CASP 4 EXAM 2025 QUESTIONS
AND ANSWERS
The internal audit department is investigating a possible breach of security. One of the
auditors is
sent to interview the following employees:
Employee A. Works in the accounts receivable office and is in charge of entering data
into the
finance system.
Employee B. Works in the accounts payable office and is in charge of approving
purchase orders.
Employee C. Is the manager of the finance department, supervises Employee A and
Employee B,
and can perform the functions of both Employee A and Employee B.
Which of the following should the auditor suggest be done to avoid future security
breaches?
A. All employees should have the same access level to be able to check on each others.
B. The manager should only be able to review the data and approve purchase orders.
...©️ 2025, ALL RIGHTS RESERVED 1
,C. Employee A and Employee B should rotate jobs at a set interval and cross-train.
D. The manager should be able to both enter and approve information. -
....ANSWER ...-B. The manager should only be able to review the data and
approve purchase orders.
A company's security policy states that its own internally developed proprietary Internet
facing
software must be resistant to web application attacks. Which of the following methods
provides the
MOST protection against unauthorized access to stored database information?
A. Require all development to follow secure coding practices.
B. Require client-side input filtering on all modifiable fields.
C. Escape character sequences at the application tier.
D. Deploy a WAF with application specific signatures. - ....ANSWER ...-A. Require
all development to follow secure coding practices.
An organization is preparing to upgrade its firewall and NIPS infrastructure and has
narrowed the
vendor choices down to two platforms. The integrator chosen to assist the organization
with the
deployment has many clients running a mixture of the possible combinations of
environments.
...©️ 2025, ALL RIGHTS RESERVED 2
,Which of the following is the MOST comprehensive method for evaluating the two
platforms?
A. Benchmark each possible solution with the integrators existing client deployments.
B. Develop testing criteria and evaluate each environment in-house.
C. Run virtual test scenarios to validate the potential solutions.
D. Use results from each vendor's test labs to determine adherence to project
requirements. - ....ANSWER ...-B. Develop testing criteria and evaluate each
environment in-house.
An administrator has four virtual guests on a host server. Two of the servers are
corporate SQL
servers, one is a corporate mail server, and one is a testing web server for a small group
of
developers. The administrator is experiencing difficulty connecting to the host server
during peak
network usage times. Which of the following would allow the administrator to securely
connect to
and manage the host server during peak usage times?
A. Increase the virtual RAM allocation to high I/O servers.
B. Install a management NIC and dedicated virtual switch.
C. Configure the high I/O virtual servers to use FCoE rather than iSCSI.
...©️ 2025, ALL RIGHTS RESERVED 3
, D. Move the guest web server to another dedicated host. - ....ANSWER ...-B.
Install a management NIC and dedicated virtual switch.
An administrator receives a notification from legal that an investigation is being
performed on
members of the finance department. As a precaution, legal has advised a legal hold on all
documents for an unspecified period of time. Which of the following policies will MOST
likely be
violated? (Select TWO).
A. Data Storage Policy
B. Data Retention Policy
C. Corporate Confidentiality Policy
D. Data Breach Mitigation Policy
E. Corporate Privacy Policy - ....ANSWER ...-A. Data Storage Policy
B. Data Retention Policy
Which of the following BEST explains SAML?
A. A security attestation model built on XML and SOAP-based services, which allows for
the
exchange of A&A data between systems and supports Federated Identity Management.
...©️ 2025, ALL RIGHTS RESERVED 4
AND ANSWERS
The internal audit department is investigating a possible breach of security. One of the
auditors is
sent to interview the following employees:
Employee A. Works in the accounts receivable office and is in charge of entering data
into the
finance system.
Employee B. Works in the accounts payable office and is in charge of approving
purchase orders.
Employee C. Is the manager of the finance department, supervises Employee A and
Employee B,
and can perform the functions of both Employee A and Employee B.
Which of the following should the auditor suggest be done to avoid future security
breaches?
A. All employees should have the same access level to be able to check on each others.
B. The manager should only be able to review the data and approve purchase orders.
...©️ 2025, ALL RIGHTS RESERVED 1
,C. Employee A and Employee B should rotate jobs at a set interval and cross-train.
D. The manager should be able to both enter and approve information. -
....ANSWER ...-B. The manager should only be able to review the data and
approve purchase orders.
A company's security policy states that its own internally developed proprietary Internet
facing
software must be resistant to web application attacks. Which of the following methods
provides the
MOST protection against unauthorized access to stored database information?
A. Require all development to follow secure coding practices.
B. Require client-side input filtering on all modifiable fields.
C. Escape character sequences at the application tier.
D. Deploy a WAF with application specific signatures. - ....ANSWER ...-A. Require
all development to follow secure coding practices.
An organization is preparing to upgrade its firewall and NIPS infrastructure and has
narrowed the
vendor choices down to two platforms. The integrator chosen to assist the organization
with the
deployment has many clients running a mixture of the possible combinations of
environments.
...©️ 2025, ALL RIGHTS RESERVED 2
,Which of the following is the MOST comprehensive method for evaluating the two
platforms?
A. Benchmark each possible solution with the integrators existing client deployments.
B. Develop testing criteria and evaluate each environment in-house.
C. Run virtual test scenarios to validate the potential solutions.
D. Use results from each vendor's test labs to determine adherence to project
requirements. - ....ANSWER ...-B. Develop testing criteria and evaluate each
environment in-house.
An administrator has four virtual guests on a host server. Two of the servers are
corporate SQL
servers, one is a corporate mail server, and one is a testing web server for a small group
of
developers. The administrator is experiencing difficulty connecting to the host server
during peak
network usage times. Which of the following would allow the administrator to securely
connect to
and manage the host server during peak usage times?
A. Increase the virtual RAM allocation to high I/O servers.
B. Install a management NIC and dedicated virtual switch.
C. Configure the high I/O virtual servers to use FCoE rather than iSCSI.
...©️ 2025, ALL RIGHTS RESERVED 3
, D. Move the guest web server to another dedicated host. - ....ANSWER ...-B.
Install a management NIC and dedicated virtual switch.
An administrator receives a notification from legal that an investigation is being
performed on
members of the finance department. As a precaution, legal has advised a legal hold on all
documents for an unspecified period of time. Which of the following policies will MOST
likely be
violated? (Select TWO).
A. Data Storage Policy
B. Data Retention Policy
C. Corporate Confidentiality Policy
D. Data Breach Mitigation Policy
E. Corporate Privacy Policy - ....ANSWER ...-A. Data Storage Policy
B. Data Retention Policy
Which of the following BEST explains SAML?
A. A security attestation model built on XML and SOAP-based services, which allows for
the
exchange of A&A data between systems and supports Federated Identity Management.
...©️ 2025, ALL RIGHTS RESERVED 4
