CASP PRACTICE EXAM 3 2025
QUESTIONS AND ANSWERS
You are the security administrator for your company. You are required to implement a
solution that will provide the highest level of confidentiality possible to all data on the
network.
Two-factor token and biometric-based authentication is implemented for all users.
Administrator-level accounts are tightly controlled and issued separately to each user
needing administrative access. Auditing is enabled to log all transactions. All hard drives
are protected using full disk encryption.
All resources have access control lists (ACLs) that can only be changed by an
administrator. All server resources are virtualized. LUN masking is implemented to
segregate storage area network (SAN) data. All switches are configured with port
security. The network is protected with a firewall using ACLs, a NIPS device, and
secured wireless access points.
You need to improve the current architecture to provide the stated goal. What shou -
....ANSWER ...-Answer: A
...©️ 2025, ALL RIGHTS RESERVED 1
,Explanation: You should implement transport encryption to provide the highest level of
confidentiality possible for all data on the network.
The public relations department at your company regularly sends out emails signed by
the company's CEO with announcements about the company. The CEO sends company
and personal emails from a different email account.
A competitor is suing your company for copyright infringement. As part of the
investigation, you must provide legal counsel with a copy of all emails that came from
the CEO, including those generated by the public relations department. The email
server allows emails to be digitally signed, and the corporate PKI provisioning allows for
one certificate per user. The CEO did not share his password with anyone. You need to
provide legal counsel with information on how to determine whether a particular email
came from the public relations department or from the CEO. What should you do?
Options:
A. Implement digital rights management (DRM).
B. Use non-repudiation.
C. Implement encryption.
...©️ 2025, ALL RIGHTS RESERVED 2
,D. Employ key esc - ....ANSWER ...-Answer: B
Explanation: You should use non-repudiation. Non-repudiation is provided when an
email includes a digital signature.
After connecting to a secure payment server at https://checkout.pearson.com, an
auditor notices that the SSL certificate was issued to *.pearson.com. The auditor also
notices that many of the internal development servers use the same certificate. After
installing the certificate on Srv1.pearson.com, one of the developers reports misplacing
the USB thumb drive where the SSL certificate was stored.
Which of the following should the auditor recommend FIRST?
Options:
A. Generate a new public key for each server.
B. Generate a new private key for each server.
C. Replace the SSL certificate on Srv1.pearson.com.
...©️ 2025, ALL RIGHTS RESERVED 3
, D. Replace the SSL certificate on checkout.pearson.com. - ....ANSWER ...-Answer:
C
Explanation: You should replace the SSL certificate on Srv1.pearson.com. The
development servers need to have a new SSL certificate.
A new company requirement says that multi-factor authentication is required to access
network resources. You have been asked to research and implement the most cost-
effective solution that would authenticate both hardware and users. The company wants
to leverage PKI, which is already well established.
You issue individual private/public key pairs to each user and install the public key on
the central authentication system. What should you do next?
Options:
A. Require each user to install the private key on his or her computer and protect it with
his or her credentials.
B. Deploy biometrics on each client computer.
C. Issue each user one hardware token.
...©️ 2025, ALL RIGHTS RESERVED 4
QUESTIONS AND ANSWERS
You are the security administrator for your company. You are required to implement a
solution that will provide the highest level of confidentiality possible to all data on the
network.
Two-factor token and biometric-based authentication is implemented for all users.
Administrator-level accounts are tightly controlled and issued separately to each user
needing administrative access. Auditing is enabled to log all transactions. All hard drives
are protected using full disk encryption.
All resources have access control lists (ACLs) that can only be changed by an
administrator. All server resources are virtualized. LUN masking is implemented to
segregate storage area network (SAN) data. All switches are configured with port
security. The network is protected with a firewall using ACLs, a NIPS device, and
secured wireless access points.
You need to improve the current architecture to provide the stated goal. What shou -
....ANSWER ...-Answer: A
...©️ 2025, ALL RIGHTS RESERVED 1
,Explanation: You should implement transport encryption to provide the highest level of
confidentiality possible for all data on the network.
The public relations department at your company regularly sends out emails signed by
the company's CEO with announcements about the company. The CEO sends company
and personal emails from a different email account.
A competitor is suing your company for copyright infringement. As part of the
investigation, you must provide legal counsel with a copy of all emails that came from
the CEO, including those generated by the public relations department. The email
server allows emails to be digitally signed, and the corporate PKI provisioning allows for
one certificate per user. The CEO did not share his password with anyone. You need to
provide legal counsel with information on how to determine whether a particular email
came from the public relations department or from the CEO. What should you do?
Options:
A. Implement digital rights management (DRM).
B. Use non-repudiation.
C. Implement encryption.
...©️ 2025, ALL RIGHTS RESERVED 2
,D. Employ key esc - ....ANSWER ...-Answer: B
Explanation: You should use non-repudiation. Non-repudiation is provided when an
email includes a digital signature.
After connecting to a secure payment server at https://checkout.pearson.com, an
auditor notices that the SSL certificate was issued to *.pearson.com. The auditor also
notices that many of the internal development servers use the same certificate. After
installing the certificate on Srv1.pearson.com, one of the developers reports misplacing
the USB thumb drive where the SSL certificate was stored.
Which of the following should the auditor recommend FIRST?
Options:
A. Generate a new public key for each server.
B. Generate a new private key for each server.
C. Replace the SSL certificate on Srv1.pearson.com.
...©️ 2025, ALL RIGHTS RESERVED 3
, D. Replace the SSL certificate on checkout.pearson.com. - ....ANSWER ...-Answer:
C
Explanation: You should replace the SSL certificate on Srv1.pearson.com. The
development servers need to have a new SSL certificate.
A new company requirement says that multi-factor authentication is required to access
network resources. You have been asked to research and implement the most cost-
effective solution that would authenticate both hardware and users. The company wants
to leverage PKI, which is already well established.
You issue individual private/public key pairs to each user and install the public key on
the central authentication system. What should you do next?
Options:
A. Require each user to install the private key on his or her computer and protect it with
his or her credentials.
B. Deploy biometrics on each client computer.
C. Issue each user one hardware token.
...©️ 2025, ALL RIGHTS RESERVED 4
