CompTIA CASP+ Security Engineering Test 2 with 100% Correct answers
0 view 0 purchase
Course
CASP - Comptia Advanced Security Practitioner
Institution
CASP - Comptia Advanced Security Practitioner
What is the main purpose of Secure Software Development Lifecycle (SDLC)
in security engineering?
• A) Increase project duration
• B) Incorporate security practices at each phase of development
• C) Improve software performance
• Answer: B) Incorporate security practices at each p...
CompTIA CASP+ Security Engineering Test 2 with 100% Correct answers
1. What is the main purpose of Secure Software Development Lifecycle (SDLC)
in security engineering?
• A) Increase project duration
• B) Incorporate security practices at each phase of development
• C) Improve software performance
• Answer: B) Incorporate security practices at each phase of development
• Explanation: SDLC helps integrate security considerations early, reducing vulnerabilities before
deployment.
2. What is the best approach to mitigate the risk of unauthorized access in a web
application?
• A) Implement input validation
• B) Enforce strong authentication mechanisms
• C) Increase the size of the web server
• Answer: B) Enforce strong authentication mechanisms
• Explanation: Strong authentication ensures that only authorized users can access the
application, preventing unauthorized access.
3. Which of the following techniques can be used to prevent Cross-Site Request
Forgery (CSRF) attacks?
• A) Using CAPTCHA
• B) Enforcing complex passwords
• C) Implementing anti-CSRF tokens
• Answer: C) Implementing anti-CSRF tokens
• Explanation: Anti-CSRF tokens verify the legitimacy of requests by adding a unique identifier to
each request, preventing CSRF attacks.
4. What is a primary purpose of code signing in security?
• A) To improve software performance
• B) To verify the integrity and authenticity of software
• C) To allow open-source distribution
• Answer: B) To verify the integrity and authenticity of software
• Explanation: Code signing ensures that software is from a trusted source and has not been
tampered with.
5. What type of testing checks the robustness of software when facing abnormal
or extreme input?
, • A) Fuzz testing
• B) Integration testing
• C) Unit testing
• Answer: A) Fuzz testing
• Explanation: Fuzz testing provides random, unexpected input to identify vulnerabilities that may
occur under stress or unusual conditions.
6. Which security principle is best described by limiting users’ access rights to
the minimum necessary to perform their tasks?
• A) Separation of duties
• B) Least privilege
• C) Security by obscurity
• Answer: B) Least privilege
• Explanation: The least privilege principle reduces the risk of accidental or malicious misuse by
limiting access rights.
7. Which cryptographic method should be used to ensure data confidentiality in
transit?
• A) Digital signatures
• B) Encryption
• C) Hashing
• Answer: B) Encryption
• Explanation: Encryption scrambles data so only authorized parties can read it, protecting
confidentiality during transmission.
8. What is a common defense against SQL injection attacks?
• A) Using HTML encoding
• B) Using parameterized queries
• C) Disabling error logging
• Answer: B) Using parameterized queries
• Explanation: Parameterized queries separate SQL code from user inputs, preventing malicious
code from being executed.
9. Which strategy involves isolating components to prevent the spread of security
breaches?
• A) Load balancing
• B) Network segmentation
• C) Code obfuscation
• Answer: B) Network segmentation
• Explanation: Network segmentation limits security incidents to isolated segments, reducing the
impact of breaches.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller UndisputedPundit. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $8.49. You're not tied to anything after your purchase.
