Home > Articles

This chapter is from the book

This chapter is from the book

CompTIA Advanced Security Practitioner (CASP) CAS-003 Cert Guide, 2nd EditionCompTIA Advanced Security Practitioner (CASP) CAS-003 Cert Guide, 2nd Edition

Learn More Buy

This chapter is from the book

This chapter is from the book

CompTIA Advanced Security Practitioner (CASP) CAS-003 Cert Guide, 2nd EditionCompTIA Advanced Security Practitioner (CASP) CAS-003 Cert Guide, 2nd Edition

Learn More Buy

Review Questions

  1. Your organization has recently been the victim of fraud perpetrated by a single employee. After a thorough analysis has been completed of the event, security experts recommend that security controls be established to require multiple employees to complete a task. Which control should you implement, based on the expert recommendations?

    1. mandatory vacation

    2. separation of duties

    3. least privilege

    4. continuous monitoring

  2. Your company has recently decided to switch Internet service providers. The new provider has provided a document that lists all the guaranteed performance levels of the new connection. Which document contains this information?

    1. SLA

    2. ISA

    3. MOU

    4. IA

  3. Your organization has signed a new contract to provide database services to another company. The partner company has requested that the appropriate privacy protections be in place within your organization. Which document should be used to ensure data privacy?

    1. ISA

    2. IA

    3. NDA

    4. PII

  4. Your organization has recently undergone major restructuring. During this time, a new chief security officer (CSO) was hired. He has asked you to make recommendations for the implementation of organizational security policies. Which of the following should you not recommend?

    1. All personnel are required to use their vacation time.

    2. All personnel should be cross-trained and should rotate to multiple positions throughout the year.

    3. All high-level transactions should require a minimum of two personnel to complete.

    4. The principle of least privilege should be implemented only for all high-level positions.

  5. What is the primary concern of PII?

    1. availability

    2. confidentiality

    3. integrity

    4. authentication

  6. Which of the following is an example of an incident?

    1. an invalid user account’s login attempt

    2. account lockout for a single user account

    3. several invalid password attempts for multiple users

    4. a user attempting to access a folder to which he does not have access

  7. What is the first step of a risk assessment?

    1. Balance threat impact with countermeasure cost.

    2. Calculate threat probability and business impact.

    3. Identify vulnerabilities and threats.

    4. Identify assets and asset value.

  8. During a recent security audit, your organization provided the auditor with an SOA. What was the purpose of this document?

    1. to identify the controls chosen by an organization and explain how and why the controls are appropriate

    2. to document the performance levels that are guaranteed

    3. to document risks

    4. to prevent the disclosure of confidential information

  9. Which document requires that a vendor reply with a formal bid proposal?

    1. RFI

    2. RFP

    3. RFQ

    4. agreement

  10. Your company has decided to deploy network access control (NAC) on the enterprise to ensure that all devices comply with corporate security policies. Which of the following should be done first?

    1. Develop the process for NAC.

    2. Develop the procedures for NAC.

    3. Develop the policy for NAC.

    4. Implement NAC.

Pearson IT Certification Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Pearson IT Certification and its family of brands. I can unsubscribe at any time.