Assessment Flashcards Preview

CompTIA CASP+ > Assessment > Flashcards

Flashcards in Assessment Deck (30)
Loading flashcards...
1
Q
Which of the programming languages is particularly vulnerable to buffer overflows? 
A. .Net
B. Pascal
C. C
D. Basic
A

C. The C programming language is particularly vulnerable to buffer overflows. This is because some functions do not perform proper bounds checking.

2
Q
Which of the following is not considered one of the three principles of security?
A. Integrity 
B. Non-Repudiation 
C. Availability 
D. Confidentiality
A

B. Non-repudiation is not considered one of the three principles of security.

3
Q
Many organizations start the preemployment process with a \_\_\_\_\_\_\_\_\_\_ check.
A. Marriage
B. Background 
C. Height
D. Golf Handicap
A

B. Many organizations start the preemployment process with a background check. This process is done to make sure the right person is hired for the job.

4
Q
In cryptography, the process of converting clear text into something that is unreadable is known as \_\_\_\_\_\_\_\_\_\_.
A. Encryption 
B. Plain text
C. Digital signature 
D.  Cryptanalysis
A

A. In cryptography, the process of converting clear text into something that is unreadable is known as encryption.

5
Q
Which transport protocol is considered connection-based?
A. IP
B. TCP
C. UDP
D. ICMP
A

B. TCP is considered a protocol, whereas UDP is considered connectionless.

6
Q

Which of the following is not an advantage of cloud computing?
A. Reduced cost
B. The ability to access data and applications from many locations
C. Increased cost
D. The ability to pay as you go

A

C. Although there are many benefits to cloud computing, increased cost is not one of them. Cloud computing is designed to lower costs.

7
Q
The term ACL is most closely related to which of the following? 
A. Hub 
B. Switch 
C. Bridge 
D. Router
A

D. The term ACL is most closely related to a router. ACLs are used as a traffic control.

8
Q
A \_\_\_\_\_\_\_\_\_\_ is used to maintain session or state when moving from one web page to another. 
A. Browser 
B. Cookie 
C. Session ID 
D. URL
A

B. A cookie is used to maintain state when moving from one web page to another.

9
Q
In the study of cryptography, \_\_\_\_\_\_\_\_\_\_ is used to prove the identity of an individual. 
A. Confidentially
B. Authenticity 
C. Integrity
D. Availability
A

B. In the study of cryptography, authenticity is used to prove the identity of an individual.

10
Q
Kali is an example of what? 
A. Linux bootable distribution 
B. Session hijacking 
C. Windows bootable preinstall program 
D. VoIP capture tool
A

A. Kali is an example of a Linux bootable distribution. It is one of the items on the CASP+ tools and technology list.

11
Q
Which of the following is the basic transport protocol for the web? 
A. HTTP 
B. UDP 
C. TFTP 
D. FTP
A

A. HTTP is the basic transport protocol for the web. HTTP uses TCP as a transport.

12
Q
Which type of attack does not give an attacker access but blocks legitimate users? 
A. Sniffing 
B. Session hijacking
C. Trojan 
D. Denial of service
A

D. A denial of service does not give an attacker access but blocks legitimate users.

13
Q
IPv4 uses addresses of what length in bits? 
A. 8 
B. 16 
C. 32 
D. 64
A

C. IPv4 uses 32-bit addresses, whereas IPv6 uses 128-bit addresses.

14
Q
\_\_\_\_\_\_\_\_\_\_ can be used as a replacement for POP3 and offers advantages over POP3 for mobile users.
A. SMTP 
B. SNMP 
C. POP3 
D. IMAP
A

D. IMAP can be used as a replacement for POP3, and it offers advantages over POP3 for mobile users, such as remote mail and folder management, so it’s easier to view from multiple locations.

15
Q
What port does HTTP use by default? 
A. 53 
B. 69 
C. 80 
D. 445
A

C. HTTP uses port 80 by default.

16
Q
Which type of agreement requires the provider to maintain a certain level of support? 
A. MTBF 
B. SLA 
C. MTTR 
D. AR
A

B. A service level agreement (SLA) requires the provider to maintain a certain level of support.

17
Q
\_\_\_\_\_\_\_\_\_\_ is the name given to fake mail over Internet telephony. 
A. SPAM 
B. SPIT 
C. SPIM 
D. SPLAT
A

B. The acronym SPIT stands for Spam over Internet Telephony.

18
Q
Which high-level document is used by management to set the overall tone in an organization? 
A. Procedure 
B. Guideline 
C. Policy 
D. Baseline
A

C. A policy is a high-level document used by management to set the overall tone.

19
Q
Which method of encryption makes use of a single shared key? 
A. RSA 
B. ECC 
C. DES 
D. MD5
A

C. DES makes use of a single shared key, and it is an example of symmetric encryption.

20
Q
\_\_\_\_\_\_\_\_\_\_ prevents one individual from having too much power in an organization. 
A. Dual control 
B. Separation of duties 
C. Mandatory vacation 
D. An NDA
A

B. Separation of duties prevents one individual from having too much power.

21
Q

__________ is an example of virtualization software. A. VMware
B. TSWEB
C. LDAP
D. GoToMyPC

A

A. VMware is an example of virtualization. These tools are very popular today, and they are required knowledge for the CASP+ exam.

22
Q
What is the purpose of Wireshark? 
A. Sniffer 
B. Session hijacking 
C. Trojan 
D. Port scanner
A

A. Wireshark is a well-known open-source packet capture and sniffer program. Although packet sniffers are not malicious tools, they can be used to capture clear-text usernames and passwords.

23
Q
One area of policy compliance that many companies need to address is in meeting the credit card \_\_\_\_\_\_\_\_\_\_ security standards. 
A. SOX 
B. PCI DSS 
C. GLB 
D. HIPAA
A

B. One area of policy compliance that many companies need to address is in meeting the Payment Card Industry Data Security Standard (PCI DSS).

24
Q
The OSI model consists of how many layers? 
A. Three 
B. Five 
C. Seven 
D. Eight
A

C. The OSI model consists of seven layers: Physical, Data Link, Network, Transport, Session, Presentation, and Application.

25
Q
Which set of regulations covers the protection of medical data and personal information? 
A. HIPAA 
B. GLBA 
C. SOX 
D. GDPR
A

A. HIPAA covers the protection of medical data and personal information.

26
Q
\_\_\_\_\_\_\_\_\_\_\_\_ is a well-known incident response, computer forensic, and e-discovery tool. 
A. PuTTY 
B. Hunt 
C. Firesheep 
D. Helix3
A

D. Helix3 is a well-known incident response, computer forensic, and e-discovery tool. Helix is required knowledge for the exam.

27
Q
Shawn downloads a program for his iPhone that is advertised as a game yet actually tracks his location and browser activity. This is best described as a \_\_\_\_\_\_\_\_\_\_? 
A. Virus 
B. Worm 
C. Trojan 
D. Spam
A

C. Shawn downloads a program for his iPhone that is advertised as a game yet actually tracks his location and browser activity. This is best described as a Trojan. Trojans typically present themselves as something the user wants, when in fact they are malicious.

28
Q
\_\_\_\_\_\_\_\_\_\_ is used to send mail and to relay mail to other SMTP mail servers and uses port 25 by default. 
A. SMTP 
B. SNMP 
C. POP3 
D. IMAP
A

A. SMTP is used to send mail and to relay mail to other SMTP mail servers and uses port25 by default. You should have a basic understanding of common ports and applications such as SMTP, POP3, and IMAP for the exam.

29
Q
\_\_\_\_\_\_\_\_\_\_ is used to prevent a former employee from releasing confidential information to a third party. 
A. Dual control 
B. Separation of duty 
C. Mandatory vacation 
D. NDA
A

D. A nondisclosure agreement (NDA) is used to prevent a former employee from releasing confidential information to a third party.

30
Q
Which technique helps detect if an employee is involved in malicious activity? 
A. Dual controls 
B. Separation of duties 
C. Mandatory vacations 
D. NDAs
A

C. Mandatory vacations allow for the review of an employee’s duties while they are not onduty.