CASP-003 EXAM 2025 QUESTIONS
AND ANSWERS
Common Configuration Enumeration (CCE) - ....ANSWER ...-Configuration best
practice statements maintained by the NIST
Common Platform Enumeration (CPE) - ....ANSWER ...-Methods for describing
and classifying operating systems applications and hardware devices.
common vulnerabilities and exposures (CVEs) - ....ANSWER ...-Vulnerabilities
that have been identified and issued standard numbers.
Common Vulnerability Scoring System (CVSS) - ....ANSWER ...-A system of
ranking vulnerabilities that are discovered based on predefined metrics
common weakness enumeration (CWE) - ....ANSWER ...-Design flaws in the
development of software that can lead to vulnerabilities.
configuration management database (CMDB) - ....ANSWER ...-A database that
keeps track of the state of assets, such as products, systems, software, facilities, and
people, as they exist at specific points in time.
container-based virtualization - ....ANSWER ...-A type of server virtualization in
which the kernel allows for multiple isolated user-space instances. Also called operating
system virtualization.
...©️ 2025, ALL RIGHTS RESERVED 1
, content management system (CMS) - ....ANSWER ...-A system that publishes,
edits, modifies, organizes, deletes, and maintains content from a central interface
continuous integration (CI) - ....ANSWER ...-The practice of merging all developer
working copies into a shared mainline several times a day
Counter Mode (CTR) - ....ANSWER ...-A DES mode similar to OFB mode that
uses an incrementing initialization vector counter to ensure that each block is encrypted
with a unique keystream. Also, the ciphertext is not chaining into the encryption process.
Because this chaining does not occur, CTR performance is much better than with the
other modes.
database activity monitor (DAM) - ....ANSWER ...-A device that monitors
transactions and the activity of database services.
dd command - ....ANSWER ...-A UNIX/Linux command that is used is to convert
and copy files
de facto standards - ....ANSWER ...-Standards that are widely accepted but are not
formally adopted.
DMZ - ....ANSWER ...-A perimeter network where resources are exposed to the
Internet while being logically separated from the internal network
de-perimeterization - ....ANSWER ...-The process of changing a network boundary
to include devices normally considered to be outside the networks perimeter.
Device Fingerprinting - ....ANSWER ...-Identifying information such as the
operating system of a device.
...©️ 2025, ALL RIGHTS RESERVED 2
AND ANSWERS
Common Configuration Enumeration (CCE) - ....ANSWER ...-Configuration best
practice statements maintained by the NIST
Common Platform Enumeration (CPE) - ....ANSWER ...-Methods for describing
and classifying operating systems applications and hardware devices.
common vulnerabilities and exposures (CVEs) - ....ANSWER ...-Vulnerabilities
that have been identified and issued standard numbers.
Common Vulnerability Scoring System (CVSS) - ....ANSWER ...-A system of
ranking vulnerabilities that are discovered based on predefined metrics
common weakness enumeration (CWE) - ....ANSWER ...-Design flaws in the
development of software that can lead to vulnerabilities.
configuration management database (CMDB) - ....ANSWER ...-A database that
keeps track of the state of assets, such as products, systems, software, facilities, and
people, as they exist at specific points in time.
container-based virtualization - ....ANSWER ...-A type of server virtualization in
which the kernel allows for multiple isolated user-space instances. Also called operating
system virtualization.
...©️ 2025, ALL RIGHTS RESERVED 1
, content management system (CMS) - ....ANSWER ...-A system that publishes,
edits, modifies, organizes, deletes, and maintains content from a central interface
continuous integration (CI) - ....ANSWER ...-The practice of merging all developer
working copies into a shared mainline several times a day
Counter Mode (CTR) - ....ANSWER ...-A DES mode similar to OFB mode that
uses an incrementing initialization vector counter to ensure that each block is encrypted
with a unique keystream. Also, the ciphertext is not chaining into the encryption process.
Because this chaining does not occur, CTR performance is much better than with the
other modes.
database activity monitor (DAM) - ....ANSWER ...-A device that monitors
transactions and the activity of database services.
dd command - ....ANSWER ...-A UNIX/Linux command that is used is to convert
and copy files
de facto standards - ....ANSWER ...-Standards that are widely accepted but are not
formally adopted.
DMZ - ....ANSWER ...-A perimeter network where resources are exposed to the
Internet while being logically separated from the internal network
de-perimeterization - ....ANSWER ...-The process of changing a network boundary
to include devices normally considered to be outside the networks perimeter.
Device Fingerprinting - ....ANSWER ...-Identifying information such as the
operating system of a device.
...©️ 2025, ALL RIGHTS RESERVED 2
