D488 - Cybersecurity Architecture and Engineering (CASP+)
D488 - CYBERSECURITY
ARCHITECTURE AND ENGINEERING
(CASP+) | VERIFIED REVISION
QUESTIONS AND CORRECT ANSWERS
FOR GRADE A+
ANSWERS ARE GIVEN AT END OF EVERY QUESTION
A/an __________________ arises from an actor the organization has identified
and granted access. Which type of threat actor could intentionally delete key files
after being given access to sensitive systems?
A. Hacktivist
B. Organized crime
C. Insider threat
D. Competitor
C. Insider threat
An administrator creates a SPAN port that feeds traffic to a security tool. The
security tool monitors suspicious network traffic and does not block traffic. What
type of tool is used?
A. NIPS (network intrusion prevention system)
B. NIDS (network intrusion detection system)
1|Page
,D488 - Cybersecurity Architecture and Engineering (CASP+)
C. FIM (File Integrity Monitoring)
D. DLP (Data Loss Prevention)
B. NIDS (network intrusion detection system)
After a Certifying Authority accredits a system, what formal letter is granted to
the system owner, allowing the system to operate for a period of three years?
A. Certification
B. POAM (Plan of Actions and Milestones)
C. ATO (Authorization to Operate)
D. Accreditation
C. ATO (Authorization to Operate)
After a system compromise, a security engineer attempts to connect to an
adversary's system as a hack-back action. What incident type does the engineer
respond to?
A. Data exfiltration
B. Ransomware
C. Social Engineering
D. Triage Event
A. Data exfiltration
2|Page
,D488 - Cybersecurity Architecture and Engineering (CASP+)
APIs play a major role in interacting with which technology that allows
applications to run independently in virtual instances?
A. SOAR (Security orchestration, automation, and response)
B. IdP (identity provider)
C. Containers
D. Traditional VMs
C. Containers
Application developers place a new piece of software under a stress test. During
the process, it is discovered that default administrative credentials set within the
software cause a vulnerability. What vulnerability is a concern to the team?
A. Security misconfiguration
B. Poor exception handling
C. Weak cryptography implementations
D. Information disclosure
A. Security misconfiguration
An application is experiencing a security flaw where the system checks the state
of a resource, but by the time it performs an action based on that check, the
resource has changed state. What is this issue called?
3|Page
, D488 - Cybersecurity Architecture and Engineering (CASP+)
A. ASLR (Address Space Layout Randomization)
B. Race condition
C. DEP (Data Execution Protection)
D. TOC (Time of Check)
D. TOC (Time of Check)
An application server is the constant target of a buffer overflow exploit. To
prevent further attacks, a systems administrator uses an operating system with
data execution protection (DEP). How does this solution proactively help to
prevent a buffer overflow?
A. Identify areas of memory that contain executable code
B. Boundary checks prior to using data
C. Applying security patches
D. Unable to locate the memory addresses
A. Identify areas of memory that contain executable code
An application specialist suggests using a particular application in a virtualized
environment to avoid configuring additional workstations for the sake of using
one piece of software. What does the specialist suggest using?
A. Containers
B. Thin client
C. Minimal OS
4|Page
D488 - CYBERSECURITY
ARCHITECTURE AND ENGINEERING
(CASP+) | VERIFIED REVISION
QUESTIONS AND CORRECT ANSWERS
FOR GRADE A+
ANSWERS ARE GIVEN AT END OF EVERY QUESTION
A/an __________________ arises from an actor the organization has identified
and granted access. Which type of threat actor could intentionally delete key files
after being given access to sensitive systems?
A. Hacktivist
B. Organized crime
C. Insider threat
D. Competitor
C. Insider threat
An administrator creates a SPAN port that feeds traffic to a security tool. The
security tool monitors suspicious network traffic and does not block traffic. What
type of tool is used?
A. NIPS (network intrusion prevention system)
B. NIDS (network intrusion detection system)
1|Page
,D488 - Cybersecurity Architecture and Engineering (CASP+)
C. FIM (File Integrity Monitoring)
D. DLP (Data Loss Prevention)
B. NIDS (network intrusion detection system)
After a Certifying Authority accredits a system, what formal letter is granted to
the system owner, allowing the system to operate for a period of three years?
A. Certification
B. POAM (Plan of Actions and Milestones)
C. ATO (Authorization to Operate)
D. Accreditation
C. ATO (Authorization to Operate)
After a system compromise, a security engineer attempts to connect to an
adversary's system as a hack-back action. What incident type does the engineer
respond to?
A. Data exfiltration
B. Ransomware
C. Social Engineering
D. Triage Event
A. Data exfiltration
2|Page
,D488 - Cybersecurity Architecture and Engineering (CASP+)
APIs play a major role in interacting with which technology that allows
applications to run independently in virtual instances?
A. SOAR (Security orchestration, automation, and response)
B. IdP (identity provider)
C. Containers
D. Traditional VMs
C. Containers
Application developers place a new piece of software under a stress test. During
the process, it is discovered that default administrative credentials set within the
software cause a vulnerability. What vulnerability is a concern to the team?
A. Security misconfiguration
B. Poor exception handling
C. Weak cryptography implementations
D. Information disclosure
A. Security misconfiguration
An application is experiencing a security flaw where the system checks the state
of a resource, but by the time it performs an action based on that check, the
resource has changed state. What is this issue called?
3|Page
, D488 - Cybersecurity Architecture and Engineering (CASP+)
A. ASLR (Address Space Layout Randomization)
B. Race condition
C. DEP (Data Execution Protection)
D. TOC (Time of Check)
D. TOC (Time of Check)
An application server is the constant target of a buffer overflow exploit. To
prevent further attacks, a systems administrator uses an operating system with
data execution protection (DEP). How does this solution proactively help to
prevent a buffer overflow?
A. Identify areas of memory that contain executable code
B. Boundary checks prior to using data
C. Applying security patches
D. Unable to locate the memory addresses
A. Identify areas of memory that contain executable code
An application specialist suggests using a particular application in a virtualized
environment to avoid configuring additional workstations for the sake of using
one piece of software. What does the specialist suggest using?
A. Containers
B. Thin client
C. Minimal OS
4|Page
