D488 - CYBERSECURITY ARCHITECTURE
AND ENGINEERING (CASP+) Exam
Questions with 100% Correct Answers
Latest Versions 2025 Graded A+
A software development team is working on a new mobile application that will be used by customers.
The security team must ensure that builds of the application will be trusted by a variety of mobile
devices.
Which solution fulfills these requirements?
A) Code scanning
B) Regression testing
C) Code signing
D) Continuous delivery - ANSWER C) Code signing
An IT organization recently suffered a data leak incident. Management has asked the security team to
implement a print blocking mechanism for all documents stored on a corporate file share.
Which solution fulfills these requirements?
A) Virtual desktop infrastructure (VDI)
B) Remote Desktop Protocol (RDP)
C) Digital rights management (DRM)
D) Watermarking - ANSWER C) Digital rights management (DRM)
,A company has recently discovered that a competitor is distributing copyrighted videos produced by the
in-house marketing team. Management has asked the security team to prevent these types of violations
in the future.
Which solution fulfills these requirements?
A) Virtual desktop infrastructure (VDI)
B) Secure Socket Shell (SSH)
C) Digital rights management (DRM)
D) Remote Desktop Protocol (RDP) - ANSWER C) Digital rights management (DRM)
A security team has been tasked with performing regular vulnerability scans for a cloud-based
infrastructure.
How should these vulnerability scans be conducted when implementing zero trust security?
A) Manually
B) Annually
C) Automatically
D) As needed - ANSWER C) Automatically
A healthcare company needs to ensure that medical researchers cannot inadvertently share protected
health information (PHI) data from medical records.
What is the best solution?
,A) Encryption
B) Metadata
C) Anonymization
D) Obfuscation - ANSWER C) Anonymization
A security team has been tasked with mitigating the risk of stolen credentials after a recent breach. The
solution must isolate the use of privileged accounts. In the future, administrators must request access to
mission-critical services before they can perform their tasks.
What is the best solution?
A) Identity and access management (IAM)
B) Password policies
C) Privileged access management (PAM)
D) Password complexity - ANSWER C) Privileged access management (PAM)
A global manufacturing company is moving its applications to the cloud. The security team has been
tasked with hardening the access controls for a corporate web application that was recently migrated.
End users should be granted access to different features based on their locations and departments.
Which access control solution should be implemented?
A) Kerberos
B) Mandatory access control (MAC)
C) Attribute-based access control (ABAC)
D) Privileged access management (PAM) - ANSWER C) Attribute-based access control (ABAC)
, A team of developers is building a new corporate web application. The security team has stated that the
application must authenticate users through two separate channels of communication.
Which type of authentication method should the developers include when building the application?
A) In-band authentication
B) Kerberos
C) Out-of-band authentication
D) Challenge-Handshake Authentication Protocol (CHAP) - ANSWER C) Out-of-band authentication
An IT organization is implementing a hybrid cloud deployment. Users should be able to sign in to all
corporate resources using their email addresses as their usernames, regardless of whether they are
accessing an application on-premises or in the cloud.
Which solution meets this requirement?
A) JSON Web Token (JWT)
B) Trusted Platform Module (TPM)
C) Single sign-on (SSO)
D) Internet Protocol Security (IPsec) - ANSWER C) Single sign-on (SSO)
The security team has been tasked with implementing a secure authorization protocol for its web
applications.
Which of the following protocols provides the best method for securely authenticating users and
granting access?
A) Simple network management protocol (SNMP)
AND ENGINEERING (CASP+) Exam
Questions with 100% Correct Answers
Latest Versions 2025 Graded A+
A software development team is working on a new mobile application that will be used by customers.
The security team must ensure that builds of the application will be trusted by a variety of mobile
devices.
Which solution fulfills these requirements?
A) Code scanning
B) Regression testing
C) Code signing
D) Continuous delivery - ANSWER C) Code signing
An IT organization recently suffered a data leak incident. Management has asked the security team to
implement a print blocking mechanism for all documents stored on a corporate file share.
Which solution fulfills these requirements?
A) Virtual desktop infrastructure (VDI)
B) Remote Desktop Protocol (RDP)
C) Digital rights management (DRM)
D) Watermarking - ANSWER C) Digital rights management (DRM)
,A company has recently discovered that a competitor is distributing copyrighted videos produced by the
in-house marketing team. Management has asked the security team to prevent these types of violations
in the future.
Which solution fulfills these requirements?
A) Virtual desktop infrastructure (VDI)
B) Secure Socket Shell (SSH)
C) Digital rights management (DRM)
D) Remote Desktop Protocol (RDP) - ANSWER C) Digital rights management (DRM)
A security team has been tasked with performing regular vulnerability scans for a cloud-based
infrastructure.
How should these vulnerability scans be conducted when implementing zero trust security?
A) Manually
B) Annually
C) Automatically
D) As needed - ANSWER C) Automatically
A healthcare company needs to ensure that medical researchers cannot inadvertently share protected
health information (PHI) data from medical records.
What is the best solution?
,A) Encryption
B) Metadata
C) Anonymization
D) Obfuscation - ANSWER C) Anonymization
A security team has been tasked with mitigating the risk of stolen credentials after a recent breach. The
solution must isolate the use of privileged accounts. In the future, administrators must request access to
mission-critical services before they can perform their tasks.
What is the best solution?
A) Identity and access management (IAM)
B) Password policies
C) Privileged access management (PAM)
D) Password complexity - ANSWER C) Privileged access management (PAM)
A global manufacturing company is moving its applications to the cloud. The security team has been
tasked with hardening the access controls for a corporate web application that was recently migrated.
End users should be granted access to different features based on their locations and departments.
Which access control solution should be implemented?
A) Kerberos
B) Mandatory access control (MAC)
C) Attribute-based access control (ABAC)
D) Privileged access management (PAM) - ANSWER C) Attribute-based access control (ABAC)
, A team of developers is building a new corporate web application. The security team has stated that the
application must authenticate users through two separate channels of communication.
Which type of authentication method should the developers include when building the application?
A) In-band authentication
B) Kerberos
C) Out-of-band authentication
D) Challenge-Handshake Authentication Protocol (CHAP) - ANSWER C) Out-of-band authentication
An IT organization is implementing a hybrid cloud deployment. Users should be able to sign in to all
corporate resources using their email addresses as their usernames, regardless of whether they are
accessing an application on-premises or in the cloud.
Which solution meets this requirement?
A) JSON Web Token (JWT)
B) Trusted Platform Module (TPM)
C) Single sign-on (SSO)
D) Internet Protocol Security (IPsec) - ANSWER C) Single sign-on (SSO)
The security team has been tasked with implementing a secure authorization protocol for its web
applications.
Which of the following protocols provides the best method for securely authenticating users and
granting access?
A) Simple network management protocol (SNMP)
