CASP EXAM 2025 QUESTIONS AND
ANSWERS
C - ....ANSWER ...-A security program alerts you of a failed logon attempt to a
secure system. On investigation, you learn the system's normal user accidentally had
caps lock turned on. What kind of alert was it?
A. True positive
B. True negative
C. False positive
D. False negative
A - ....ANSWER ...-Your security policy calls for the company's financial data
archive to have its confidentiality, integrity, availability, and accountability protected.
Presently it's stored on two redundant servers protected by strong passwords and
transport encryption. What additional control would achieve your security goals?
A. A version management system that tracks all user accounts and revisions
B. Full-disk encryption
C. Regular data backups
...©️ 2025, ALL RIGHTS RESERVED 1
,D. Two-factor authentication
B - ....ANSWER ...-You work for a contracting company closely aligned with the
US federal government. Which organization's publications are likely to be most closely
related to your security compliance standards?
A. CIS
B. NIST
C. NSA
D. W3C
B, E - ....ANSWER ...-Your internal network is protected by a Cisco firewall
between the WAN and the internal network. While its not having any problems, your
supervisor suggests installing a Fortinet firewall between the Cisco firewall and the
trusted LAN in order to create a new DMZ. Which security principles does this promote?
A. Availability
B. Defense in depth
C. Security by design
D. Security by obscurity
E. Vendor diversity
C - ....ANSWER ...-You've found signs of unauthorized access to a web server, and
on further review the attacker exploited a software vulnerability you didn't know about.
...©️ 2025, ALL RIGHTS RESERVED 2
,On contacting the vendor of the server software, you learn that its a recently discovered
vulnerability, but a hotfix is available pending the next software update. What kind of
vulnerability did they exploit? Choose the best response.
A. APT
B. Structural
C. Unknown
D. Zero-day
A - ....ANSWER ...-Through your organization you've seen a pattern of attacks of
different types. Login attempts, malware, phishing emails, application exploits, and so
on. None of the individual techniques are that exotic or hard to stop, but they're
seemingly endless and most seem to be the work of the same group of attackers. What
kind of threat is this? Choose the best response.
A. APT
B. Structural
C. Unknown
D. Zero-day
D - ....ANSWER ...-For your new security consulting position, you're helping a
hospital secure its HR database. It includes employee records such as contact
information, employment history, and payment data. What would this information be
classified as? Choose the best response.
...©️ 2025, ALL RIGHTS RESERVED 3
, A. IP
B. PCI
C. PHI
D. PII
A - ....ANSWER ...-You've been tracking a new form of malware on your network.
It seems to primarily work by attacking web browsers when they visit certain external
website. What parts of the network should your analysis focus on? Choose the best
response.
A. Endpoints
B. Network Appliances
C. SCADA devices
D. Servers
5,2,1,4,6,3 - ....ANSWER ...-Order the steps of a complete risk assessment.
1. Analyze business impact
2. Conduct a threat assessment
3. Create a mitigation strategy
4. Evaluate threat probability
...©️ 2025, ALL RIGHTS RESERVED 4
ANSWERS
C - ....ANSWER ...-A security program alerts you of a failed logon attempt to a
secure system. On investigation, you learn the system's normal user accidentally had
caps lock turned on. What kind of alert was it?
A. True positive
B. True negative
C. False positive
D. False negative
A - ....ANSWER ...-Your security policy calls for the company's financial data
archive to have its confidentiality, integrity, availability, and accountability protected.
Presently it's stored on two redundant servers protected by strong passwords and
transport encryption. What additional control would achieve your security goals?
A. A version management system that tracks all user accounts and revisions
B. Full-disk encryption
C. Regular data backups
...©️ 2025, ALL RIGHTS RESERVED 1
,D. Two-factor authentication
B - ....ANSWER ...-You work for a contracting company closely aligned with the
US federal government. Which organization's publications are likely to be most closely
related to your security compliance standards?
A. CIS
B. NIST
C. NSA
D. W3C
B, E - ....ANSWER ...-Your internal network is protected by a Cisco firewall
between the WAN and the internal network. While its not having any problems, your
supervisor suggests installing a Fortinet firewall between the Cisco firewall and the
trusted LAN in order to create a new DMZ. Which security principles does this promote?
A. Availability
B. Defense in depth
C. Security by design
D. Security by obscurity
E. Vendor diversity
C - ....ANSWER ...-You've found signs of unauthorized access to a web server, and
on further review the attacker exploited a software vulnerability you didn't know about.
...©️ 2025, ALL RIGHTS RESERVED 2
,On contacting the vendor of the server software, you learn that its a recently discovered
vulnerability, but a hotfix is available pending the next software update. What kind of
vulnerability did they exploit? Choose the best response.
A. APT
B. Structural
C. Unknown
D. Zero-day
A - ....ANSWER ...-Through your organization you've seen a pattern of attacks of
different types. Login attempts, malware, phishing emails, application exploits, and so
on. None of the individual techniques are that exotic or hard to stop, but they're
seemingly endless and most seem to be the work of the same group of attackers. What
kind of threat is this? Choose the best response.
A. APT
B. Structural
C. Unknown
D. Zero-day
D - ....ANSWER ...-For your new security consulting position, you're helping a
hospital secure its HR database. It includes employee records such as contact
information, employment history, and payment data. What would this information be
classified as? Choose the best response.
...©️ 2025, ALL RIGHTS RESERVED 3
, A. IP
B. PCI
C. PHI
D. PII
A - ....ANSWER ...-You've been tracking a new form of malware on your network.
It seems to primarily work by attacking web browsers when they visit certain external
website. What parts of the network should your analysis focus on? Choose the best
response.
A. Endpoints
B. Network Appliances
C. SCADA devices
D. Servers
5,2,1,4,6,3 - ....ANSWER ...-Order the steps of a complete risk assessment.
1. Analyze business impact
2. Conduct a threat assessment
3. Create a mitigation strategy
4. Evaluate threat probability
...©️ 2025, ALL RIGHTS RESERVED 4
