Practice Test CAS-004: CompTIA CASP+

The CAS-004: CompTIA CASP+ practice test contains 200 questions and covers the following objectives:  

Security Architecture – 56 questions  

Given a scenario, analyze the security requirements and objectives to ensure an appropriate, secure network architecture for a new or existing network 

Services, Segmentation, Deperimeterization/zero trust, Merging of networks from, Software-defined networking (SDN) 

Given a scenario, analyze the organizational requirements to determine the proper infrastructure security design 

Scalability, Resiliency, Automation, Performance, Containerization, Virtualization, Content delivery network, Caching 

Given a scenario, integrate software applications securely into an enterprise architecture 

Baseline and templates, Software assurance, Considerations of integrating, Integrating security into 

Given a scenario, implement data security techniques for securing enterprise architecture 

Data loss prevention, Data loss detection, Data classification, labeling, and tagging, Obfuscation, Anonymization, Encrypted vs. unencrypted, Data life cycle, Data inventory and mapping, Data integrity management, Data storage, backup, and recovery 

Given a scenario, analyze the security requirements and objectives to provide the appropriate authentication and authorization controls 

Credential management, Password policies, Federation, Access control, Protocols, Multifactor authentication (MFA), One-time password (OTP), Hardware root of trust, Single sign-on (SSO), JavaScript Object Notation (JSON) web token (JWT), Attestation and identity proofing 

Given a set of requirements, implement secure cloud and virtualization solutions 

Virtualization strategies, Provisioning and deprovisioning, Middleware, Metadata and tags, Deployment models and considerations, Hosting models, Service models, Cloud provider limitations, Extending appropriate on-premises controls, Storage models 

Explain how cryptography and public key infrastructure (PKI) support security objectives and requirements 

Privacy and confidentiality requirements, Integrity requirements, Non-repudiation, Compliance and policy requirements, Common cryptography use cases, Common PKI use cases 

Explain the impact of emerging technologies on enterprise security and privacy 

Artificial intelligence, Machine learning, Quantum computing, Blockchain, Homomorphic encryption, Secure multiparty computation, Distributed consensus, Big Data, Virtual/augmented reality, 3-D printing, Passwordless authentication, Nano technology, Deep learning, Biometric impersonation 

Security Operations – 54 questions 

Given a scenario, perform threat management activities 

Intelligence types, Actor types, Threat actor properties, Intelligence collection methods, Frameworks 

Given a scenario, analyze indicators of compromise and formulate an appropriate response 

Indicators of compromise, Response 

Given a scenario, perform vulnerability management activities 

Vulnerability scans, Security Content Automation Protocol (SCAP), Self-assessment vs. third- party vendor assessment, Patch management, Information sources 

Given a scenario, use the appropriate vulnerability assessment and penetration testing methods and tools 

Methods, Tools, Dependency management, Requirements 

Given a scenario, analyze vulnerabilities and recommend risk mitigations 

Vulnerabilities, Inherently vulnerable system/application, Attacks 

Given a scenario, use processes to reduce risk 

Proactive and detection, Security data analytics, Preventive, Application control, Security automation, Physical security 

Given an incident, implement the appropriate response 

Event classifications, Triage event, Preescalation tasks, Incident response process, Specific response playbooks/processes, Communication plan, Stakeholder management 

Explain the importance of forensic concepts 

Legal vs. internal corporate purposes, Forensic process, Integrity preservation, Cryptanalysis, Steganalysis 

Given a scenario, use forensic analysis tools 

File carving tools, Binary analysis tools, Analysis tools, Imaging tools, Hashing utilities, Live collection vs. post-mortem tools. 

Security Engineering and Cryptography – 70 questions 

Given a scenario, apply secure configurations to enterprise mobility 

Managed configurations, Deployment scenarios, Security considerations 

Given a scenario, configure and implement endpoint security controls 

Hardening techniques, Processes, Mandatory access control, Trustworthy computing, Compensating controls 

Explain security considerations impacting specific sectors and operational technologies 

Embedded, ICS/supervisory control and data acquisition (SCADA), Protocols, Sectors 

Explain how cloud technology adoption impacts organizational security 

Automation and orchestration, Encryption configuration, Logs, Monitoring configurations, Key ownership and location, Key life-cycle management, Backup and recovery methods, Infrastructure vs. serverless computing, Application virtualization, Software-defined networking, Misconfigurations, Collaboration tools, Storage configurations, Cloud access security broker (CASB) 

Given a business requirement, implement the appropriate PKI solution 

PKI hierarchy, Certificate types, Certificate usages/profiles/templates, Extensions, Trusted providers, Trust model, Cross-certification, Configure profiles, Life-cycle management, Public and private keys, Digital signature, Certificate pinning, Certificate stapling, Certificate signing requests (CSRs), Online Certificate Status Protocol (OCSP) vs. certificate revocation list (CRL), HTTP Strict Transport Security (HSTS) 

Given a business requirement, implement the appropriate cryptographic protocols and algorithms 

Hashing, Symmetric algorithms, Asymmetric algorithms, Protocols, Elliptic curve cryptography, Forward secrecy, Authenticated encryption with associated data, Key stretching 

Given a scenario, troubleshoot issues with cryptographic implementations 

Implementation and configuration issues, Keys 

Governance, Risk, and Compliance – 20 questions 

Given a set of requirements, apply the appropriate risk strategies 

Risk assessment, Risk handling techniques, Risk types, Risk management life cycle, Risk tracking, Risk appetite vs. risk tolerance, Policies and security practices 

Explain the importance of managing and mitigating vendor risk 

Shared responsibility model (roles/responsibilities), Vendor lock-in and vendor lockout, Vendor viability, Meeting client requirements, Support availability, Geographical considerations, Supply chain visibility, Incident reporting requirements, Source code escrows, Ongoing vendor assessment tools, Third-party dependencies, Technical considerations 

Explain compliance frameworks and legal considerations, and their organizational impact 

Security concerns of integrating diverse industries, Data considerations, Geographic considerations, Third-party attestation of compliance, Regulations, accreditations, and standards, Legal consideration, Contract and agreement types 

Explain the importance of business continuity and disaster recovery concepts 

Business impact analysis, Privacy impact assessment, Disaster recovery plan (DRP)/ business continuity plan (BCP), Incident response plan, Testing plans