CompTIA CASP+ CAS-004 Practice Test
Fast practice, instant feedback. Timer auto-submits when time’s up.
Avg score: 0% Most missed: “A production server has been compromised. Which of the following is the best way…”

The CASP+ certification is suited to professionals who want to be immersed in technology as a practitioner, while the CISSP is suited for those who want to be in management or move into management. The CISSP focuses on management strategies, practices and principles.

CompTIA CASP+ CAS-004 Practice Test
Time left 00:00
25 Questions

1. A small bank is introducing online banking to its customers through its new secured website. The firewall has three interfaces – one for the Internet connection, another for the DMZ, and the third for the internal network. Which of the following will provide the most protection from all likely attacks on the bank?
2. A network engineer at Company ABC observes the following raw HTTP request:
GET /disp_reports.php?SectionEntered=57&GroupEntered=- 1&report_type=alerts&to_date=01-01-0101&Run= Run&UserEntered=dsmith&SessionID=5f04189bc&from_date=31-10-2010&TypesEntered=1
HTTP/1.1
Host: test.example.net Accept: */*
Accept-Language: en Connection: close
Cookie: java14=1; java15=1; java16=1; js=1292192278001;
Which of the following should be the engineer’s greatest concern?
3. An employee was terminated and promptly escorted to their exit interview, after which the employee left the building. It was later discovered that this employee had started a consulting business using screenshots of their work at the company which included live customer data. This information had been removed through the use of a USB device. After this incident, it was determined a process review must be conducted to ensure this issue does not recur. Which of the following business areas should primarily be involved in this discussion?
4. A breach at a government agency resulted in the public release of top-secret information. The Chief Information Security Officer has tasked a group of security professionals to deploy a system that will protect against such breaches in the future. Which of the following can the government agency deploy to meet future security needs?
5. Which of the following is the capability to correct flows in the existing functionality without affecting other components of the system?
6. A corporate executive lost their smartphone while on an overseas business trip. The phone was equipped with file encryption and secured with a strong passphrase. The phone contained over 60 GB of proprietary data. Given this scenario, which of the following is the best course of action?
7. An IT administrator has installed new DNS name servers (Primary and Secondary), which are used to host the company MX records and resolve the web server’s public address. To secure the zone transfer between the primary and secondary servers, the administrator uses only server ACLs. Which of the following attacks could the secondary DNS server still be susceptible to?
8. Which of the following activities could reduce the security benefits of mandatory vacations?
9. The company is about to upgrade a financial system through a third party, but wants to legally ensure that no sensitive information is compromised throughout the project. The project manager must also make sure that internal controls are set to mitigate the potential damage that one individual’s actions may cause. Which of the following needs to be put in place to make certain both organizational requirements are met?
10. A production server has been compromised. Which of the following is the best way to preserve the non-volatile evidence?
11. An extensible commercial software system was upgraded to the next minor release version to patch a security vulnerability. After the upgrade, an unauthorized intrusion into the system was detected. The software vendor is called in to troubleshoot the issue, who reports that all core components were updated properly. Which of the following has been overlooked in securing the system?
12. A firm’s Chief Executive Officer (CEO) is concerned that its IT staff lacks the knowledge to identify complex vulnerabilities that may exist in the payment system being internally developed. The payment system being developed will be sold to several organizations and is in direct competition with another leading product. The CEO highlighted, in a risk management meeting, that code-based confidentiality is of utmost importance to allow the company to exceed the competition in terms of product reliability, stability, and performance. The CEO also highlighted that the company’s reputation for security products is extremely important. Which of the following will provide the most thorough testing and satisfy the CEO’s requirements?
13. The IT department of a pharmaceutical research company is considering whether the company should allow or block access to social media websites during lunchtime. The company is considering the possibility of allowing access only through the company’s guest wireless network, which is logically separated from the internal research network. The company prohibits the use of personal devices; therefore, such access will take place from company-owned laptops. Which of the following is the highest risk to the organization?
14. A company has decided to use the SDLC for the creation and production of a new information system. The security administrator is training all users on how to protect company information while using the new system, along with being able to recognize social engineering attacks. Senior Management must also formally approve the system before it goes live. In which of the following phases would these security controls take place?
15. A technician states that workstations that are on the network in location B are unable to validate certificates, while workstations that are on the main location A’s network are having no issues. Which of the following methods allows a certificate to be validated by a single server that returns the validity of that certificate?
16. An intruder was recently discovered inside the data center, a highly sensitive area. To gain access, the intruder circumvented numerous layers of physical and electronic security measures. Company leadership has asked for a thorough review of physical security controls to prevent this from happening again. Which of the following departments is the most heavily invested in rectifying the problem?
17. Company ABC has recently completed the connection of its network to a national high-speed private research network. Local businesses in the area are seeking sponsorship from Company ABC to connect to the high-speed research network by directly connecting through Company ABC’s network. Company ABC’s Chief Information Officer (CIO) believes that this is an opportunity to increase revenues and visibility for the company, as well as promote research and development in the area. Which of the following must Company ABC require of its sponsored partners to document the technical security requirements of the connection?
18. Company ABC is planning to outsource its Customer Relationship Management system (CRM) and marketing/leads management to Company XYZ.
Which of the following is the most important to be considered before going ahead with the service?
19. As a cost-saving measure, a company has instructed the security engineering team to allow all consumer devices to be able to access the network. They have asked for recommendations on what is needed to secure the enterprise, yet offer the most flexibility in terms of controlling applications, and stolen devices. Which of the following is best suited for the requirements?
20. A company that manufactures ASICs for use in an IDS wants to ensure that the ASICs’ code is not prone to buffer and integer overflows. The ASIC technology is copyrighted and the confidentiality of the ASIC code design is exceptionally important. The company is required to conduct internal vulnerability testing as well as testing by a third party. Which of the following should be implemented in the SDLC to achieve these requirements?
21. On Monday, the Chief Information Officer (CIO) of a state agency received an e-discovery request for the release of all emails sent and received by the agency board of directors for the past five years. The CIO has contacted the email administrator and asked the administrator to provide the requested information by the end of the day on Friday. Which of the following has the greatest impact on the ability to fulfill the e-discovery request?
22. A security administrator needs a secure computing solution to use for all of the company’s security audit log storage, and to act as a central server to execute security functions from. Which of the following is the best option for the server in this scenario?
23. The security administrator at a bank is receiving numerous reports that customers are unable to log in to the bank website. Upon further investigation, the security administrator discovers that the name associated with the bank website points to an unauthorized IP address. Which of the following solutions will most likely mitigate this type of attack?
24. 'The system shall implement measures to notify system administrators before a security incident occurs.
' Which of the following BEST restates the preceding statement to allow it to be implemented by a team of software developers?
25. A user logs into domain A using a PKI certificate on a smartcard protected by an 8-digit PIN. The credential is cached by the authenticating server in domain A. Later, the user attempts to access a resource in domain B. This initiates a request to the original authenticating server to somehow attest to the resource server in the second domain that the user is in fact who they claim to be. Which of the following is being described?