FREE CompTIA Advanced Security Practitioner (CASP+) Questions and Answers
Which of the following is an improvement on Electronic Code Book (ECB) block cipher mode that connects each block together before being applied to the following block?
Blocks are chained together in cipher block chaining (CBC) because every resultant 64-bit ciphertext block is applied to the following block. CBC is thought to be an improvement to ECB, in part because it addresses the issues brought on by the ECB's requirement to individually encrypt each block of plaintext (which can leak information about the underlying data to eavesdroppers).
CBC is one of the cipher modes that can be used with the Advanced Encryption Standard (AES), a sort of block cipher, however, AES is not a cipher mode in and of itself.
Block ciphering and stream ciphering are both used in cipher feedback (CFB).
Output feedback (OFB): Employs stream ciphering and block ciphering with 8-bit or smaller blocks, and uses the key from the previous keystream to construct the next keystream.
Similar to OFB, counter mode (CTR) uses an incrementing IV counter to make sure that every block is encrypted with a different keystream.
What among the following DOES NOT constitute an open-source intelligence (OSINT) source?
Data used in open-source intelligence (OSINT) is obtained from open sources. Potential sources of OSINT data include social media, the deep web, WHOIS and DNS records, as well as other open data sources.
A ping scan takes place exclusively within a local area network (LAN) and is not disclosed to the general public. Consequently, a ping scan is not an OSINT source.
A cloud storage company is Acme Cloud. A threat actor recently gained access to and successfully decrypted data from one of Acme Cloud's servers. However, the insufficient nature of the data prevented the threat actor from using it. Prior to the breach, Acme Cloud divided and re-encrypted the customer data among various servers.
What phrase best defines the method Acme Cloud uses to divide the data in order to lessen the chance of data leakage?
Data is divided into smaller chunks, encrypted, and distributed across various storage locations using the bit splitting process. The data is meaningless if a threat actor compromises just one place.
Key escrow is the process of keeping an encryption key with a third party so that it can be produced when requests for decryption are made.
Data is encrypted using a stream cipher using a byte-by-byte or bit-by-bit approach.
Building a management layer to help implement control over an app without really changing it is called "application wrapping."
What kinds of services are utilized to supply network resources like users, servers, printers, and other organizational information?
The purpose of directory services is to give organizational data on users, servers, printers, and other network resources. An illustration of a directory service protocol is LDAP.
A federation is a collection of domains that have mutual trust.
A method of directly linking two networks is peering.
A command called STARTTLS is used to start using encrypted network communications.
Which hierarchical type of the following, which uses certificate authorities (CAs), registration authorities (RAs), and central directory/distribution management to build their trust model, is used by MOST organizations when implementing PKI?
A hierarchical chain of trust model, which includes a minimum of three key elements, is often the foundation of PKI infrastructure.
To bind a public key to a particular entity, certificate authorities (CAs), at the top of the model, issue certificates.
User requests for digital certificates are checked by registration authorities (RAs).
Management of central directories and distribution - Maintains and manages the issued certificates.
As a security engineer at Acme Inc., you proactively look for and uncover security threats and process problems in your production environment by using a variety of automated tools, parsing logs, analyzing configurations, and carrying out manual testing.
Which phrase does BEST capture these activities?
The process of finding dangers and problems that less proactive security tools and processes do not is known as threat hunting. Threat hunting aids in the discovery of threats that instruments such as signature-based scanners may overlook.
The technique of checking an endpoint for dangerous software is known as malware scanning. Not all of the activities listed in the question are covered by it.
Port scanning is the process of looking through an endpoint's open network ports. Not all of the activities listed in the question are covered by it.
Understanding a threat's intricate workings will help you reduce its potential impact and exposure.
Which method among the following modifies routing tables to filter out undesired traffic before it reaches a destination network?
A router security method called RTBH (remotely triggered black hole) filtering modifies routing tables to block undesirable traffic before it reaches a destination network. DDoS (distributed denial of service) assaults on network devices can be avoided with the use of RTBH filtering.
Many Cisco devices have a feature called port security that restricts ingress traffic on a port to a certain MAC address. The layer 2 (data link layer) feature has no immediate effect on routing tables.
Connections are received by a reverse proxy, which then passes them to the origin server.
Multiple network connections can be implemented using the multihoming approach on a single endpoint or network device.