CASP+ Practice Exam CAS-004

Correct Answer: Residual risk Explanation: Residual risk is the amount of risk remaining after all risk treatment (mitigation, avoidance, transfer) has been applied. It's the risk an organization accepts.

Correct Answer: Data Loss Prevention combined with Virtual Desktop Infrastructure Explanation: DLP can prevent data from being copied or moved to personal devices, while VDI allows users to access corporate resources securely from their personal devices without actually storing any corporate data on those devices.

Correct Answer: TLS with mutual authentication (mTLS) Explanation: mTLS provides mutual authentication (both client and server verify each other's certificates) and encrypts traffic, making it ideal for securing direct service-to-service communication in a microservices architecture.

Correct Answer: Security Information and Event Management with User and Entity Behavior Analytics capabilities Explanation: A SIEM system with UEBA capabilities is designed to ingest and analyze large volumes of log data, identify baseline behaviors, and detect anomalous patterns indicative of sophisticated threats like APTs over time.

Correct Answer: Resistance to phishing and man-in-the-middle attacks Explanation: FIDO2 (Fast Identity Online) security keys are specifically designed to be highly resistant to phishing and man-in-the-middle attacks by cryptographically binding authentication to the originating website.

Correct Answer: Threat modeling Explanation: Threat modeling is a structured approach for identifying potential threats and vulnerabilities in a system or application design. It is performed early in the SDLC, even before coding begins, to address security concerns proactively.

Correct Answer: Modify system startup scripts Explanation: Modifying system startup scripts (e.g., cron jobs on Linux, services on Windows) is a common and effective technique for establishing persistence, ensuring the attacker maintains access even if the system is rebooted. Creating a new privileged account is also persistence but "modify system startup scripts" is more general and high-level, covering various methods.

Correct Answer: Air gap Explanation: An air gap (or air gapping) refers to a security measure that physically isolates a network segment or system from other networks, especially the internet, to prevent data exfiltration or unauthorized access. One-way communication is a strong indicator.

Correct Answer: Shared Responsibility Model documentation Explanation: The Shared Responsibility Model clearly defines which security duties are managed by the cloud provider and which remain the responsibility of the cloud consumer. This is crucial for understanding risk in cloud deployments.

Correct Answer: Availability Explanation: Geographically dispersed active-active data centers with load balancing are classic architectural patterns for ensuring high availability and resilience against outages or regional disasters.