CompTIA CASP+ Practice Exam –
Questions And Correct Answers
(Verified Answers) Plus Rationales
2025/2026 Q&A | Instant Download
Pdf .
1.
A security architect needs to design an authentication solution that supports
biometric data but avoids storing raw biometric images. Which technology
provides this capability?
A. Kerberos
B. LDAP
C. Federated identity with biometric templates
D. RADIUS
Using biometric templates allows authentication without storing actual
images, enhancing privacy and compliance.
2.
Which cryptographic concept ensures that data cannot be altered without
detection?
A. Confidentiality
B. Integrity
C. Availability
D. Non-repudiation
Integrity ensures data remains unaltered; hashing techniques enforce this.
3.
An organization wants to encrypt large amounts of data at rest efficiently.
Which type of encryption should be used?
,A. Asymmetric encryption
B. Symmetric encryption
C. Hashing
D. Steganography
Symmetric encryption is faster and ideal for encrypting bulk data.
4.
A company needs to secure IoT devices used in industrial control systems.
Which protocol is most appropriate for secure communication?
A. FTP
B. HTTP
C. MQTT
D. MQTT over TLS
TLS secures MQTT messages, ensuring data confidentiality and integrity.
5.
A penetration tester intercepts data transmitted over a network and finds it in
plaintext. What control was likely missing?
A. Network segmentation
B. Firewall
C. Encryption
D. Authentication
Unencrypted traffic exposes sensitive data to attackers.
6.
Which of the following ensures accountability in access control systems?
A. Authentication
B. Authorization
C. Auditing
D. Accounting
Auditing tracks user activities, ensuring accountability.
7.
, An enterprise uses cloud-based storage for sensitive information. Which
control ensures that only specific users can access certain files?
A. Mandatory Access Control (MAC)
B. Role-Based Access Control (RBAC)
C. Discretionary Access Control (DAC)
D. Attribute-Based Access Control (ABAC)
RBAC assigns permissions based on job roles, simplifying access management.
8.
A CASP+ professional must recommend a solution for verifying system integrity
at boot time. Which technology should they suggest?
A. BitLocker
B. Secure Enclave
C. Trusted Platform Module (TPM)
D. Hardware Security Module (HSM)
TPM verifies the integrity of the boot process using measured values.
9.
Which risk response strategy involves transferring the impact of a risk to a
third party?
A. Avoidance
B. Mitigation
C. Transference
D. Acceptance
Risk transference typically involves insurance or outsourcing.
10.
A company needs to minimize the blast radius of a potential breach in a multi-
cloud environment. What should be implemented?
A. Single sign-on
B. Network segmentation
C. Centralized logging
D. Redundant gateways
Segmentation isolates environments to limit breach impact.
Questions And Correct Answers
(Verified Answers) Plus Rationales
2025/2026 Q&A | Instant Download
Pdf .
1.
A security architect needs to design an authentication solution that supports
biometric data but avoids storing raw biometric images. Which technology
provides this capability?
A. Kerberos
B. LDAP
C. Federated identity with biometric templates
D. RADIUS
Using biometric templates allows authentication without storing actual
images, enhancing privacy and compliance.
2.
Which cryptographic concept ensures that data cannot be altered without
detection?
A. Confidentiality
B. Integrity
C. Availability
D. Non-repudiation
Integrity ensures data remains unaltered; hashing techniques enforce this.
3.
An organization wants to encrypt large amounts of data at rest efficiently.
Which type of encryption should be used?
,A. Asymmetric encryption
B. Symmetric encryption
C. Hashing
D. Steganography
Symmetric encryption is faster and ideal for encrypting bulk data.
4.
A company needs to secure IoT devices used in industrial control systems.
Which protocol is most appropriate for secure communication?
A. FTP
B. HTTP
C. MQTT
D. MQTT over TLS
TLS secures MQTT messages, ensuring data confidentiality and integrity.
5.
A penetration tester intercepts data transmitted over a network and finds it in
plaintext. What control was likely missing?
A. Network segmentation
B. Firewall
C. Encryption
D. Authentication
Unencrypted traffic exposes sensitive data to attackers.
6.
Which of the following ensures accountability in access control systems?
A. Authentication
B. Authorization
C. Auditing
D. Accounting
Auditing tracks user activities, ensuring accountability.
7.
, An enterprise uses cloud-based storage for sensitive information. Which
control ensures that only specific users can access certain files?
A. Mandatory Access Control (MAC)
B. Role-Based Access Control (RBAC)
C. Discretionary Access Control (DAC)
D. Attribute-Based Access Control (ABAC)
RBAC assigns permissions based on job roles, simplifying access management.
8.
A CASP+ professional must recommend a solution for verifying system integrity
at boot time. Which technology should they suggest?
A. BitLocker
B. Secure Enclave
C. Trusted Platform Module (TPM)
D. Hardware Security Module (HSM)
TPM verifies the integrity of the boot process using measured values.
9.
Which risk response strategy involves transferring the impact of a risk to a
third party?
A. Avoidance
B. Mitigation
C. Transference
D. Acceptance
Risk transference typically involves insurance or outsourcing.
10.
A company needs to minimize the blast radius of a potential breach in a multi-
cloud environment. What should be implemented?
A. Single sign-on
B. Network segmentation
C. Centralized logging
D. Redundant gateways
Segmentation isolates environments to limit breach impact.
