CompTIA CASP+ Security Architecture Test 2 with 100% Correct answers
1. What is the primary function of a security policy?
• A) To specify technical configurations for security devices
• B) To outline the organization's rules for protecting information
• C) To monitor network performance
• Answer: B) To outline the organization's rules for protecting information
• Explanation: A security policy establishes the guidelines and procedures for managing and
protecting an organization's information assets.
2. What does a "threat model" help an organization identify?
• A) The hardware specifications needed for security
• B) Potential vulnerabilities in their systems
• C) Types of potential security threats and their impact
• Answer: C) Types of potential security threats and their impact
• Explanation: A threat model helps identify potential security threats to a system, along with the
impact of those threats, allowing for more effective risk management.
3. Which of the following best describes a "zero trust" security model?
• A) Trust is granted based on user location
• B) No user or device is trusted by default, regardless of location
• C) Trust is established through user credentials only
• Answer: B) No user or device is trusted by default, regardless of location
• Explanation: The zero trust model operates on the principle that no one, inside or outside the
network, should be trusted without verification.
4. What is the primary purpose of an intrusion detection system (IDS)?
• A) To prevent unauthorized access
• B) To monitor network traffic for suspicious activity
• C) To provide access control
• Answer: B) To monitor network traffic for suspicious activity
• Explanation: An IDS is designed to detect and alert administrators of potentially malicious
activity on a network.
5. In the context of security architecture, what does "segmentation" refer to?
• A) Creating multiple user accounts
• B) Dividing a network into smaller, isolated segments
• C) Implementing a single point of failure
• Answer: B) Dividing a network into smaller, isolated segments
, • Explanation: Segmentation helps contain breaches and limit access to sensitive data by dividing
the network into isolated segments.
6. What is a "mantrap" in physical security?
• A) A technique used to detect unauthorized access
• B) A security measure with two doors that must be used in sequence
• C) A system that locks out all users during an attack
• Answer: B) A security measure with two doors that must be used in sequence
• Explanation: A mantrap is a physical security control designed to prevent unauthorized access
by requiring two doors to be used sequentially.
7. Which type of encryption uses a pair of keys for secure communication?
• A) Symmetric encryption
• B) Asymmetric encryption
• C) Hashing
• Answer: B) Asymmetric encryption
• Explanation: Asymmetric encryption utilizes a pair of keys (public and private) for encryption
and decryption, enabling secure communication.
8. What is the purpose of an access control list (ACL)?
• A) To define the types of encryption used
• B) To specify which users or systems have access to particular resources
• C) To monitor network traffic
• Answer: B) To specify which users or systems have access to particular resources
• Explanation: An ACL defines permissions for users or systems, specifying what resources they
can access and what actions they can perform.
9. Which of the following is a primary goal of risk management in security
architecture?
• A) To eliminate all security threats
• B) To minimize the impact of security incidents
• C) To maintain compliance with legal regulations
• Answer: B) To minimize the impact of security incidents
• Explanation: The main goal of risk management is to identify, assess, and mitigate risks to
reduce the potential impact of security incidents.
10. What does "data loss prevention" (DLP) aim to protect?
• A) Physical hardware
• B) Sensitive information from unauthorized access or leaks
• C) Software performance
• Answer: B) Sensitive information from unauthorized access or leaks
1. What is the primary function of a security policy?
• A) To specify technical configurations for security devices
• B) To outline the organization's rules for protecting information
• C) To monitor network performance
• Answer: B) To outline the organization's rules for protecting information
• Explanation: A security policy establishes the guidelines and procedures for managing and
protecting an organization's information assets.
2. What does a "threat model" help an organization identify?
• A) The hardware specifications needed for security
• B) Potential vulnerabilities in their systems
• C) Types of potential security threats and their impact
• Answer: C) Types of potential security threats and their impact
• Explanation: A threat model helps identify potential security threats to a system, along with the
impact of those threats, allowing for more effective risk management.
3. Which of the following best describes a "zero trust" security model?
• A) Trust is granted based on user location
• B) No user or device is trusted by default, regardless of location
• C) Trust is established through user credentials only
• Answer: B) No user or device is trusted by default, regardless of location
• Explanation: The zero trust model operates on the principle that no one, inside or outside the
network, should be trusted without verification.
4. What is the primary purpose of an intrusion detection system (IDS)?
• A) To prevent unauthorized access
• B) To monitor network traffic for suspicious activity
• C) To provide access control
• Answer: B) To monitor network traffic for suspicious activity
• Explanation: An IDS is designed to detect and alert administrators of potentially malicious
activity on a network.
5. In the context of security architecture, what does "segmentation" refer to?
• A) Creating multiple user accounts
• B) Dividing a network into smaller, isolated segments
• C) Implementing a single point of failure
• Answer: B) Dividing a network into smaller, isolated segments
, • Explanation: Segmentation helps contain breaches and limit access to sensitive data by dividing
the network into isolated segments.
6. What is a "mantrap" in physical security?
• A) A technique used to detect unauthorized access
• B) A security measure with two doors that must be used in sequence
• C) A system that locks out all users during an attack
• Answer: B) A security measure with two doors that must be used in sequence
• Explanation: A mantrap is a physical security control designed to prevent unauthorized access
by requiring two doors to be used sequentially.
7. Which type of encryption uses a pair of keys for secure communication?
• A) Symmetric encryption
• B) Asymmetric encryption
• C) Hashing
• Answer: B) Asymmetric encryption
• Explanation: Asymmetric encryption utilizes a pair of keys (public and private) for encryption
and decryption, enabling secure communication.
8. What is the purpose of an access control list (ACL)?
• A) To define the types of encryption used
• B) To specify which users or systems have access to particular resources
• C) To monitor network traffic
• Answer: B) To specify which users or systems have access to particular resources
• Explanation: An ACL defines permissions for users or systems, specifying what resources they
can access and what actions they can perform.
9. Which of the following is a primary goal of risk management in security
architecture?
• A) To eliminate all security threats
• B) To minimize the impact of security incidents
• C) To maintain compliance with legal regulations
• Answer: B) To minimize the impact of security incidents
• Explanation: The main goal of risk management is to identify, assess, and mitigate risks to
reduce the potential impact of security incidents.
10. What does "data loss prevention" (DLP) aim to protect?
• A) Physical hardware
• B) Sensitive information from unauthorized access or leaks
• C) Software performance
• Answer: B) Sensitive information from unauthorized access or leaks
