COMPTIA CASP+ Module 3

1. Unsigned apps are being allowed to run on COPE devices, according to an audit of your mobile device policies. These assets have their default value set to $true. In order to publish and distribute an app, the developer must first sign in or make it traceable. Are there legitimate business reasons to install unsigned applications on a company-owned tablet or smartphone?
2. It was up to you to decide what kind of encryption to use for your mobile device management software. For mobile devices, which asymmetric encryption algorithm is the best fit?
3. You're on business travel and there isn't any Wi-Fi. Using your laptop in a public place isn't an option. If it's supported, you could use a mobile device to connect to the Internet via tethering. To what extent is tethering harmful?
4. On the phone, Alen has stated that she has lost her company iPad. Despite your best efforts, she claims to have just returned from a trip and is afraid the device is still in airplane mode, so you can't use location services to find it. What do you think should happen next?
5. It is being investigated by your IT department whether DNS over HTTPS can be used (DoH). Which of these attacks is further protected by the use of DoH's encrypted DNS resolutions?
6. As a result of your ISP's DNS servers being slow or not configured for caching, your connection has slowed. You should be aware of this when loading a page that includes content from multiple sources, such as advertisers and affiliates. What can you do to speed up your internet connection while also enhancing your security?
7. It's time for a mobile device strategy to be implemented, according to your new CISO. You need a solution that can be implemented quickly and at a low cost for all of your employees. Is one of the following options the best fit for your company?
8. Your global bank wants to use mobile devices in its main offices and remote branches. Bank statements, loan applications, and mortgage documents are handled by employees. What kind of mobile strategy would be most effective for your company, given that it is extremely risk averse?
9. All of your company's sales representatives will receive a company-issued cell phone in the upcoming fiscal year. You must address the risk of a lost or stolen device when developing a security policy to protect against data loss, malware, and malicious applications. What's your strategy for dealing with this risk?
10. Due to security requirements, your company is rethinking its mobile device strategy. Giving employees a choice is important, but you also need to keep costs low. What is the most effective course of action?
11. You work as a SOHO's security analyst. Upper management decided that BYOD for salespeople would be cost-effective, citing employee turnover as the reason. There are now numerous security issues, including multiple IP addresses and infected systems on the company network, to contend with. What one of the following should you put into action right now to address these problems?
12. What kind of key management system do you think is best for your company's users? Is this function provided by any of the following:
13. What your marketing team wants to do at the next conference is to share files between local devices without the use of an external storage device such as a USB memory stick. Were any of these terms more appropriate in this situation?
14. The over-the-air (OTA) update is delivered wirelessly to your mobile device. It has been determined by the company that this method does not pose a security risk to your mobile device. What type of OTA do you configure if you don't want to lose access to your mobile device during business hours?
15. Unintentional data leakage from mobile apps in your environment is a cause for concern. Users of mobile devices, such as laptops, tablets, and wearables, are at risk from "riskware" applications, which are programs that ask for personal information without checking whether it is necessary or safe to do so. Official app stores typically have these types of apps available for free. If you're worried about data leaking from their mobile device, what advice would you give them?
16. An ex-IT network administrator voluntarily surrendered his or her company-issued iPhone. Because they were able to circumvent the limitations set by the device's manufacturer, you came to this conclusion: The device has third-party software installed. What was the IT network administrator's job description?
17. Attempts to access low-level systems were made by your system administrator on their cell phone. They're looking to get rid of programs already installed on the system and revoke access to previously granted permissions to new ones. What's the name of this type of access?
18. If your current contract with your mobile device provider expires soon, you may want to look into switching to another one. In many cases, subsidized phones, such as those that come with a contract, are tied to a single carrier. In addition, you should guard against the loss or theft of data stored on the devices. The phone has been set up to work only with that carrier. If you want to switch your mobile phone service provider, what steps do you need to take?
19. Your organization's data privacy is of the utmost importance, including PHI and PII. As a security architect, one of your responsibilities is to ensure the security of instant messages sent and received. If you want to keep these messages safe, which one of the following is the best option?
20. Consider purchasing mobile devices with company-owned, personal-enabled (COPE) features as an option for your company. Open source operating systems for mobile devices have the drawback of leading to greater inequity. When it comes to product versions and updates, which of the following statements is most accurate?
21. IoT has presented a number of challenges for your organization's security team when it comes to protecting your network. Attackers are increasingly using IoT devices to launch attacks, which has resulted in an increase in IoT-related incidents. Is there a more effective way to deal with this problem?
22. You have to travel a lot for your job. If you were looking for an infrared camera in your hotel room, what would you use?
23. A special microprocessor is used to monitor the environment on your network, and you are a security administrator. What kind of microchips are we talking about here?
24. To perform complex tasks like face detection, calculation, and logic control, Sandra must use a hardware-based processor approach. Sandra would use what?
25. In the event of a natural disaster, your facility's geolocation and hurricane propensity necessitate that you find a backup location for your data processing. As part of your negotiations, you're talking to a company that has a lot of infrastructure but no hardware. You're building a facility, but what kind?
26. Many questions about accuracy, security, and cost come up when you're presenting the business case for switching to a new SCADA system solution to upper management at your industrial facility. Operators and other stakeholders were interested in learning how to access historical data at the meeting. What do you have to say?
27. Health care providers can find information on a website owned by Bob. HIPAA might apply to the personal health information he's storing, he says. How does he ensure that the data is removed correctly?
28. In order to accept customer payments, you'll be selling directly to public utilities in a new line of software business you've started. There are two major dangers: your lack of experience in setting up and managing credit card processing, and the additional compliance and encryption requirements that come along with that experience. When it comes to taking risks, what's the best course of action?
29. 90. You work as a security engineer for a hospital. You're assessing the security measures in place to protect personal health information (PHI) and financial information. What's the best way to categorize this data?

Confidential Integrity Availability
High Medium Low
Medium High Low
High Medium Low
Low Low High
30. Your security manager asked you to review the business continuity plan following the recent acquisition of facility services. The confidentiality of the information handled by your company must be maintained in accordance with all applicable laws and regulations. Because of this, upper management is concerned that your newly merged organization may fail an audit. What can you do to enhance the current business continuity plan?
31. The financial records of your public service company have been audited by an internal auditor. Security procedures, including proper disposal and sanitization of financial transactions, were found to be lacking in the report. What are their suggestions?
32. During a quarterly audit, you discovered a compromised CA certificate being used on a system. When the certificate was compromised, what was supposed to happen to it?
33. You get an email with a document attachment from a person you know who has a digital signature, and you open the attachment. There is no way for an email client to verify or trust the signature. Avoid doing what?
34. An authentication system that allows users to authenticate once and grant tickets for specific services is used by your organization. Which of the following technologies best fits the bill?
35. Your colleague hashes a message, encrypts the hash with their private key, and sends it to you. 125. What is the name of this procedure?
36. Sending a confidential message in this manner ensures that only the recipient can see it. You send the message after it has been encrypted. In order to decrypt the message, what is the encryption key?
37. To ensure that only the recipient can read the message, you need to use a secure method of communication. You send the message after it has been encrypted. Message decryption requires knowing the key.
38. Ben must use an SSL certificate and traditional validation and vetting to secure a simple single website. It's time for her to make a choice.
39. If a coworker hashes a message, uses your public key to encrypt it, and then uses their own private key to encrypt the hash, they send it to you. Is there a purpose to this process?
40. When sending encrypted messages over Daryl's network, he'll use digital certificates signed with both public and private keys. What do you call this in terms of infrastructure?
41. Cede is creating a security policy for his healthcare startup because there are currently no written security standards in place. Is any of this appropriate for his security standards?
42. A member of staff has misplaced the private key to their account. This key gives you access to a confidential database of health data. The employee is unable to carry out their regular duties unless they have this key. What do you do first as a security administrator?
43. Encryption methods that use a single shared key include:
44. The application you're building deals with private information about individual users. You want to encrypt the data so that it cannot be accessed or changed by anyone else. Asymmetric cryptography is being considered for your application processes. What does this illustrate?
45. A third-party vendor was hired by your company to provide customer service from a remote location. Do you know how to keep your systems safe from hackers?
46. For Hugh's application, the data must be encrypted on legacy hardware with the fewest resources possible. When it comes to cryptography, which one will best suit his needs?
47. Alvin has a message in plaintext that needs to be converted into ciphertext of equal length. She'll generate a secondary key with a key and an IV after the encrypted data has been decrypted. The ciphertext's keyed hash will be generated using this second secret key. Julia has completed what kind of encryption?
48. Your organization has a remote workforce and often works with multiple global offices, partners, and contractors. You are a security engineer and have been asked to work with others on achieving security objectives.. Everything must be encrypted and kept on-site at all times. It is imperative that all users use the same software and that the software be patched on an ongoing basis. In your opinion, what is the best solution?
49. It is your job to implement security measures and to explain to the board of directors what symmetric encryption, in particular Salsa20, can do. Which of the following topics will you cover in your presentation?
50. Your team is analyzing the necessity for real-time interaction between publishers and subscribers in your application while designing your business continuity technical rules for your financial trading organization. In your opinion, which one of these options is the most appropriate?