FEDVTE CASP EXAM 2025
QUESTIONS AND ANSWERS
A flaw in an online sporting goods website allows customers to purchase multiple
quantities of goods and only be charged the single quantity price. To improve the site,
management is demanding that the ecommerce application be tested to insure this flaw
is corrected. Which of the following is the BEST combination of tools and or methods to
use? - ....ANSWER ...-A. Blackbox testing using outside consultants
C. Fuzzer and HTTP interceptor
All adverse impacts of a security event can be measured quantitatively? -
....ANSWER ...-False
An active\passive cluster of redundant routers and firewalls has been installed in the
network edge by your enterprise LAN/WAN engineer. The firewalls are using stateful
firewall inspection. Even with the redundant equipment, there are still multiple reports
of dropped connections with external clients. Which of the following is MOST likely the
cause of this problem? - ....ANSWER ...-TCP sessions are being rejected because
they are being handled by asynchronous route paths through the firewalls.
...©️ 2025, ALL RIGHTS RESERVED 1
, Which of the following describes a single sign on implementation? -
....ANSWER ...-A web access load balancer passes the same authentication
attributes in a HTTP header to multiple applications.
What does the access control term AAA stand for? - ....ANSWER ...-
Authentication, Authorization, Accounting
A government agency has a major new initiative to virtualize as many servers as possible,
due to power and rack space capacity at its two data centers. The agency has prioritized
virtualizing older servers first as the hardware is nearing end of life. The two initial
migrations include Windows 2000 hosts (domain controllers and front-facing web
servers) and open source Linux hosts (front facing web servers). Which of the following
should occur based on best practices? - ....ANSWER ...-Each data center should
contain separate virtual environments for the web servers and for the domain controllers.
Shifting the responsibility for a risk to a third party is which strategy for managing risks?
- ....ANSWER ...-Transfer
Audit logs can be used to prevent users from performing unauthorized operations. -
....ANSWER ...-False
The CISO at a software development company is concerned about weaknesses in the
review processes his company has for their major product. Testing was performed in
house by a small review team, and the previous projects have been found to have that
only limited test cases were used and many of the code paths remained untested. The
CISO raised concerns that this product cannot fail in an upcoming large scale
deployment. Which of the following will provide the MOST thorough additional testing?
...©️ 2025, ALL RIGHTS RESERVED 2
QUESTIONS AND ANSWERS
A flaw in an online sporting goods website allows customers to purchase multiple
quantities of goods and only be charged the single quantity price. To improve the site,
management is demanding that the ecommerce application be tested to insure this flaw
is corrected. Which of the following is the BEST combination of tools and or methods to
use? - ....ANSWER ...-A. Blackbox testing using outside consultants
C. Fuzzer and HTTP interceptor
All adverse impacts of a security event can be measured quantitatively? -
....ANSWER ...-False
An active\passive cluster of redundant routers and firewalls has been installed in the
network edge by your enterprise LAN/WAN engineer. The firewalls are using stateful
firewall inspection. Even with the redundant equipment, there are still multiple reports
of dropped connections with external clients. Which of the following is MOST likely the
cause of this problem? - ....ANSWER ...-TCP sessions are being rejected because
they are being handled by asynchronous route paths through the firewalls.
...©️ 2025, ALL RIGHTS RESERVED 1
, Which of the following describes a single sign on implementation? -
....ANSWER ...-A web access load balancer passes the same authentication
attributes in a HTTP header to multiple applications.
What does the access control term AAA stand for? - ....ANSWER ...-
Authentication, Authorization, Accounting
A government agency has a major new initiative to virtualize as many servers as possible,
due to power and rack space capacity at its two data centers. The agency has prioritized
virtualizing older servers first as the hardware is nearing end of life. The two initial
migrations include Windows 2000 hosts (domain controllers and front-facing web
servers) and open source Linux hosts (front facing web servers). Which of the following
should occur based on best practices? - ....ANSWER ...-Each data center should
contain separate virtual environments for the web servers and for the domain controllers.
Shifting the responsibility for a risk to a third party is which strategy for managing risks?
- ....ANSWER ...-Transfer
Audit logs can be used to prevent users from performing unauthorized operations. -
....ANSWER ...-False
The CISO at a software development company is concerned about weaknesses in the
review processes his company has for their major product. Testing was performed in
house by a small review team, and the previous projects have been found to have that
only limited test cases were used and many of the code paths remained untested. The
CISO raised concerns that this product cannot fail in an upcoming large scale
deployment. Which of the following will provide the MOST thorough additional testing?
...©️ 2025, ALL RIGHTS RESERVED 2