CASP STUDY EXAM 2025
QUESTIONS AND ANSWERS
QUESTION 1
A telecommunication company has recently upgraded their teleconference systems to
multicast. Additionally, the security team has instituted a new policy which requires
VPN to access the company's video conference. All parties must be issued a VPN
account and must connect to the company's VPN concentrator to participate in the
remote meetings.
Which of the following settings will increase bandwidth utilization on the VPN
concentrator during the remote meetings?
A. IPSec transport mode is enabled
B. ICMP is disabled
C. Split tunneling is disabled
...©️ 2025, ALL RIGHTS RESERVED 1
,D. NAT-traversal is enabled - ....ANSWER ...-Split tunneling is disabled
QUESTION 2
Which of the following can aid a buffer overflow attack to execute when used in the
creation of applications?
A. Secure cookie storage
B. Standard libraries
C. State management
D. Input validation - ....ANSWER ...-Standard libraries
QUESTION 3
Several critical servers are unresponsive after an update was installed. Other computers
that have not yet received the same update are operational, but are vulnerable to certain
buffer overflow attacks. The security administrator is required to ensure all systems have
the latest updates while minimizing any downtime.
...©️ 2025, ALL RIGHTS RESERVED 2
,Which of the following is the BEST risk mitigation strategy to use to ensure a system is
properly updated and operational?
A. Distributed patch management system where all systems in production are patched as
updates are released.
B. Central patch management system where all systems in production are patched by
automatic updates as they are released.
C. Central patch management system where all updates are tested in a lab environment
after being installed on a live production system.
D. Distributed patch management system where all updates are tested in a lab
environment prior to being - ....ANSWER ...-Distributed patch management
system where all updates are tested in a lab environment prior to being installed on a live
production system.
QUESTION 4
Which of the following is true about an unauthenticated SAMLv2 transaction?
A. The browser asks the SP for a resource. The SP provides the browser with an XHTML
format.
...©️ 2025, ALL RIGHTS RESERVED 3
, The browser asks the IdP to validate the user, and then provides the XHTML back to
the SP for access.
B. The browser asks the IdP for a resource. The IdP provides the browser with an
XHTML format. The browser asks the SP to validate the user, and then provides the
XHTML to the IdP for access.
C. The browser asks the IdP to validate the user. The IdP sends an XHTML form to the
SP and a cookie to the browser. The browser asks for a resource to the SP, which verifies
the cookie and XHTML format for access.
D. The browser asks the SP to validate the user. The SP sends an XHTML form to the
IdP. The IdP provides the XHTML form back to the SP, and then the browser asks the
SP for a resource. - ....ANSWER ...-The browser asks the SP for a resource. The SP
provides the browser with an XHTML format. The browser asks the IdP to validate the
user, and then provides the XHTML back to the SP for access.
QUESTION 5
The internal auditor at Company ABC has completed the annual audit of the company's
financial system. The audit report indicates that the accounts receivable department has
not followed proper record disposal procedures during a COOP/BCP tabletop exercise
involving manual processing of financial transactions.
...©️ 2025, ALL RIGHTS RESERVED 4
QUESTIONS AND ANSWERS
QUESTION 1
A telecommunication company has recently upgraded their teleconference systems to
multicast. Additionally, the security team has instituted a new policy which requires
VPN to access the company's video conference. All parties must be issued a VPN
account and must connect to the company's VPN concentrator to participate in the
remote meetings.
Which of the following settings will increase bandwidth utilization on the VPN
concentrator during the remote meetings?
A. IPSec transport mode is enabled
B. ICMP is disabled
C. Split tunneling is disabled
...©️ 2025, ALL RIGHTS RESERVED 1
,D. NAT-traversal is enabled - ....ANSWER ...-Split tunneling is disabled
QUESTION 2
Which of the following can aid a buffer overflow attack to execute when used in the
creation of applications?
A. Secure cookie storage
B. Standard libraries
C. State management
D. Input validation - ....ANSWER ...-Standard libraries
QUESTION 3
Several critical servers are unresponsive after an update was installed. Other computers
that have not yet received the same update are operational, but are vulnerable to certain
buffer overflow attacks. The security administrator is required to ensure all systems have
the latest updates while minimizing any downtime.
...©️ 2025, ALL RIGHTS RESERVED 2
,Which of the following is the BEST risk mitigation strategy to use to ensure a system is
properly updated and operational?
A. Distributed patch management system where all systems in production are patched as
updates are released.
B. Central patch management system where all systems in production are patched by
automatic updates as they are released.
C. Central patch management system where all updates are tested in a lab environment
after being installed on a live production system.
D. Distributed patch management system where all updates are tested in a lab
environment prior to being - ....ANSWER ...-Distributed patch management
system where all updates are tested in a lab environment prior to being installed on a live
production system.
QUESTION 4
Which of the following is true about an unauthenticated SAMLv2 transaction?
A. The browser asks the SP for a resource. The SP provides the browser with an XHTML
format.
...©️ 2025, ALL RIGHTS RESERVED 3
, The browser asks the IdP to validate the user, and then provides the XHTML back to
the SP for access.
B. The browser asks the IdP for a resource. The IdP provides the browser with an
XHTML format. The browser asks the SP to validate the user, and then provides the
XHTML to the IdP for access.
C. The browser asks the IdP to validate the user. The IdP sends an XHTML form to the
SP and a cookie to the browser. The browser asks for a resource to the SP, which verifies
the cookie and XHTML format for access.
D. The browser asks the SP to validate the user. The SP sends an XHTML form to the
IdP. The IdP provides the XHTML form back to the SP, and then the browser asks the
SP for a resource. - ....ANSWER ...-The browser asks the SP for a resource. The SP
provides the browser with an XHTML format. The browser asks the IdP to validate the
user, and then provides the XHTML back to the SP for access.
QUESTION 5
The internal auditor at Company ABC has completed the annual audit of the company's
financial system. The audit report indicates that the accounts receivable department has
not followed proper record disposal procedures during a COOP/BCP tabletop exercise
involving manual processing of financial transactions.
...©️ 2025, ALL RIGHTS RESERVED 4
