FREE CompTIA Advanced Security Practitioner (CASP+) MCQ Questions and Answers

Question 1

What method allows for the creation of many, independent user-space instances that all share the same underlying operating system kernel?

Accepted Answer

Containerization

Answer

Applications running on the same operating system are isolated by containerization. On a single operating system, it makes it possible to execute numerous isolated programs. Containerization does not offer kernel separation, in contrast to conventional server virtualization.
Data storage and retrieval are made possible by a program known as a DBMS (database management system).

Question 2

The database server is operated by Acme Inc. The server and its data are valued at $10,000. The operating system on the server is outdated and cannot be patched. According to your calculations, there is a 20% risk that the server would be compromised in the upcoming year, and that compromise would result in the loss of 50% of the server's value (i.e., all of the data).

What is the SLE from the standpoint of a quantitative risk assessment?

Accepted Answer

$5,000

Answer

The quantity of loss anticipated in the event of a single loss is known as SLE. The SLE equation is:
EF x AV = SLE
The value of an asset is its AV (asset value). The answer informs us that AV is $10,000.
The EF (exposure factor) measures the percentage likelihood that a specific threat will have an effect on a given asset. According to the question, a compromise would result in a 50% reduction in value. EF thus equals 50%.
The question's SLE formula is as follows:
SLE = $10,000 x 0.50
SLE = $5,000

Question 3

You've been employed as a penetration tester to examine Acme Inc.'s network. You were explicitly tasked with looking for vulnerabilities such as incorrect settings, outdated software, and open ports.

What kind of tools should you employ?

Accepted Answer

Vulnerability scanner

Answer

A vulnerability scanner can check for a number of security flaws, including incorrect setups, outdated software, unpatched vulnerabilities, and open ports. Nessus is one of the most well-liked vulnerability detectors.
Sniffing software, often known as protocol analyzers, gathers unprocessed packets sent over the communication connection. In a process known as device fingerprinting, network enumerators scan the network and collect data on users, groups, shares, and services that are visible. Password crackers accomplish exactly what their name implies and are self-explanatory.

Question 4

Which of the following DOES NOT fall under a GDPR data classification?

Accepted Answer

Symmetric

Answer

An EU (European Union) data privacy regulation known as GDPR (General Data Protection Regulation) gives data subjects a number of rights and enforces privacy and data security standards relating to how enterprises handle data belonging to EU individuals.
The four data classifications under GDPR are as follows:
Internal only
Public
Restricted
Confidential

Question 5

Your business spent three months at its hot site following a natural disaster before moving back to the main location. Which processes at the main site ought to be reinstated first?

Accepted Answer

The least important aspect of the business

Answer

When describing the sequence of restoration between the hot site and the primary site in the context of business recovery from a natural disaster, it is inaccurate to argue that any part of the business is "least significant." Based on the importance and dependencies of various business operations and processes, the restoration priorities should be set.
The restoration process often entails evaluating the effect of the natural disaster on various business aspects and allocating restoration activities according to priority. Although the primary site is crucial, it might not necessarily be restored first if other vital operations need to be attended to.

CASP+ - CompTIA Advanced Security Practitioner Practice Test

CASP+ - CompTIA Advanced Security Practitioner Practice Test

FREE CompTIA Advanced Security Practitioner (CASP+) MCQ Questions and Answers