CASP Practice Exam 1 Questions with 100% Correct Answers

Several of your organization's users have requested permission to install certificates from a third party. Company policy states that before users can install these certificates, you must verify that the certificates are still valid. You need to check for revocation. What could you check to verify this information? (Choose all that apply.) A. CRL B. OCSP C. DNSSEC D. DRM Correct Answer Answer: A, B Explanation: You can use either a certificate revocation list (CRL) or Online Certificate Status Protocol (OCSP) to check for certificate revocation, depending on which type of PKI is deployed. Your company has an intrusion detection system (IDS) and firewall deployed on the perimeter of the network to detect attacks against internal resources. Yesterday, the IDS alerted you that SSL sessions are under attack, using an older exploit against SSLv2. Your organization's web server must use encryption for all financial transactions. You need to prevent such an attack from being successful in the future. What should you do? A. Block SSLv2 on the firewall. B. Block SSLv2 on the web server. C. Disable SSLv2 and enable SSLv3 on the web server. D. Update the web server with the latest patches and updates. Correct Answer Answer: C Explanation: You should disable SSLv2 and enable SSLv3 on the web server. This will prevent the use of SSLv2, which is the problem. The research department for your company needs to carry out a web conference with a third party. The manager of the research department has requested that you ensure that the web conference is encrypted because of the sensitive nature of the topic that will be discussed. Which of the following should you deploy? A. SSL B. SET C. IPsec D. RC4 Correct Answer Answer: D Explanation: RC4 is a stream-based cipher and could be used to encrypt web conference traffic. Your company has recently decided to merge with another company. Each company has its own Internet PKI that deploys certificates to users within that network. You have been asked to deploy a solution that allows each company to trust the other's certificates. What should you do? A. Issue a policy certificate accepting both trust paths. B. Deploy a new PKI for all users and import the current user certificates to the new PKI. C. Use a cross-certification certificate. D. Add the root certificate to both of the root certification authorities (CAs). Correct Answer Answer: C Explanation: You should use a cross-certification certificate to ensure that each company trusts the other company's certificates. Your company has a single, centralized web-based retail sales system. Orders come in 12 hours per day, 364 days per year. Sales average $500,000 per day. Attacks against the retail sales system occur on a daily basis. For the retail sales system, there is a 1% chance of a hacker bringing the system down. The mean time to restore the system is 6 hours. What is the ALE for this system? A. $912,500 B. $250,000 C. $500,000 D. $910,000 Correct Answer Answer: D Explanation: The annualized loss expectancy (ALE) for the system is $910,000. The asset value (AV) is $500,000. The exposure factor (EF) is 0.5 (6 hours/12 hours).