CompTIA Advanced Security Practitioner (CASP+)(CAS-004) Quiz Questions and Answers

One of the biggest tasks as a security professional is identifying vulnerabilities. What is the difference between a vulnerability and a threat?

Answer :
  • A vulnerability is a weakness in system design, procedure, or code. A threat is the circumstance or likelihood of a vulnerability being exploited

Several servers went offline since an update was pushed out. Other servers without that patch are still operational but vulnerable to attack. As the security administrator, you must ensure that critical servers are patched while minimizing downtime. What is the best strategy to minimize risk?

Answer :
  • All updates are tested in a lab before deployment.

Your organization is in the middle of a risk assessment for a new network infrastructure upgrade. All planning is complete, and your plan must include which security controls are to be put in place during each stage of the upgrade. What risk response is most likely being considered while creating an SLA contract with a third party?

Answer :
  • Transferring risk

A small insurance business implemented least privilege. Management is concerned that staff might accidentally aid in fraud with the customers. Which of the following addresses security concerns with this risk?

Answer :
  • BSecurity awareness training

A competitor of your company was hacked, and the forensics show it was a social engineering phishing attack. What is the first thing you do to prevent this from happening at your company?

Answer :
  • AEducate all employees about social engineering risks and countermeasures.

You are employed in a high-risk, geographically diverse production environment. Which of these options would be the BEST reason to deploy link encryption to reduce risk?

Answer :
  • ALink encryption provides better flow confidentiality and routing.

Your manufacturing organization implemented a new vulnerability management tool. As the security analyst, you are tasked with creating a successful process for vulnerability assessment. What do you have to fully understand before assuming this task?

Answer :
  • BRisk assessments and threat identification

Your company needs to decide on a data backup plan strategy. You established your RPO as 8 hours, and your RTO after any disaster, man-made or natural, as 48 hours. These RTOs were established by the business owner while developing the BIAThe RTO includes which of the following?

Answer :
  • ARecovery, testing, and communications

Your U.S.-based company manufactures children’s clothing and is contemplating expanding their business into the European Union. You are concerned about regulation and compliance. What should your organization examine first?

Answer :
  • BGeneral Data Protection Regulation

You have a well-configured firewall and IDS. Which of the following can BEST steal intellectual property or trade secrets because there is no system auditing?

Answer :
  • BEmployees