CBT IT Certification Training

Unlimited IT Certification Courses via Streaming Video

CASP Practice Exam

Back to the exams page.

Take our CompTIA CASP+ course here.

1. The SDLC phases constitute a subset of the system life cycle (SLC). After the implementation phase of the SDLC, the SLC contains two phases that address postinstallation and future adjustments. What do you call them?

Question 1 of 50

2. Many of your company's remote workers use mobile laptops to do their tasks. Security is afraid that sensitive information stored on these computers may be disclosed and leaked. What methodology prevents data loss most effectively?

Question 2 of 50

3. The newly formed IT team at Craig is researching cloud computing models. He desires to utilize an infrastructure-integrated cloud computing approach with orchestration. Based on business and technological policies, apps and data may share resources. Which of the following options is ideal for this circumstance?

Question 3 of 50

4. You are a web developer responsible for securing API keys in a client-side JavaScript application for your hospital. What is the most effective and efficient technique to do this work quickly?

Question 4 of 50

5. You have been evaluating a CMDB's backup schedule. Your CIO stated that the company's RPO is 48 hours. What is the minimum frequency of CMDB backups?

Question 5 of 50

6. You are researching a new system that finds, analyzes, and reports on real-time threats based on logs alone. What is the best response?

Question 6 of 50

7. You have transferred a software project to the fielding phase and delivered a functioning solution to the client. What is this phase commonly known as?

Question 7 of 50

8. You have received a response to your request for quotation from a software firm that manufactures a solution that will allow you to record all changes in a single change management tool. This tool will monitor scheduling changes, change implementation, change costs, and reporting. What category of software is this?

Question 8 of 50

9. You are conducting unit testing on a new software application. How can you examine an individual program to guarantee that each module behaves as intended?

Question 9 of 50

10. A security engineer is afraid that logs on their hybrid SDN network could be lost if devices fail or are exploited by an attacker. What solution safeguards against the loss of logs on these devices?

Question 10 of 50

11. Your CISO has chosen to execute a comprehensive enterprise mobility management (EMM) strategy. She wants to ensure that important company data is not compromised by mobile apps on employee devices. Which of them will execute that the best?

Question 11 of 50

12. Three years ago, a significant enterprise social media organization underwent many mergers, divestitures, and acquisitions. Consequently, the interdependencies between the internal networks and software are extremely complex. Enhanced integration is required. Which of the following integration platforms is ideal for software architecture based on security and standards?

Question 12 of 50

13. You have moved more than fifty percent of your business to the cloud, but you are still concerned about data loss, unauthorized access, and encryption. What remains the cloud infrastructure vulnerability that leads to the most breaches?

Question 13 of 50

14. You are installing antivirus software on all computers inside your organization's domain in order to be notified of any virus detections. Manually installing the product on each machine will need some time. Your company's environment utilizes Microsoft Active Directory. Which of the following methods is the most effective?

Question 14 of 50

15. You must determine the true severity of an incident and accurately measure it based on factors such as scope and impact, as well as how the incident should have been prioritized. Which of the options is not a factor to identify the seriousness of an incident in your organization?

Question 15 of 50

16. You are examining TCP and UDP connections that are open on a system. To determine if the unusual connections are legitimate, examine the statistics of sent, received, and possible errors, as well as a deeper dive into the ID of the processes making them. What tool can assist with this?

Question 16 of 50

17. A firewall administrator updated the corporate border firewall with new rules. What should the admin do next to ensure that he/she has properly implemented the rules?

Question 17 of 50

18. On the container host, unnecessary services are disabled, and monitoring tools are installed. You want to keep an eye on the traffic inside the containers so that attackers can't move laterally through the environment. What should you put on the server?

Question 18 of 50

19. As an information security professional, Jurgen is responsible for ensuring that data remains accessible following an incident such as a system failure or natural disaster. Which of the following is correct?

Question 19 of 50

20. Your company completed a penetration test with a third party and received the report. The pentester has described the active and passive reconnaissance that was performed, as well as the vulnerabilities that were exploited and the locations where they were able to move laterally during the test. When is there lateral movement during a penetration test?

Question 20 of 50

21. Identifying vulnerabilities is one of the most difficult tasks for security professionals. What exactly is the distinction between a vulnerability and a threat?

Question 21 of 50

22. As a network administrator, you are checking network logs. In the previous 48 hours, UDP traffic has surged by more than 30 percent. You capture the packets with Wireshark and observe the following: UDP 192.168.1.1:123->46.110.10.5:123. What is the most likely attack scenario?

Question 22 of 50

23. Your firm has opted to transition from dedicated desktop machines to a virtual desktop environment. The desktop image lives on a server within a virtual machine and is accessed over the network by a desktop client. Which of the following is described here?

Question 23 of 50

24. Bill is a security analyst who is putting a new vulnerability scanning tool into action. Previously, his company relied on third-party vendors to evaluate his network. While reviewing the new scanner's scan results, he notices that several servers are missing patches. He decides to look for an automated patch installation process for those systems. Which of the following processes is automated?

Question 24 of 50

25. You are a security administrator who has been notified by your IPS that a problem exists. You swiftly resolve the issue. What must be done once the issue has been resolved?

Question 25 of 50

26. Rizza works for a large corporation that is expanding by acquiring a second corporation. What steps should be taken prior to connecting the networks?

Question 26 of 50

27. Unintentional data leakage from mobile apps in your environment is a cause for concern. Users of mobile devices, such as laptops, tablets, and wearables, are at risk from 'riskware' applications, which are programs that ask for personal information without checking whether it is necessary or safe to do so. Official app stores typically have these types of apps available for free. If you're worried about data leaking from their mobile device, what advice would you give them?

Question 27 of 50

28. Your CISO has been receiving advisories and bulletins warning him about the risks of zero-day exploits. He reviewed some articles and found out that one organization offered $2.5 million for a single submission, according to news reports and vendor websites. He's assigned you the task of preventing zero-day exploits. Which of the following is the most effective method of protecting your organization from a zero-day exploit?

Question 28 of 50

29. A common attack to be aware of is the use of a hashtag for a specific organization and the distribution of malicious links that appear in your newsfeeds. What is the name of this social media attack?

Question 29 of 50

30. An ex-IT network administrator voluntarily surrendered his or her company-issued iPhone. Because they were able to circumvent the limitations set by the device's manufacturer, you came to this conclusion: The device has third-party software installed. What was the IT network administrator's job description?

Question 30 of 50

31. You work as a SOHO's security analyst. Upper management decided that BYOD for salespeople would be cost-effective, citing employee turnover as the reason. There are now numerous security issues, including multiple IP addresses and infected systems on the company network, to contend with. What one of the following should you put into action right now to address these problems?

Question 31 of 50

32. Ben works as the head of security for an insurance company. An internal security audit of his organization reveals that some of his machines are not being scanned for vulnerabilities because employees take their laptops home at night during the scan. How will he scan the machines that have not had their vulnerability scans performed?

Question 32 of 50

33. You asked your network engineers for assistance with a compliance audit that is coming up soon. They gave you the following host statistics: Guest accounts disabled: 60% compliance; local firewall enabled: 90% compliance Which of the following protocols can provide that kind of information?

Question 33 of 50

34. Your company hired a professional firm to perform a penetration test. Over time, the pentester gradually increases the number of attacks, resulting in multilayered attacks. What method did this pentester employ to gain access to your network?

Question 34 of 50

35. Several servers have gone offline since an update was released. Other servers that do not have that patch are still operational, but they are vulnerable to attack. You must ensure that critical servers are patched while minimizing downtime as the security administrator. What is the best risk-mitigation strategy?

Question 35 of 50

36. To perform complex tasks like face detection, calculation, and logic control, Sandra must use a hardware-based processor approach. Sandra would use what?

Question 36 of 50

37. What kind of key management system do you think is best for your company's users? Is this function provided by any of the following:

Question 37 of 50

38. Your company hired a third party to evaluate application materials. They use a tool that can produce results with little effort and can run for weeks. However, depending on how it is configured, it may not find all of the bugs. What kind of tool do they employ?

Question 38 of 50

39. Your organization's data privacy is of the utmost importance, including PHI and PII. As a security architect, one of your responsibilities is to ensure the security of instant messages sent and received. If you want to keep these messages safe, which one of the following is the best option?

Question 39 of 50

40. The over-the-air (OTA) update is delivered wirelessly to your mobile device. It has been determined by the company that this method does not pose a security risk to your mobile device. What type of OTA do you configure if you don't want to lose access to your mobile device during business hours?

Question 40 of 50

41. A special microprocessor is used to monitor the environment on your network, and you are a security administrator. What kind of microchips are we talking about here?

Question 41 of 50

42. What your marketing team wants to do at the next conference is to share files between local devices without the use of an external storage device such as a USB memory stick. Were any of these terms more appropriate in this situation?

Question 42 of 50

43. If your current contract with your mobile device provider expires soon, you may want to look into switching to another one. In many cases, subsidized phones, such as those that come with a contract, are tied to a single carrier. In addition, you should guard against the loss or theft of data stored on the devices. The phone has been set up to work only with that carrier. If you want to switch your mobile phone service provider, what steps do you need to take?

Question 43 of 50

44. Attempts to access low-level systems were made by your system administrator on their cell phone. They're looking to get rid of programs already installed on the system and revoke access to previously granted permissions to new ones. What's the name of this type of access?

Question 44 of 50

45. As a security analyst, you are tasked with analyzing web server logs. You now have access to the SIEM software. What kind of research is this?

Question 45 of 50

46. You have been tasked with performing a black-box vulnerability assessment on an application developed by your company. The application must be running in order to detect vulnerabilities that an attacker could exploit. What is the name of this evaluation?

Question 46 of 50

47. You have to travel a lot for your job. If you were looking for an infrared camera in your hotel room, what would you use?

Question 47 of 50

48. Consider purchasing mobile devices with company-owned, personal-enabled (COPE) features as an option for your company. Open source operating systems for mobile devices have the drawback of leading to greater inequity. When it comes to product versions and updates, which of the following statements is most accurate?

Question 48 of 50

49. In the event of a natural disaster, your facility's geolocation and hurricane propensity necessitate that you find a backup location for your data processing. As part of your negotiations, you're talking to a company that has a lot of infrastructure but no hardware. You're building a facility, but what kind?

Question 49 of 50

50. IoT has presented a number of challenges for your organization's security team when it comes to protecting your network. Attackers are increasingly using IoT devices to launch attacks, which has resulted in an increase in IoT-related incidents. Is there a more effective way to deal with this problem?

Question 50 of 50


 

content-filler