I recently learned that I passed the beta exam for CASP that I took back in May. Here are a couple of links to blogs I wrote about CASP, in case you’re interested. CompTIA Advanced Security Practitioner (Beta Exam) , CompTIA Advanced Security Practitioner (CASP).
Update: Get CAS-002 practice test questions here.
If you’re thinking about taking this exam, you may want to see some sample questions. Here are a few questions I wrote just to help me remember what this exam is about.
1. Which of the following methods can be used to detect the use of steganography?
A. Symmetric encryption
B. Asymmetric encryption
C. Integrity checking
D. Authentication
Answers below
2. Which of the following command line tools can you use to create a 128-bit hash?
A. md5sum
B. sha1sum
C. Verify
D. Cipher
Answers below
3. Which of the following can be used to assist in the management of HVAC controls?
A. LDAP
B. NIPS
C. TSIG
D. SCADA
Answers below
4. A web site uses certificates to secure HTTPS transmissions. What can be used to query the CA to verify the certificate is
not revoked?
A. CRL
B. OCSP
C. RA
D. RSA
5. An organization decides to purchase insurance to provide protection against a risk. What are they using?
A. Risk avoidance
B. Risk transference
C. Risk mitigation
D. Risk acceptance
Answers below
6. An organization has created a disaster recovery plan. Additionally, they encrypt valuable data. What basic security principles are they addressing?
A. Confidentiality and integrity
B. Availability and integrity
C. Availability and confidentiality
D. Risk mitigation and risk avoidance
Answers below
7. After a court directed that you need to provide copies of all email sent and received from an employee over the last three years. After investigation, your company realizes it cannot provide all the email copies. Which of the following topics is most relevant?
A. Data ownership policies
B. Offsite storage of data
C. Data retention policies
D. Data backup procedures
Answers below
8. You are researching security requirements for a contract that your company will bid on. You need to get additional information on the security requirements, what would you use?
A. RFP
B. RFQ
C. RFI
D. RFC
Answers below
9. An organization is researching the availability of software to improve internal processes. They want to reduce the potential
risks. What should they use?
A. Develop the software in house
B. Outsource the development of the software
C. Custom develop an available application
D. Use COTS
Answers below
10. The CEO of a company loses his mobile phone and the phone has sensitive data stored on it. What can reduce the risks in this situation?
A. GPS
B. Password protect the phone
C. Remotely wipe the phone
D. Report the loss to the police
Answers below
Answers
1. Which of the following methods can be used to detect the use of steganography?
A. Symmetric encryption
B. Asymmetric encryption
C. Integrity checking
D. Authentication
1. Answer: C
Explanation: Integrity checking can detect the use of steganography by comparing the hash of file calculated at different times. Steganography is the practice of hiding data within data and is often done by modifying the least significant bits in multiple bytes of large files such as graphics or audio files. While these modifications aren’t easy to see or hear, they will cause significant differences in the hashes produced before and after the modifications. Symmetric encryption (using one key) and asymmetric encryption (using a public and private key) provides confidentiality for data, and authentication provides proof of an identity but none of these can detect steganography.
Domain: 1.0 Enterprise Security
SubDomain: 1.1 Distinguish which cryptographic tools and techniques are appropriate for a given situation.
2. Which of the following command line tools can you use to create a 128-bit hash?
A. md5sum
B. sha1sum
C. Verify
D. Cipher
2. Answer: A
Explanation: MD5 is a hashing algorithm that creates 128-bit hashes and md5sum is a command-line application (available as a free download via the Internet) that can calculate the MD5 hash on files. For example, after downloading a program, you can use md5sum.exe to calculate the hash on the downloaded program and compare it to the hash posted on a Web site. Sha1sum.exe will create 160-bit SHA1 hashes. Verify is a Windows command that can verify if files are written correctly to the disk. Cipher is a Windows command that can encrypt files on a NTFS drive.
Domain: 1.0 Enterprise Security
SubDomain: 1.1 Distinguish which cryptographic tools and techniques are appropriate for a given situation.
3. Which of the following can be used to assist in the management of HVAC controls?
A. LDAP
B. NIPS
C. TSIG
D. SCADA
3. Answer: D
Explanation: Supervisory Control and Data Acquisition (SCADA) refers to industrial control systems (like that infected in Iran’s nuclear facilities) and includes heating ventilation and air conditioning (HVAC) controls. LDAP is a used to interact with directories such as Microsoft’s Active Directory. NIPS is used to detect and prevent network intrusions. TSIG is primarily used to protect DNS updates.
Domain: 1.0 Enterprise Security
SubDomain: 1.4 Integrate hosts, networks, infrastructures, applications and storage into secure comprehensive solutions
4. A web site uses certificates to secure HTTPS transmissions. What can be used to query the CA to verify the certificate is
not revoked?
A. CRL
B. OCSP
C. RA
D. RSA
4. Answer: B
Explanation: The Online Certificate Status Protocol (OCSP) allows clients to send a query to a CA with the serial number of a certificate and the CA replies with the status of the certificate. A CA can also publish a certificate revocation list (CRL), but the CRL is not used to query. Instead, the CRL (in the form of a version 2 certificate) is the response to request for the CRL. A RA provides registration services for a CA (when used) but does not verify certificates. RSA is the asymmetric encryption used with public key cryptography.
Domain: 1.0 Enterprise Security
SubDomain: 1.1 Distinguish which cryptographic tools and techniques are appropriate for a given situation.
5. An organization decides to purchase insurance to provide protection against a risk. What are they using?
A. Risk avoidance
B. Risk transference
C. Risk mitigation
D. Risk acceptance
5. Answer: B
Explanation: Risks can be transferred to another entity by purchasing insurance, such as fire or flood insurance. You avoid a risk by avoiding the activity that creates a risk. Risk mitigation refers to taking steps to reduce a risk. Risks can’t be eliminated and the risk that remains after taking steps to manage risk is referred to as residual risk and bit is accepted.
Domain: 2.0 Risk Mgmt, Policy/Procedure and Legal
SubDomain: 2.2 Execute and implement risk mitigation strategies and controls
6. An organization has created a disaster recovery plan. Additionally, they encrypt valuable data. What basic security principles are they addressing?
A. Confidentiality and integrity
B. Availability and integrity
C. Availability and confidentiality
D. Risk mitigation and risk avoidance
6. Answer: C
Explanation: A disaster recovery plan addresses availability and encryption of data addresses confidentiality. Elements of the security triad of confidentiality, integrity, and availability (CIA) are possible answers. Both of these steps are risk mitigation steps; they are attempting to reduce risks for potential losses.
Domain: 2.0 Risk Mgmt, Policy/Procedure and Legal
SubDomain: 2.2 Execute and implement risk mitigation strategies and controls
7. After a court directed that you need to provide copies of all email sent and received from an employee over the last three years. After investigation, your company realizes it cannot provide all the email copies. Which of the following topics is most relevant?
A. Data ownership policies
B. Offsite storage of data
C. Data retention policies
D. Data backup procedures
7. Answer: C
Explanation: If your organization has a data retention policy stating that email is archived for two years and then purged, this can be presented to the court as a reason why a company can’t comply with the order. Data ownership refers to who owns and manages data, but this is not relevant here. Data backups are stored offsite as a contingency in case onsite backups are not available, but this isn’t as relevant as the retention policies. Data backup procedures provide the steps to perform backups, but since the company can provide some copies, there is no indication that the backup procedures are faulty.
Domain: 2.0 Risk Mgmt, Policy/Procedure and Legal
SubDomain: 2.3 Explain the importance of preparing for and supporting the incident response and recovery process
8. You are researching security requirements for a contract that your company will bid on. You need to get additional information on the security requirements, what would you use?
A. RFP
B. RFQ
C. RFI
D. RFC
8. Answer: C
Explanation: A Request for Information (RFI) is a formal method of getting additional information on a contract. This question is an example of how important it is to know the acronyms for CASP and if you know the acronyms, you can easily the questions. RFP is the acronym for Request for Proposal. RFQ is the acronym for Request for Quote. RFC is Request for Comments but is used for networking standards, not contracts.
Domain: 3.0 Research and Analysis
SubDomain: 3.1 Analyze industry trends and outline potential impact to the enterprise
9. An organization is researching the availability of software to improve internal processes. They want to reduce the potential
risks. What should they use?
A. Develop the software in house
B. Outsource the development of the software
C. Custom develop an available application
D. Use COTS
9. Answer: D
Explanation: Commercial Off The Shelf (COTS) software reduces since it is known and tested. Any type of
software development introduces unknown risks.
Domain: 4.0 Integration of Computing, Communications and Business Disciplines
SubDomain: 4.2 Explain the security impact of inter-organizational change
10. The CEO of a company loses his mobile phone and the phone has sensitive stored on it. What can reduce the risks in this situation?
A. GPS
B. Password protect the phone
C. Remotely wipe the phone
D. Report the loss to the police
10. Answer: C
Explanation: The risk is related to the data so if the phone supports remotely clearing the data (remote wipe), this is the best solution. While GPS may help locate the phone doesn’t prevent someone from viewing the sensitive data. At this point, it is too late to password protect the phone. Reporting it to the police is a necessary step, but it is doubtful it will protect the data.
Domain: 4.0 Integration of Computing, Communications and Business Disciplines
SubDomain: 4.3 Select and distinguish the appropriate security controls with regard to communications and collaboration
If there are sims what can we use to study for them?
I don’t know of any focused on CASP. However, if you’ve taken and passed the Security+ exam, you’ve seen how you can be tested by performance-based questions. I suspect that many of the same questions have been used in both exams. Also, some CASP practice test questions are available here.
I’m looking at taking the CAS V002 Test
Are there any simulations or just q and A?
Yes.
https://certification.comptia.org/certifications/comptia-advanced-security-practitioner#examdetails
Does anyone know of any sites that have simulation practice for the CASP CAS-001 exam
That would be nice to have it.
Does anyone know of any sites that have simulation practice for the CASP CAS-001 exam
That part of the exam kicked my butt twice
Congrats on the Security+ pass. This link shows multiple CASP blogs that might help you: https://blogs.getcertifiedgetahead.com/category/comptia/casp/. Good luck.
I took my Security+ on Tuesday and passed it . I am playing to take CASP in year 2013. Do you have any tips for me . I have been it for 21 years. Cureent role PC LAN TECH supporting 300 E U on my site. I am the loacal Admin for my site as well. Thanks
Sorry, but I don’t have any plans to do so at this time. I may do so once I complete some other projects.
Will you be creating a practice examthat you can sell like you did for “Get Certified Get Ahead SY0-301 Practice Test Questions” ?????
Hi Joe,
You’re correct. The bad thing about a blog is I don’t have the benefit of any editors helping me but the great thing about a blog is that I can easily correct it.
Thanks.
Darril
i believe this question has incorrect answer selected, the Explanation describes answer C.
6. An organization has created a disaster recovery plan. Additionally, they encrypt valuable data. What basic security principles are they addressing?
A. Confidentiality and integrity
B. Availability and integrity
C. Availability and confidentiality
D. Risk mitigation and risk avoidance
6. Answer: B
Explanation: A disaster recovery plan addresses availability. Encryption of data addresses confidentiality. Elements of the security triad of confidentiality, integrity, and availability (CIA) are possible answers. Both of these steps are risk mitigation steps; they are attempting to reduce risks for potential losses.