CASP PRACTICE EXAM 2 2025
QUESTIONS AND ANSWERS
Your company performs a security audit. This audit uncovers that some of the
encryption keys that secure the company business-to-business (B2B) financial
transactions with its partners may be too weak. The security administrator needs to
ensure that financial transactions will not be compromised if a weak encryption key is
found. What should the security administrator do?
Options:
A. Implement PFS on all VPN tunnels.
B. Implement PFS on all SSH connections.
C. Enable entropy on all SSLv2 transactions.
D. Implement AES256-CBC for all encrypted data. - ....ANSWER ...-Answer: A
...©️ 2025, ALL RIGHTS RESERVED 1
,Explanation: The security administrator should implement PFS on all VPN tunnels.
This will ensure that the B2B financial transactions will not be compromised if a weak
encryption key is found. Perfect forward secrecy (PFS) ensures that a session key derived
from a set of long-term keys cannot be compromised if one of the long-term keys is
compromised in the future.
Users report that they are having trouble with certificates. After researching the issue,
you discover that workstations on Network B are unable to validate certificates, while
workstations on Network A are having no issues. You need to ensure that each
certificate is validated by a single server that returns the validity of that certificate. What
should you use?
Options:
A. XACML
B. OCSP
C. DRM
D. S/MIME - ....ANSWER ...-Answer: B
...©️ 2025, ALL RIGHTS RESERVED 2
,Explanation: Online Certificate Status Protocol (OCSP) allows a certificate to be
validated by a single server that returns the validity of that certificate.
After a security incident, you revoke the SSL certificate for your company's web server,
www.pearson.com. Later, you discover that a few other servers are generating certificate
errors: ftp.pearson.com, mail.pearson.com, and partners.pearson.com. Which of the
following is MOST likely the reason for this?
Options:
A. Certificates should be revoked at the domain level.
B. The CRL has not been updated yet.
C. The servers used a wildcard certificate.
D. The web server is the CA for the PKI. - ....ANSWER ...-Answer: C
Explanation: The most likely reason for a few other servers generating certificate errors
is that the servers used a wildcard certificate.
An employee of your company files a complaint with a security administrator. While
sniffing network traffic, the employee discovers that financially confidential emails were
passing between two warehouse users. The two users deny having sent confidential
...©️ 2025, ALL RIGHTS RESERVED 3
, emails to each other. You need to allow for non-repudiation and prevent network sniffers
from reading the confidential mail. What should you do?
Options:
A. Implement transport encryption and authentication hashing.
B. Implement transport encryption and legal mail hold.
C. Implement legal mail hold and authentication hashing.
D. Implement transport encryption and digital signatures. - ....ANSWER ...-
Answer: D
Explanation: To allow for non-repudiation and prevent network sniffers from reading the
confidential mail, you should implement transport encryption and digital signatures.
Transport encryption protects all information transmitted over the network. Digital
signatures ensure that the source of the email can be verified.
You need to install a patch for a human resources application. When you access the
vendor's website, it shows that the patch is located on four different servers. A hash value
is given. What should you do to ensure that you obtain the appropriate, unchanged
patch?
...©️ 2025, ALL RIGHTS RESERVED 4
QUESTIONS AND ANSWERS
Your company performs a security audit. This audit uncovers that some of the
encryption keys that secure the company business-to-business (B2B) financial
transactions with its partners may be too weak. The security administrator needs to
ensure that financial transactions will not be compromised if a weak encryption key is
found. What should the security administrator do?
Options:
A. Implement PFS on all VPN tunnels.
B. Implement PFS on all SSH connections.
C. Enable entropy on all SSLv2 transactions.
D. Implement AES256-CBC for all encrypted data. - ....ANSWER ...-Answer: A
...©️ 2025, ALL RIGHTS RESERVED 1
,Explanation: The security administrator should implement PFS on all VPN tunnels.
This will ensure that the B2B financial transactions will not be compromised if a weak
encryption key is found. Perfect forward secrecy (PFS) ensures that a session key derived
from a set of long-term keys cannot be compromised if one of the long-term keys is
compromised in the future.
Users report that they are having trouble with certificates. After researching the issue,
you discover that workstations on Network B are unable to validate certificates, while
workstations on Network A are having no issues. You need to ensure that each
certificate is validated by a single server that returns the validity of that certificate. What
should you use?
Options:
A. XACML
B. OCSP
C. DRM
D. S/MIME - ....ANSWER ...-Answer: B
...©️ 2025, ALL RIGHTS RESERVED 2
,Explanation: Online Certificate Status Protocol (OCSP) allows a certificate to be
validated by a single server that returns the validity of that certificate.
After a security incident, you revoke the SSL certificate for your company's web server,
www.pearson.com. Later, you discover that a few other servers are generating certificate
errors: ftp.pearson.com, mail.pearson.com, and partners.pearson.com. Which of the
following is MOST likely the reason for this?
Options:
A. Certificates should be revoked at the domain level.
B. The CRL has not been updated yet.
C. The servers used a wildcard certificate.
D. The web server is the CA for the PKI. - ....ANSWER ...-Answer: C
Explanation: The most likely reason for a few other servers generating certificate errors
is that the servers used a wildcard certificate.
An employee of your company files a complaint with a security administrator. While
sniffing network traffic, the employee discovers that financially confidential emails were
passing between two warehouse users. The two users deny having sent confidential
...©️ 2025, ALL RIGHTS RESERVED 3
, emails to each other. You need to allow for non-repudiation and prevent network sniffers
from reading the confidential mail. What should you do?
Options:
A. Implement transport encryption and authentication hashing.
B. Implement transport encryption and legal mail hold.
C. Implement legal mail hold and authentication hashing.
D. Implement transport encryption and digital signatures. - ....ANSWER ...-
Answer: D
Explanation: To allow for non-repudiation and prevent network sniffers from reading the
confidential mail, you should implement transport encryption and digital signatures.
Transport encryption protects all information transmitted over the network. Digital
signatures ensure that the source of the email can be verified.
You need to install a patch for a human resources application. When you access the
vendor's website, it shows that the patch is located on four different servers. A hash value
is given. What should you do to ensure that you obtain the appropriate, unchanged
patch?
...©️ 2025, ALL RIGHTS RESERVED 4
