CASP Exam Questions with Correct Answers

A company has hired a new Chief Financial Officer (CFO) who has requested to be shown the ALE for a project implemented 4 years ago. The project had implemented a clustered pair of high end firewalls that cost $164,000 each at the beginning of the project. 2 years after the project was implemented, two line cards were added to each firewall that cost $3,000 each. The ARO of a fire in the area is 0.1, and the EF for a fire is 50%. Given that no fire has occurred since implementation, which of the following is the ALE? Correct Answer D. The ALE is 8,500 A project manager needs to decide between options to proceed with implementation. The three options are outlined as: Option 1: Cost to implement: $2,000. SLE: $4,000. Likelihood of occurrence: once per quarter Option 2: Cost to implement: $5,000. SLE: $4,000. Likelihood of occurrence: once every two years Option 3: Cost to implement: $1,000. SLE: $1,000. Likelihood of occurrence: once every 6 months Which of the following options gives the LOWEST TCO? Correct Answer Option 3 - CTE:1000, SLE:1000 When reviewing the various logs on a mission-critical application server, the server administrator first reviews the system log and determines that everything appears normal. Next, the administrator reviews the security log and finds a period of eight hours where no events have been recorded. What is the MOST likely explanation? Correct Answer D. Audit logging has been turned off. The online banking credentials of the Chief Executive Officer (CEO) of a research company were recently compromised. Despite the fact that banks no longer require frequent password changes, the CEO frequently changed this password. Now, because of the experience, the CEO questions the value of routine password changes at the company. Which of the following communicates the BEST approach for the company's security policies? Correct Answer C. The nature of the research company's threat may be different from banks, so the company should consider the specific threats it needs to address. The company develops a wide array of proprietary software for its clients utilizing an agile development methodology. Many of the company's prominent products use various open source libraries. Recently, a vulnerability in an open source security library allowed malicious attackers to bypass certificate revocation lists to compromise secure data. Which of the following is BEST implemented to help prevent this in the future? Correct Answer The company should include the open source libraries in its code review process at regular intervals during the SDLC. A penetration tester is preparing for a client engagement in which the tester must provide data that proves and validates the scanning tools' results. Which of the following is the BEST method for collecting this information? Correct Answer B. Use a protocol analyzer to log all pertinent network traffic. A large company has recently merged with a smaller company. The smaller company primarily uses certificate based authentication for connecting its users to its web-based services and back-end applications. The larger company has mainly terminal service-based applications that rely on Active Directory for a Single Sign-On solution. The security administrator for the merged organization has decided to federate the companies to support the delegated administration, authorization, and authentication. Which of the following solutions will the administrator MOST likely select? Correct Answer A. The administrator will need to reconfigure one of the company's servers to support the others's authentication type. Then the administrator can use SAML to meet the goals of federation. An organization has configured a set of hosts in such a way that only authorized programs and tools are allowed to execute for all accounts. After an intrusion was detected on one of the fully patched hosts, it was discovered that malware was able to execute in spite of this configuration being active. Which of the following may have occurred? (Select TWO). Correct Answer B. The malware was injected into the running process of an allowed application C. The whitelist used only executable names for enforcement Company XYZ has a large sales force that works from home. To increase sales effectiveness and reduce travel costs, the company purchased video conferencing equipment for all home offices. Since using the video conferencing equipment, some customers have begun to demand lower prices. The company's senior officers suspect these customers know the company's margins, because members of the sales force keep printed proprietary information in their home offices. Which of the following represents the BEST immediate response action while the security team develops a more complete response? Correct Answer C. Enforce a clear field of view policy during customer teleconferences. An audit report against a sensitive database system lists a number of vulnerabilities that must be addressed by the system administrator. More specifically, the system administrator must address specific operating system configuration lockdown to ensure the confidentiality, integrity, and availability of the information stored within the system. Which of the following should the administrator address to secure the operating system? (Select THREE). Correct Answer A. Configuring IPv4 and IPv6 dual stack G. Monitoring file permissions H. Enabling database record encryption A security assurance officer is preparing a plan to measure the technical state of a customer's enterprise. The testers employed to perform the audit will be given access to the customer facility and network. The testers will not be given access to the details of custom developed software used by the customer. However, the testers will have