CompTIA Advanced Security Practitioner (CASP+)(CAS-004) Quiz Questions and Answers
One of the biggest tasks as a security professional is identifying vulnerabilities. What is the
difference between a vulnerability and a threat?
Answer :
A vulnerability is a weakness in system design, procedure, or code. A threat is the
circumstance or likelihood of a vulnerability being exploited
Several servers went offline since an update was pushed out. Other servers without that
patch are still operational but vulnerable to attack. As the security administrator, you
must ensure that critical servers are patched while minimizing downtime. What is the best
strategy to minimize risk?
Answer :
All updates are tested in a lab before deployment.
Your organization is in the middle of a risk assessment for a new network infrastructure
upgrade. All planning is complete, and your plan must include which security controls are
to be put in place during each stage of the upgrade. What risk response is most likely being
considered while creating an SLA contract with a third party?
Answer :
Transferring risk
A small insurance business implemented least privilege. Management is concerned that staff
might accidentally aid in fraud with the customers. Which of the following addresses security
concerns with this risk?
Answer :
BSecurity awareness training
A competitor of your company was hacked, and the forensics show it was a social engineering
phishing attack. What is the first thing you do to prevent this from happening at
your company?
Answer :
AEducate all employees about social engineering risks and countermeasures.
You are employed in a high-risk, geographically diverse production environment. Which of
these options would be the BEST reason to deploy link encryption to reduce risk?
Answer :
ALink encryption provides better flow confidentiality and routing.
Your manufacturing organization implemented a new vulnerability management tool. As
the security analyst, you are tasked with creating a successful process for vulnerability
assessment. What do you have to fully understand before assuming this task?
Answer :
BRisk assessments and threat identification
Your company needs to decide on a data backup plan strategy. You established your RPO
as 8 hours, and your RTO after any disaster, man-made or natural, as 48 hours. These
RTOs were established by the business owner while developing the BIAThe RTO includes
which of the following?
Answer :
ARecovery, testing, and communications
Your U.S.-based company manufactures children’s clothing and is contemplating expanding
their business into the European Union. You are concerned about regulation and compliance.
What should your organization examine first?
Answer :
BGeneral Data Protection Regulation
You have a well-configured firewall and IDS. Which of the following can BEST steal intellectual
property or trade secrets because there is no system auditing?
