9/4/24, 3:57 AM
CASP Practice Exam 1
Jeremiah
Terms in this set (79)
Several of your organization's users have Answer: A, B
requested permission to install certificates
from a third party. Company policy states Explanation: You can use either a certificate revocation list (CRL) or Online Certificate
that before users can install these Status Protocol (OCSP) to check for certificate revocation, depending on which type of
certificates, you must verify that the PKI is deployed.
certificates are still valid. You need to check
for revocation. What could you check to
verify this information? (Choose all that
apply.)
A. CRL
B. OCSP
C. DNSSEC
D. DRM
1/29
,9/4/24, 3:57 AM
Your company has an intrusion detection Answer: C
system (IDS) and firewall deployed on the
perimeter of the network to detect attacks Explanation: You should disable SSLv2 and enable SSLv3 on the web server. This will
against internal resources. Yesterday, the IDS prevent the use of SSLv2, which is the problem.
alerted you that SSL sessions are under
attack, using an older exploit against SSLv2.
Your organization's web server must use
encryption for all financial transactions. You
need to prevent such an attack from being
successful in the future. What should you
do?
A. Block SSLv2 on the firewall.
B. Block SSLv2 on the web server.
C. Disable SSLv2 and enable SSLv3 on the
web server.
D. Update the web server with the latest
patches and updates.
The research department for your company Answer: D
needs to carry out a web conference with a
third party. The manager of the research Explanation: RC4 is a stream-based cipher and could be used to encrypt web
department has requested that you ensure conference traffic.
that the web conference is encrypted
because of the sensitive nature of the topic
that will be discussed. Which of the following
should you deploy?
A. SSL
B. SET
C. IPsec
D. RC4
Your company has recently decided to Answer: C
merge with another company. Each
company has its own Internet PKI that Explanation: You should use a cross-certification certificate to ensure that each
deploys certificates to users within that company trusts the other company's certificates.
network. You have been asked to deploy a
solution that allows each company to trust
the other's certificates. What should you do?
A. Issue a policy certificate accepting both
trust paths.
B. Deploy a new PKI for all users and import
the current user certificates to the new PKI.
C. Use a cross-certification certificate.
D. Add the root certificate to both of the
CASP
root Practice
certification Exam
authorities (CAs).1
2/29
, 9/4/24, 3:57 AM
Your company has a single, centralized web- Answer: D
based retail sales system. Orders come in 12
hours per day, 364 days per year. Sales Explanation: The annualized loss expectancy (ALE) for the system is $910,000. The asset
average $500,000 per day. Attacks against value (AV) is $500,000. The exposure factor (EF) is 0.5 (6 hours/12 hours).
the retail sales system occur on a daily basis.
Single loss expectancy (SLE) = AV × EF = $500,000 × 0.5 = $250,000
For the retail sales system, there is a 1%
chance of a hacker bringing the system Annualized rate of occurrence (ARO) = 0.01 × 364 = 3.64
down. The mean time to restore the system is
6 hours. What is the ALE for this system? Annualized loss expectancy (ALE) = SLE × ARO = $250,000 × 3.64 = $910,000
A. $912,500
B. $250,000
C. $500,000
D. $910,000
Your organization has recently implemented Answer: B
several new security policies in response to a
recent risk analysis. One of the new policies Explanation: Configuring controls that will protect files from unauthorized or accidental
states that controls must be configured to deletion addresses data integrity.
protect files from unauthorized or accidental
deletion. Which aspect of security does this
new policy address?
A. confidentiality
B. integrity
C. availability
D. authorization
Your company completes a risk analysis. Answer: D
After the analysis, management requests that
you deploy security controls that will Explanation: Risk mitigation is defining the acceptable risk level the organization can
mitigate any of the identified risks. What is tolerate and reducing the risk to that level.
risk mitigation?
A. risk that is left over after safeguards have
been implemented
B. terminating the activity that causes a risk
or choosing an alternative that is not as risky
C. passing the risk on to a third party
D. defining the acceptable risk level the
organization can tolerate and reducing the
risk to that level
3/29
CASP Practice Exam 1
Jeremiah
Terms in this set (79)
Several of your organization's users have Answer: A, B
requested permission to install certificates
from a third party. Company policy states Explanation: You can use either a certificate revocation list (CRL) or Online Certificate
that before users can install these Status Protocol (OCSP) to check for certificate revocation, depending on which type of
certificates, you must verify that the PKI is deployed.
certificates are still valid. You need to check
for revocation. What could you check to
verify this information? (Choose all that
apply.)
A. CRL
B. OCSP
C. DNSSEC
D. DRM
1/29
,9/4/24, 3:57 AM
Your company has an intrusion detection Answer: C
system (IDS) and firewall deployed on the
perimeter of the network to detect attacks Explanation: You should disable SSLv2 and enable SSLv3 on the web server. This will
against internal resources. Yesterday, the IDS prevent the use of SSLv2, which is the problem.
alerted you that SSL sessions are under
attack, using an older exploit against SSLv2.
Your organization's web server must use
encryption for all financial transactions. You
need to prevent such an attack from being
successful in the future. What should you
do?
A. Block SSLv2 on the firewall.
B. Block SSLv2 on the web server.
C. Disable SSLv2 and enable SSLv3 on the
web server.
D. Update the web server with the latest
patches and updates.
The research department for your company Answer: D
needs to carry out a web conference with a
third party. The manager of the research Explanation: RC4 is a stream-based cipher and could be used to encrypt web
department has requested that you ensure conference traffic.
that the web conference is encrypted
because of the sensitive nature of the topic
that will be discussed. Which of the following
should you deploy?
A. SSL
B. SET
C. IPsec
D. RC4
Your company has recently decided to Answer: C
merge with another company. Each
company has its own Internet PKI that Explanation: You should use a cross-certification certificate to ensure that each
deploys certificates to users within that company trusts the other company's certificates.
network. You have been asked to deploy a
solution that allows each company to trust
the other's certificates. What should you do?
A. Issue a policy certificate accepting both
trust paths.
B. Deploy a new PKI for all users and import
the current user certificates to the new PKI.
C. Use a cross-certification certificate.
D. Add the root certificate to both of the
CASP
root Practice
certification Exam
authorities (CAs).1
2/29
, 9/4/24, 3:57 AM
Your company has a single, centralized web- Answer: D
based retail sales system. Orders come in 12
hours per day, 364 days per year. Sales Explanation: The annualized loss expectancy (ALE) for the system is $910,000. The asset
average $500,000 per day. Attacks against value (AV) is $500,000. The exposure factor (EF) is 0.5 (6 hours/12 hours).
the retail sales system occur on a daily basis.
Single loss expectancy (SLE) = AV × EF = $500,000 × 0.5 = $250,000
For the retail sales system, there is a 1%
chance of a hacker bringing the system Annualized rate of occurrence (ARO) = 0.01 × 364 = 3.64
down. The mean time to restore the system is
6 hours. What is the ALE for this system? Annualized loss expectancy (ALE) = SLE × ARO = $250,000 × 3.64 = $910,000
A. $912,500
B. $250,000
C. $500,000
D. $910,000
Your organization has recently implemented Answer: B
several new security policies in response to a
recent risk analysis. One of the new policies Explanation: Configuring controls that will protect files from unauthorized or accidental
states that controls must be configured to deletion addresses data integrity.
protect files from unauthorized or accidental
deletion. Which aspect of security does this
new policy address?
A. confidentiality
B. integrity
C. availability
D. authorization
Your company completes a risk analysis. Answer: D
After the analysis, management requests that
you deploy security controls that will Explanation: Risk mitigation is defining the acceptable risk level the organization can
mitigate any of the identified risks. What is tolerate and reducing the risk to that level.
risk mitigation?
A. risk that is left over after safeguards have
been implemented
B. terminating the activity that causes a risk
or choosing an alternative that is not as risky
C. passing the risk on to a third party
D. defining the acceptable risk level the
organization can tolerate and reducing the
risk to that level
3/29
