CASP PRACTICE EXAM 1 2025
QUESTIONS AND ANSWERS
Several of your organization's users have requested permission to install certificates from
a third party. Company policy states that before users can install these certificates, you
must verify that the certificates are still valid. You need to check for revocation. What
could you check to verify this information? (Choose all that apply.)
A. CRL
B. OCSP
C. DNSSEC
D. DRM - ....ANSWER ...-Answer: A, B
Explanation: You can use either a certificate revocation list (CRL) or Online Certificate
Status Protocol (OCSP) to check for certificate revocation, depending on which type of
PKI is deployed.
...©️ 2025, ALL RIGHTS RESERVED 1
,Your company has an intrusion detection system (IDS) and firewall deployed on the
perimeter of the network to detect attacks against internal resources. Yesterday, the IDS
alerted you that SSL sessions are under attack, using an older exploit against SSLv2.
Your organization's web server must use encryption for all financial transactions. You
need to prevent such an attack from being successful in the future. What should you do?
A. Block SSLv2 on the firewall.
B. Block SSLv2 on the web server.
C. Disable SSLv2 and enable SSLv3 on the web server.
D. Update the web server with the latest patches and updates. - ....ANSWER ...-
Answer: C
Explanation: You should disable SSLv2 and enable SSLv3 on the web server. This will
prevent the use of SSLv2, which is the problem.
The research department for your company needs to carry out a web conference with a
third party. The manager of the research department has requested that you ensure that
the web conference is encrypted because of the sensitive nature of the topic that will be
discussed. Which of the following should you deploy?
...©️ 2025, ALL RIGHTS RESERVED 2
,A. SSL
B. SET
C. IPsec
D. RC4 - ....ANSWER ...-Answer: D
Explanation: RC4 is a stream-based cipher and could be used to encrypt web conference
traffic.
Your company has recently decided to merge with another company. Each company has
its own Internet PKI that deploys certificates to users within that network. You have
been asked to deploy a solution that allows each company to trust the other's certificates.
What should you do?
A. Issue a policy certificate accepting both trust paths.
B. Deploy a new PKI for all users and import the current user certificates to the new PKI.
C. Use a cross-certification certificate.
...©️ 2025, ALL RIGHTS RESERVED 3
, D. Add the root certificate to both of the root certification authorities (CAs). -
....ANSWER ...-Answer: C
Explanation: You should use a cross-certification certificate to ensure that each
company trusts the other company's certificates.
Your company has a single, centralized web-based retail sales system. Orders come in 12
hours per day, 364 days per year. Sales average $500,000 per day. Attacks against the
retail sales system occur on a daily basis.
For the retail sales system, there is a 1% chance of a hacker bringing the system down.
The mean time to restore the system is 6 hours. What is the ALE for this system?
A. $912,500
B. $250,000
C. $500,000
D. $910,000 - ....ANSWER ...-Answer: D
...©️ 2025, ALL RIGHTS RESERVED 4
QUESTIONS AND ANSWERS
Several of your organization's users have requested permission to install certificates from
a third party. Company policy states that before users can install these certificates, you
must verify that the certificates are still valid. You need to check for revocation. What
could you check to verify this information? (Choose all that apply.)
A. CRL
B. OCSP
C. DNSSEC
D. DRM - ....ANSWER ...-Answer: A, B
Explanation: You can use either a certificate revocation list (CRL) or Online Certificate
Status Protocol (OCSP) to check for certificate revocation, depending on which type of
PKI is deployed.
...©️ 2025, ALL RIGHTS RESERVED 1
,Your company has an intrusion detection system (IDS) and firewall deployed on the
perimeter of the network to detect attacks against internal resources. Yesterday, the IDS
alerted you that SSL sessions are under attack, using an older exploit against SSLv2.
Your organization's web server must use encryption for all financial transactions. You
need to prevent such an attack from being successful in the future. What should you do?
A. Block SSLv2 on the firewall.
B. Block SSLv2 on the web server.
C. Disable SSLv2 and enable SSLv3 on the web server.
D. Update the web server with the latest patches and updates. - ....ANSWER ...-
Answer: C
Explanation: You should disable SSLv2 and enable SSLv3 on the web server. This will
prevent the use of SSLv2, which is the problem.
The research department for your company needs to carry out a web conference with a
third party. The manager of the research department has requested that you ensure that
the web conference is encrypted because of the sensitive nature of the topic that will be
discussed. Which of the following should you deploy?
...©️ 2025, ALL RIGHTS RESERVED 2
,A. SSL
B. SET
C. IPsec
D. RC4 - ....ANSWER ...-Answer: D
Explanation: RC4 is a stream-based cipher and could be used to encrypt web conference
traffic.
Your company has recently decided to merge with another company. Each company has
its own Internet PKI that deploys certificates to users within that network. You have
been asked to deploy a solution that allows each company to trust the other's certificates.
What should you do?
A. Issue a policy certificate accepting both trust paths.
B. Deploy a new PKI for all users and import the current user certificates to the new PKI.
C. Use a cross-certification certificate.
...©️ 2025, ALL RIGHTS RESERVED 3
, D. Add the root certificate to both of the root certification authorities (CAs). -
....ANSWER ...-Answer: C
Explanation: You should use a cross-certification certificate to ensure that each
company trusts the other company's certificates.
Your company has a single, centralized web-based retail sales system. Orders come in 12
hours per day, 364 days per year. Sales average $500,000 per day. Attacks against the
retail sales system occur on a daily basis.
For the retail sales system, there is a 1% chance of a hacker bringing the system down.
The mean time to restore the system is 6 hours. What is the ALE for this system?
A. $912,500
B. $250,000
C. $500,000
D. $910,000 - ....ANSWER ...-Answer: D
...©️ 2025, ALL RIGHTS RESERVED 4
