latency
D. Latency
This technology was seen as an improvement over RADIUS and is a form of centralized authentication.
A. Diameter
B. LDAP
C. CHAP
D. KryptoKnight
A. Diameter