CASP 1 EXAM 2025 QUESTIONS AND
ANSWERS
Which of the following attacks does Unicast Reverse Path Forwarding prevent?
A. Man in the Middle
B. ARP poisoning
C. Broadcast storm
D. IP Spoofing - ....ANSWER ...-D. IP Spoofing
Which of the following authentication types is used primarily to authenticate users
through the use
of tickets?
A. LDAP
B. RADIUS
C. TACACS+
D. Kerberos - ....ANSWER ...-D. Kerberos
...©️ 2025, ALL RIGHTS RESERVED 1
,A security consultant is evaluating forms which will be used on a company website.
Which of the
following techniques or terms is MOST effective at preventing malicious individuals
from
successfully exploiting programming flaws in the website?
A. Anti-spam software
B. Application sandboxing
C. Data loss prevention
D. Input validation - ....ANSWER ...-D. Input validation
A security audit has uncovered that some of the encryption keys used to secure the
company B2B
financial transactions with its partners may be too weak. The security administrator
needs to
implement a process to ensure that financial transactions will not be compromised if a
weak
encryption key is found. Which of the following should the security administrator
implement?
A. Entropy should be enabled on all SSLv2 transactions.
B. AES256-CBC should be implemented for all encrypted data.
...©️ 2025, ALL RIGHTS RESERVED 2
,C. PFS should be implemented on all VPN tunnels.
D. PFS should be implemented on all SSH connections. - ....ANSWER ...-C. PFS
should be implemented on all VPN tunnels.
A company provides on-demand virtual computing for a sensitive project. The company
implements a fully virtualized datacenter and terminal server access with two-factor
authentication
for access to sensitive data. The security administrator at the company has uncovered a
breach in
data confidentiality. Sensitive data was found on a hidden directory within the
hypervisor. Which of
the following has MOST likely occurred?
A. A stolen two factor token and a memory mapping RAM exploit were used to move
data from
one virtual guest to an unauthorized similar token.
B. An employee with administrative access to the virtual guests was able to dump the
guest
memory onto their mapped disk.
C. A host server was left un-patched and an attacker was able to use a VMEscape attack
to gain
unauthorized access.
...©️ 2025, ALL RIGHTS RESERVED 3
, D. A virtual guest was left un-patched and an attacker was able to use a privilege
escalation attack
to gain unauthorized acce - ....ANSWER ...-C. A host server was left un-patched
and an attacker was able to use a VMEscape attack to gain
unauthorized access.
Company XYZ provides residential television cable service across a large region. The
company's board of directors is in the process of approving a deal with the following
three
companies:
A National landline telephone provider
A Regional wireless telephone provider
An international Internet service provider
The board of directors at Company XYZ wants to keep the companies and billing
separated.
While the Chief Information Officer (CIO) at Company XYZ is concerned about the
confidentiality
of Company XYZ's customer data and wants to share only minimal information about its
customers for the purpose of accounting, billing, and customer authentication.
The proposed solution must use open standards and must make it simple and seamless
for
Company XYZ's customers to receive all four services.
Which of the following solutions is BEST suited for this scenario?
...©️ 2025, ALL RIGHTS RESERVED 4
ANSWERS
Which of the following attacks does Unicast Reverse Path Forwarding prevent?
A. Man in the Middle
B. ARP poisoning
C. Broadcast storm
D. IP Spoofing - ....ANSWER ...-D. IP Spoofing
Which of the following authentication types is used primarily to authenticate users
through the use
of tickets?
A. LDAP
B. RADIUS
C. TACACS+
D. Kerberos - ....ANSWER ...-D. Kerberos
...©️ 2025, ALL RIGHTS RESERVED 1
,A security consultant is evaluating forms which will be used on a company website.
Which of the
following techniques or terms is MOST effective at preventing malicious individuals
from
successfully exploiting programming flaws in the website?
A. Anti-spam software
B. Application sandboxing
C. Data loss prevention
D. Input validation - ....ANSWER ...-D. Input validation
A security audit has uncovered that some of the encryption keys used to secure the
company B2B
financial transactions with its partners may be too weak. The security administrator
needs to
implement a process to ensure that financial transactions will not be compromised if a
weak
encryption key is found. Which of the following should the security administrator
implement?
A. Entropy should be enabled on all SSLv2 transactions.
B. AES256-CBC should be implemented for all encrypted data.
...©️ 2025, ALL RIGHTS RESERVED 2
,C. PFS should be implemented on all VPN tunnels.
D. PFS should be implemented on all SSH connections. - ....ANSWER ...-C. PFS
should be implemented on all VPN tunnels.
A company provides on-demand virtual computing for a sensitive project. The company
implements a fully virtualized datacenter and terminal server access with two-factor
authentication
for access to sensitive data. The security administrator at the company has uncovered a
breach in
data confidentiality. Sensitive data was found on a hidden directory within the
hypervisor. Which of
the following has MOST likely occurred?
A. A stolen two factor token and a memory mapping RAM exploit were used to move
data from
one virtual guest to an unauthorized similar token.
B. An employee with administrative access to the virtual guests was able to dump the
guest
memory onto their mapped disk.
C. A host server was left un-patched and an attacker was able to use a VMEscape attack
to gain
unauthorized access.
...©️ 2025, ALL RIGHTS RESERVED 3
, D. A virtual guest was left un-patched and an attacker was able to use a privilege
escalation attack
to gain unauthorized acce - ....ANSWER ...-C. A host server was left un-patched
and an attacker was able to use a VMEscape attack to gain
unauthorized access.
Company XYZ provides residential television cable service across a large region. The
company's board of directors is in the process of approving a deal with the following
three
companies:
A National landline telephone provider
A Regional wireless telephone provider
An international Internet service provider
The board of directors at Company XYZ wants to keep the companies and billing
separated.
While the Chief Information Officer (CIO) at Company XYZ is concerned about the
confidentiality
of Company XYZ's customer data and wants to share only minimal information about its
customers for the purpose of accounting, billing, and customer authentication.
The proposed solution must use open standards and must make it simple and seamless
for
Company XYZ's customers to receive all four services.
Which of the following solutions is BEST suited for this scenario?
...©️ 2025, ALL RIGHTS RESERVED 4
