CASP EXAM 2025 QUESTIONS AND
ANSWERS
A company has hired a new Chief Financial Officer (CFO) who has requested to be
shown the ALE for a project implemented 4 years ago. The project had implemented a
clustered pair of high end firewalls that cost $164,000 each at the beginning of the
project. 2 years after the project was implemented, two line cards were added to each
firewall that cost $3,000 each. The ARO of a fire in the area is 0.1, and the EF for a fire is
50%. Given that no fire has occurred since implementation, which of the following is the
ALE? - ....ANSWER ...-D. The ALE is 8,500
A project manager needs to decide between options to proceed with implementation.
The three options are outlined as: Option 1: Cost to implement: $2,000. SLE: $4,000.
Likelihood of occurrence: once per quarter Option 2: Cost to implement: $5,000. SLE:
$4,000. Likelihood of occurrence: once every two years Option 3: Cost to implement:
$1,000. SLE: $1,000. Likelihood of occurrence: once every 6 months Which of the
following options gives the LOWEST TCO? - ....ANSWER ...-Option 3 -
CTE:1000, SLE:1000
When reviewing the various logs on a mission-critical application server, the server
administrator first reviews the system log and determines that everything appears
normal. Next, the administrator reviews the security log and finds a period of eight hours
...©️ 2025, ALL RIGHTS RESERVED 1
,where no events have been recorded. What is the MOST likely explanation? -
....ANSWER ...-D. Audit logging has been turned off.
The online banking credentials of the Chief Executive Officer (CEO) of a research
company were recently compromised. Despite the fact that banks no longer require
frequent password changes, the CEO frequently changed this password. Now, because
of the experience, the CEO questions the value of routine password changes at the
company. Which of the following communicates the BEST approach for the company's
security policies? - ....ANSWER ...-C. The nature of the research company's threat
may be different from banks, so the company should consider the specific threats it
needs to address.
The company develops a wide array of proprietary software for its clients utilizing an
agile development methodology. Many of the company's prominent products use various
open source libraries. Recently, a vulnerability in an open source security library allowed
malicious attackers to bypass certificate revocation lists to compromise secure data.
Which of the following is BEST implemented to help prevent this in the future? -
....ANSWER ...-The company should include the open source libraries in its code
review process at regular intervals during the SDLC.
A penetration tester is preparing for a client engagement in which the tester must
provide data that proves and validates the scanning tools' results. Which of the following
is the BEST method for collecting this information? - ....ANSWER ...-B. Use a
protocol analyzer to log all pertinent network traffic.
A large company has recently merged with a smaller company. The smaller company
primarily uses certificate based authentication for connecting its users to its web-based
services and back-end applications. The larger company has mainly terminal service-
...©️ 2025, ALL RIGHTS RESERVED 2
,based applications that rely on Active Directory for a Single Sign-On solution. The
security administrator for the merged organization has decided to federate the
companies to support the delegated administration, authorization, and authentication.
Which of the following solutions will the administrator MOST likely select? -
....ANSWER ...-A. The administrator will need to reconfigure one of the company's
servers to support the others's authentication type. Then the administrator can use
SAML to meet the goals of federation.
An organization has configured a set of hosts in such a way that only authorized
programs and tools are allowed to execute for all accounts. After an intrusion was
detected on one of the fully patched hosts, it was discovered that malware was able to
execute in spite of this configuration being active. Which of the following may have
occurred? (Select TWO). - ....ANSWER ...-B. The malware was injected into the
running process of an allowed application
C. The whitelist used only executable names for enforcement
Company XYZ has a large sales force that works from home. To increase sales
effectiveness and reduce travel
costs, the company purchased video conferencing equipment for all home offices. Since
using the video conferencing equipment, some customers have begun to demand lower
prices. The company's senior officers suspect these customers know the company's
margins, because members of the sales force keep printed proprietary information in
their home offices. Which of the following represents the BEST immediate response
action while the security team develops a more complete response? -
...©️ 2025, ALL RIGHTS RESERVED 3
, ....ANSWER ...-C. Enforce a clear field of view policy during customer
teleconferences.
An audit report against a sensitive database system lists a number of vulnerabilities that
must be addressed by the system administrator. More specifically, the system
administrator must address specific operating system configuration lockdown to ensure
the confidentiality, integrity, and availability of the information stored within the system.
Which of the following should the administrator address to secure the operating system?
(Select THREE). - ....ANSWER ...-A. Configuring IPv4 and IPv6 dual stack
G. Monitoring file permissions
H. Enabling database record encryption
A security assurance officer is preparing a plan to measure the technical state of a
customer's enterprise. The testers employed to perform the audit will be given access to
the customer facility and network. The testers will not be given access to the details of
custom developed software used by the customer. However, the testers will have access
to the source code for several open source applications and pieces of networking
equipment used at the facility; but these items will not be within the scope of the audit.
Which of the following BEST describes the appropriate method of testing or technique
to use in this scenario? (Select TWO). - ....ANSWER ...-C. Black box
E. Penetration
...©️ 2025, ALL RIGHTS RESERVED 4
ANSWERS
A company has hired a new Chief Financial Officer (CFO) who has requested to be
shown the ALE for a project implemented 4 years ago. The project had implemented a
clustered pair of high end firewalls that cost $164,000 each at the beginning of the
project. 2 years after the project was implemented, two line cards were added to each
firewall that cost $3,000 each. The ARO of a fire in the area is 0.1, and the EF for a fire is
50%. Given that no fire has occurred since implementation, which of the following is the
ALE? - ....ANSWER ...-D. The ALE is 8,500
A project manager needs to decide between options to proceed with implementation.
The three options are outlined as: Option 1: Cost to implement: $2,000. SLE: $4,000.
Likelihood of occurrence: once per quarter Option 2: Cost to implement: $5,000. SLE:
$4,000. Likelihood of occurrence: once every two years Option 3: Cost to implement:
$1,000. SLE: $1,000. Likelihood of occurrence: once every 6 months Which of the
following options gives the LOWEST TCO? - ....ANSWER ...-Option 3 -
CTE:1000, SLE:1000
When reviewing the various logs on a mission-critical application server, the server
administrator first reviews the system log and determines that everything appears
normal. Next, the administrator reviews the security log and finds a period of eight hours
...©️ 2025, ALL RIGHTS RESERVED 1
,where no events have been recorded. What is the MOST likely explanation? -
....ANSWER ...-D. Audit logging has been turned off.
The online banking credentials of the Chief Executive Officer (CEO) of a research
company were recently compromised. Despite the fact that banks no longer require
frequent password changes, the CEO frequently changed this password. Now, because
of the experience, the CEO questions the value of routine password changes at the
company. Which of the following communicates the BEST approach for the company's
security policies? - ....ANSWER ...-C. The nature of the research company's threat
may be different from banks, so the company should consider the specific threats it
needs to address.
The company develops a wide array of proprietary software for its clients utilizing an
agile development methodology. Many of the company's prominent products use various
open source libraries. Recently, a vulnerability in an open source security library allowed
malicious attackers to bypass certificate revocation lists to compromise secure data.
Which of the following is BEST implemented to help prevent this in the future? -
....ANSWER ...-The company should include the open source libraries in its code
review process at regular intervals during the SDLC.
A penetration tester is preparing for a client engagement in which the tester must
provide data that proves and validates the scanning tools' results. Which of the following
is the BEST method for collecting this information? - ....ANSWER ...-B. Use a
protocol analyzer to log all pertinent network traffic.
A large company has recently merged with a smaller company. The smaller company
primarily uses certificate based authentication for connecting its users to its web-based
services and back-end applications. The larger company has mainly terminal service-
...©️ 2025, ALL RIGHTS RESERVED 2
,based applications that rely on Active Directory for a Single Sign-On solution. The
security administrator for the merged organization has decided to federate the
companies to support the delegated administration, authorization, and authentication.
Which of the following solutions will the administrator MOST likely select? -
....ANSWER ...-A. The administrator will need to reconfigure one of the company's
servers to support the others's authentication type. Then the administrator can use
SAML to meet the goals of federation.
An organization has configured a set of hosts in such a way that only authorized
programs and tools are allowed to execute for all accounts. After an intrusion was
detected on one of the fully patched hosts, it was discovered that malware was able to
execute in spite of this configuration being active. Which of the following may have
occurred? (Select TWO). - ....ANSWER ...-B. The malware was injected into the
running process of an allowed application
C. The whitelist used only executable names for enforcement
Company XYZ has a large sales force that works from home. To increase sales
effectiveness and reduce travel
costs, the company purchased video conferencing equipment for all home offices. Since
using the video conferencing equipment, some customers have begun to demand lower
prices. The company's senior officers suspect these customers know the company's
margins, because members of the sales force keep printed proprietary information in
their home offices. Which of the following represents the BEST immediate response
action while the security team develops a more complete response? -
...©️ 2025, ALL RIGHTS RESERVED 3
, ....ANSWER ...-C. Enforce a clear field of view policy during customer
teleconferences.
An audit report against a sensitive database system lists a number of vulnerabilities that
must be addressed by the system administrator. More specifically, the system
administrator must address specific operating system configuration lockdown to ensure
the confidentiality, integrity, and availability of the information stored within the system.
Which of the following should the administrator address to secure the operating system?
(Select THREE). - ....ANSWER ...-A. Configuring IPv4 and IPv6 dual stack
G. Monitoring file permissions
H. Enabling database record encryption
A security assurance officer is preparing a plan to measure the technical state of a
customer's enterprise. The testers employed to perform the audit will be given access to
the customer facility and network. The testers will not be given access to the details of
custom developed software used by the customer. However, the testers will have access
to the source code for several open source applications and pieces of networking
equipment used at the facility; but these items will not be within the scope of the audit.
Which of the following BEST describes the appropriate method of testing or technique
to use in this scenario? (Select TWO). - ....ANSWER ...-C. Black box
E. Penetration
...©️ 2025, ALL RIGHTS RESERVED 4
