CAS002 CompTIA Advanced Security Practitioner (CASP) Free Practice Test — 30 Questions

Question 1

A global financial services firm\'s security operations center (SOC) is alerted to a sophisticated, multi-stage ransomware attack that has encrypted critical customer databases. The attack appears to have originated from a zero-day exploit targeting a web application. The incident response team is under extreme pressure to restore services within hours to avoid significant financial losses and regulatory penalties under frameworks like PCI DSS and SOX. Which course of action best balances the immediate need for service restoration with the imperative to preserve evidence for forensic analysis and potential legal action?

Accepted Answer

Immediately disconnect all affected servers from the network and initiate restoration from the most recent, verified clean backup to minimize downtime.

Question 2

A critical zero-day vulnerability has been discovered in the company\'s primary customer relationship management (CRM) platform, which handles sensitive client data and facilitates all sales operations. Preliminary analysis indicates a high probability of exploitation leading to unauthorized data access and potential system disruption. The Chief Information Security Officer (CISO) is tasked with presenting a compelling business case to the executive board for immediate, substantial investment in a next-generation security architecture, including advanced endpoint detection and response (EDR) and a robust zero-trust network access (ZTNA) framework. Which of the following communication strategies would be most effective in securing board approval and fostering confidence in the proposed security enhancements?

Accepted Answer

Detail the technical intricacies of the zero-day exploit, including specific code snippets and network traffic analysis, while outlining the new architecture's technical specifications and implementation roadmap.

Question 3

A multinational corporation operating within the European Union detects a sophisticated ransomware variant encrypting critical customer databases. The incident response team identifies that personal data, as defined by the GDPR, has been compromised. The organization\'s last verified clean backup is 24 hours old. The attackers are demanding a significant Bitcoin payment for a decryption key, threatening to leak exfiltrated data if the ransom is not paid within 48 hours. The Chief Information Security Officer (CISO) must decide on the immediate course of action. Which of the following strategic responses best aligns with minimizing operational impact, ensuring data integrity, and fulfilling regulatory obligations?

Accepted Answer

Isolate all affected systems, immediately initiate restoration from the 24-hour-old clean backup, and commence the GDPR data breach notification process to the relevant supervisory authority and affected individuals, while concurrently investigating the attack vector and potential exfiltration.

Question 4

A newly identified zero-day vulnerability affects a proprietary industrial control system (ICS) firmware deployed across numerous critical infrastructure sites. Initial analysis suggests a potential for remote code execution, but the exact exploitability vector and widespread impact remain unclear due to the proprietary nature of the firmware and the limited visibility into all deployed instances. The organization\'s incident response plan mandates immediate patching, but the vendor has indicated a 72-hour delay for a stable patch. The Chief Information Security Officer (CISO) must guide the response. Which of the following behavioral competencies is MOST critical for the CISO to effectively manage this situation and ensure organizational resilience?

Accepted Answer

Adaptability and Flexibility, coupled with Leadership Potential

Question 5

A global financial services firm\'s primary customer relationship management (CRM) system is found to be compromised by an advanced persistent threat (APT) leveraging a novel zero-day exploit. The breach has resulted in the exfiltration of sensitive client Personally Identifiable Information (PII). The Chief Information Security Officer (CISO), Mr. Jian Li, is directing the incident response. Initial analysis confirms the exploit targets a specific, unpatched module within the CRM\'s backend. The immediate priority is to halt further data loss and contain the threat without causing an unacceptable disruption to critical client services. Which of the following actions, when implemented first, would most effectively balance the immediate need for containment with the overarching requirement to preserve operational integrity and meet regulatory obligations?

Accepted Answer

Deploying network segmentation rules to isolate the compromised CRM servers and their immediate network vicinity, while simultaneously initiating a full system backup of all critical data, pending further forensic analysis.

Question 6

A cybersecurity firm, operating under the purview of the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), receives a verifiable consumer request to delete all personal information held by the organization. The firm\'s internal security operations center (SOC) is currently engaged in a deep forensic analysis of a sophisticated, ongoing cyberattack that exploited a zero-day vulnerability in a critical operational system. The data slated for deletion contains vital logs and telemetry directly related to the attack\'s progression, perpetrator identification, and the extent of system compromise. The legal and compliance department has advised that retaining data pertinent to security incident investigation and potential prosecution is a permissible exception under the CCPA/CPRA. What is the most prudent course of action for the firm\'s data privacy officer in response to the consumer\'s deletion request?

Accepted Answer

Retain the specific data segments directly relevant to the ongoing security incident investigation, citing the CCPA/CPRA exceptions for security purposes and legal compliance, while proceeding with the deletion of all other unrelated personal information.

Question 7

A financial services firm is experiencing a sustained, multi-vector distributed denial-of-service (DDoS) attack that is rapidly saturating its internet ingress capacity. The attack traffic is characterized by polymorphic characteristics, making signature-based detection on internal Web Application Firewalls (WAFs) largely ineffective. The organization\'s upstream Internet Service Provider (ISP) offers a specialized DDoS mitigation service capable of traffic scrubbing and anomaly detection. The security operations center (SOC) has already implemented rate limiting at the network edge. Which of the following actions represents the most effective strategic pivot to mitigate the ongoing attack and maintain service availability?

Accepted Answer

Divert all inbound traffic to the upstream DDoS mitigation service for real-time traffic scrubbing and anomaly-based filtering, while simultaneously enhancing internal behavioral analytics to detect residual or novel attack vectors.

Question 8

A security architect is tasked with bolstering an organization\'s defenses in a hybrid cloud environment. Recent threat intelligence highlights an uptick in sophisticated phishing attacks aimed at harvesting cloud administrative credentials, coupled with the imminent enforcement of a new industry-specific data privacy regulation that mandates granular audit trails for all Personally Identifiable Information (PII) processing activities. Which of the following strategies would most effectively address both the immediate threat and the upcoming regulatory requirements by providing comprehensive visibility and control over data access and processing within the multi-cloud infrastructure?

Accepted Answer

Implement continuous monitoring and anomaly detection across all cloud environments, focusing on user behavior analytics and deviations from established data access policies.

Question 9

A manufacturing plant\'s operational technology (OT) network, responsible for controlling critical production machinery, is found to be vulnerable to a recently disclosed zero-day exploit targeting a specific supervisory control and data acquisition (SCADA) protocol. The exploit has been demonstrated to cause intermittent control system failures and potential data corruption. The plant operates 24/7, and any unscheduled downtime incurs significant financial penalties and potential supply chain disruptions. The security team must devise an immediate response plan. Which of the following actions represents the most judicious and effective initial strategy to mitigate the risk while minimizing operational impact?

Accepted Answer

Initiate an immediate, facility-wide shutdown of all OT systems to apply the vendor-provided patch, prioritizing security over immediate production continuity.

Question 10

A sophisticated ransomware attack has compromised a financial institution\'s primary customer database, with active exfiltration occurring. Simultaneously, a regulatory body has issued an urgent inquiry regarding a separate, unrelated data privacy incident. The Chief Information Security Officer (CISO) has directed the incident response team to prioritize containment of the ransomware, but the legal counsel insists on immediate engagement with the regulatory inquiry to avoid potential fines, citing strict deadlines. The team is experiencing conflicting directives and a high degree of uncertainty regarding the most critical immediate action. As the lead security analyst, what is the most effective approach to navigate this complex situation?

Accepted Answer

Convene an emergency meeting with the CISO and legal counsel to collaboratively define a phased incident response plan that addresses both critical events, clearly delineating responsibilities and communication channels, and then brief the team on the updated strategy.

Question 11

A cybersecurity team, under the leadership of Anya, is navigating a significant organizational shift towards cloud-native architectures and a decentralized security model. Their traditional perimeter-focused, reactive security posture is proving insufficient against increasingly sophisticated threats. The organization mandates integrating security earlier into the development lifecycle, requiring closer collaboration between security and development teams, many of whom operate remotely. Anya must guide her team through this transition, ensuring they maintain effectiveness while adapting to new methodologies and potential ambiguities. Which of the following strategies would best equip Anya\'s team to succeed in this evolving landscape?

Accepted Answer

Emphasize cross-functional collaboration, continuous learning, and adaptive strategy development.

Question 12

A financial services firm has recently completed a significant migration of its core applications and data to a hybrid cloud environment. Shortly after, the security team identified a series of sophisticated, previously unknown exploits targeting specific cloud-native identity and access management (IAM) services, leading to several near-breaches. Concurrently, the firm experienced an unexpected 15% reduction in its annual security budget. The Chief Information Security Officer (CISO) needs to revise the security strategy to address these emergent threats and budgetary limitations effectively. Which of the following adjustments to the security strategy would be most appropriate?

Accepted Answer

Implementing a defense-in-depth strategy that leverages cloud-native security controls and integrates with existing on-premises security tools through a unified SIEM

Question 13

A sophisticated, previously unknown malware variant has compromised an organization\'s primary customer relationship management (CRM) system, rendering the standard incident response playbook obsolete. The chief security officer (CSO), acting as incident commander, must immediately establish alternative communication channels for the response team, re-evaluate containment strategies based on evolving threat intelligence, and make critical decisions with incomplete data regarding system isolation. Which core behavioral competency is most prominently demonstrated by the CSO\'s need to navigate this chaotic and unpredictable situation?

Accepted Answer

Adaptability and Flexibility

Question 14

Anya, the lead security analyst for a financial services firm, observes a significant increase in sophisticated phishing campaigns targeting client data. Concurrently, the organization faces new, stringent data privacy regulations, leading to a reduced risk appetite and a mandate for enhanced auditability of all security operations. Anya’s team has been heavily invested in proactive threat hunting, which often involves exploratory data analysis and less formalized documentation. The new directive requires that all security activities must produce auditable logs and evidence of compliance. Anya needs to realign her team’s efforts to address both the immediate threat and the organizational mandate. Which of the following strategic adjustments would best enable Anya’s team to meet these evolving requirements while maintaining operational effectiveness?

Accepted Answer

Reframe threat hunting activities to focus on identifying indicators of compromise directly relevant to the new regulatory requirements and enhance incident response protocols to include rigorous forensic data preservation and detailed reporting aligned with compliance standards.

Question 15

During a high-stakes incident where a zero-day exploit has encrypted critical financial data and initial backup integrity checks reveal partial corruption, what is the MOST appropriate strategic adjustment for the incident response lead to make, considering the need to maintain operational continuity and regulatory compliance under frameworks like CCPA?

Accepted Answer

Immediately initiate a full system rollback to the last known good state, regardless of data loss, and focus solely on forensic analysis of the attack vector to prevent recurrence.

Question 16

An industrial control system (ICS) environment is suddenly experiencing anomalous behavior across several critical infrastructure components. Initial forensic analysis suggests a previously undocumented zero-day exploit targeting a proprietary communication protocol used by a legacy system. The exploit\'s precise mechanism and full impact remain unclear, but early indicators point to potential data exfiltration and unauthorized command execution. The security operations team is operating with incomplete threat intelligence and must formulate an immediate response strategy. Which of the following approaches best reflects the necessary behavioral competencies for the security team to effectively manage this evolving situation?

Accepted Answer

Rapidly develop and deploy custom containment measures and adaptive defensive postures, prioritizing information gathering and iterative strategy refinement as new details emerge about the exploit's characteristics and impact.

Question 17

A cybersecurity team is responding to a suspected data exfiltration event involving a major financial institution. Initial indicators, such as the use of custom-developed obfuscation techniques and communication over unusual ports, strongly suggested a highly sophisticated nation-state actor. Consequently, the team activated its advanced persistent threat (APT) playbook, focusing on deep forensic analysis and intricate network traffic monitoring. However, during the investigation, evidence emerges indicating the use of readily available, off-the-shelf malware with a surprisingly unsophisticated command-and-control infrastructure, and a pattern of activity that appears more opportunistic than meticulously planned. The CISO is concerned about the team\'s ability to pivot effectively given these conflicting indicators. Which of the following actions best demonstrates the team\'s adaptability and problem-solving acumen in this evolving situation?

Accepted Answer

Revising the incident response plan to incorporate more agile, adaptive techniques, prioritizing rapid containment and evidence preservation while re-evaluating threat actor attribution based on the new indicators.

Question 18

A cybersecurity operations center (SOC) detects a sophisticated, multi-stage attack employing an advanced polymorphic malware variant that bypasses signature-based detection. The current incident response playbooks are designed for known threat signatures and do not adequately cover this novel attack vector. The SOC manager, tasked with maintaining operational effectiveness during this transition, needs to guide the team through an immediate strategic adjustment. Which of the following actions best demonstrates the manager\'s adaptability and leadership in this evolving situation?

Accepted Answer

Facilitating a cross-functional tabletop exercise to simulate the new threat and identify response gaps.

Question 19

A multinational financial services firm has implemented a comprehensive zero-trust architecture across its hybrid cloud infrastructure. During a routine security audit, the SIEM system flags a critical alert indicating a potential insider threat involving unauthorized data access from a development environment server. A senior security analyst is tasked with investigating this incident. Which of the following actions best reflects the application of zero-trust principles to enable the analyst\'s investigation while maintaining the integrity of the environment?

Accepted Answer

The analyst utilizes pre-defined, role-based access policies to request temporary, granular read-only permissions to the specific server logs and relevant configuration files required for the investigation, subject to automated approval based on predefined risk thresholds.

Question 20

A rapid deployment cybersecurity team is alerted to a sophisticated zero-day exploit affecting a critical IoT infrastructure component within a major financial institution. Initial analysis confirms the exploit targets a previously unknown vulnerability and allows for unauthorized data exfiltration. The organization operates under stringent financial data protection mandates, requiring prompt notification of any potential breaches. The security leadership must decide on the most effective immediate course of action to mitigate the risk while preserving operational continuity and adhering to regulatory obligations. Which of the following strategic imperatives should guide the team\'s initial response?

Accepted Answer

Initiate a phased incident response, prioritizing network segmentation and enhanced monitoring, while simultaneously preparing for forensic analysis and long-term remediation.

Question 21

A cybersecurity operations center (SOC) has identified a persistent threat actor employing advanced fileless malware techniques. Despite robust perimeter firewalls and advanced endpoint detection and response (EDR) solutions utilizing signature-based and heuristic analysis, the malware consistently evades detection. The threat actor\'s methods involve in-memory execution and manipulation of legitimate system processes, leaving minimal discernible artifacts on the file system. The SOC team needs to implement a new security control to bolster their defense against this specific type of attack. Which of the following security controls would be most effective in addressing this newly identified blind spot?

Accepted Answer

Implement a User and Entity Behavior Analytics (UEBA) solution to baseline and detect anomalous process and user activities.

Question 22

A global financial institution, operating under stringent regulations like the General Data Protection Regulation (GDPR) and Payment Card Industry Data Security Standard (PCI DSS), is experiencing a surge in sophisticated attempts to exfiltrate sensitive customer financial data. Traditional signature-based intrusion detection systems have proven insufficient against novel attack vectors. The Chief Information Security Officer (CISO) needs to implement a new security control that demonstrably enhances the organization\'s ability to detect and prevent such data leakage while maintaining operational continuity and satisfying compliance mandates. Which of the following security control implementations would best address this critical requirement?

Accepted Answer

Deploy an advanced Network Intrusion Detection and Prevention System (NIDS/NIPS) incorporating behavioral analytics to identify anomalous network traffic patterns indicative of data exfiltration.

Question 23

A major healthcare provider experiences a sophisticated ransomware attack that encrypts its entire patient Electronic Health Record (EHR) system, rendering it inaccessible. The attack has caused a complete shutdown of all clinical operations, directly impacting patient care. The Chief Information Security Officer (CISO) must direct the immediate response. Which of the following actions represents the most effective and compliant initial strategic directive?

Accepted Answer

Isolate all affected network segments, initiate a comprehensive forensic investigation to determine the attack vector and scope, and immediately engage specialized third-party incident response consultants while documenting all actions.

Question 24

A cybersecurity team is responding to a critical zero-day vulnerability discovered in a third-party library integrated into their primary customer relationship management (CRM) platform. The organization is subject to stringent data protection regulations, mandating notification within 72 hours of becoming aware of a data breach. The vulnerable component is used by a customer-facing portal that displays aggregated user preference data, but is not essential for the core CRM functionalities like sales tracking or customer service ticketing. A comprehensive patch is not yet available from the vendor, and a full system rollback is deemed too disruptive to ongoing business operations. What is the most prudent immediate course of action to mitigate the risk while adhering to regulatory obligations and maintaining essential business continuity?

Accepted Answer

Temporarily disable the customer-facing portal feature that utilizes the vulnerable component until a vendor patch is available and validated.

Question 25

Anya, a seasoned cybersecurity lead, is overseeing the migration of her organization\'s critical infrastructure to a novel cloud-native security framework. Despite extensive initial documentation, her team is encountering significant hurdles. Development cycles are slipping, inter-departmental communication has become strained, and a palpable sense of frustration is growing as team members grapple with unfamiliar concepts and integration complexities. Anya observes a reluctance to deviate from established processes and a lack of cohesive strategy in tackling the implementation challenges. Which of the following actions would best equip Anya\'s team to navigate this transition, fostering both technical proficiency and collaborative problem-solving?

Accepted Answer

Facilitating cross-functional training sessions focused on the new framework's architectural principles and security controls, coupled with establishing a clear, phased implementation roadmap with defined milestones and regular feedback loops.

Question 26

A multinational corporation, operating under the stringent data protection mandates of the EU\'s General Data Protection Regulation (GDPR) and also subject to various US state-level privacy laws, is planning a significant migration of sensitive customer data to a cloud environment. A critical requirement is to maintain data sovereignty for EU citizens, ensuring their personal information is processed and stored exclusively within the European Union. Concurrently, the company aims to leverage the cost efficiencies and scalability of US-based cloud infrastructure for other business operations. Which architectural approach would best satisfy these conflicting regulatory and operational demands?

Accepted Answer

Implement robust end-to-end encryption for all data, utilizing strong key management practices that restrict access to authorized personnel regardless of geographic location.

Question 27

A manufacturing firm\'s security operations center detects unusual network traffic originating from a recently integrated smart sensor on the assembly line. The sensor, designed for environmental monitoring, is now attempting to establish outbound connections to an unknown external IP address, deviating significantly from its predefined communication whitelist. The incident response plan mandates immediate containment and initial analysis. Which of the following methods would be the MOST effective for the security analyst to perform an initial assessment of the potential compromise without significantly impacting the device\'s operational capacity or the production environment?

Accepted Answer

Conduct a deep packet inspection of the traffic flow between the sensor and the external IP address, coupled with behavioral anomaly detection against its known communication baseline.

Question 28

An advanced cybersecurity team is tasked with defending a critical industrial control system (ICS) network against a sophisticated, previously undocumented zero-day exploit. Initial attempts to detect the threat using signature-based intrusion detection systems have proven futile due to the exploit\'s novel evasion techniques. The attack is characterized by subtle deviations from normal operational patterns, making it difficult to identify with conventional security tools. The team must quickly establish effective countermeasures and operational resilience in an environment where established indicators of compromise are non-existent. Which of the following behavioral competencies is MOST critical for the team\'s success in this scenario?

Accepted Answer

Adaptability and flexibility

Question 29

A seasoned cybersecurity operations manager observes persistent discord within their incident response team regarding the prioritization of emerging threat intelligence. Analysts specializing in network forensics advocate for immediate resource allocation to investigate a suspected zero-day exploit targeting a niche industrial control system, citing a high potential impact. Concurrently, threat hunters focused on nation-state activity are pushing for a broader analysis of indicators of compromise associated with a widespread phishing campaign affecting critical business functions, emphasizing its immediate and broad reach. This divergence in focus is causing delays in coordinated response efforts and impacting overall team effectiveness. What strategic approach should the manager implement to foster adaptability and ensure effective pivoting of strategies in response to this intelligence ambiguity?

Accepted Answer

Institute a mandatory daily "Intelligence Synthesis Brief" where analysts from different specializations present their findings, discuss potential impacts, and collaboratively refine incident response priorities based on a unified risk assessment framework.

Question 30

An enterprise security lead is reviewing the organization\'s defenses after a surge in highly convincing spear-phishing campaigns targeting employees working remotely. Analysis of incident logs reveals that several employees have inadvertently executed malicious payloads delivered via these campaigns, leading to lateral movement within a segment of the network. The lead is considering implementing a new endpoint detection and response (EDR) solution that incorporates advanced behavioral analytics and AI-driven threat hunting. However, this solution necessitates substantial user training to ensure proper utilization and alert interpretation, and its initial deployment phase is expected to cause temporary, albeit minor, network latency. Which of the following strategic adjustments best addresses the immediate threat while maintaining operational viability and fostering long-term security resilience?

Accepted Answer

Deploy the advanced EDR solution with a phased rollout, accompanied by comprehensive, role-specific user training and clear communication regarding the security benefits and operational adjustments.

CAS002 CompTIA Advanced Security Practitioner (CASP) Free Practice Test — 30 Questions

A lot more is already mapped out

About the CAS002 CompTIA Advanced Security Practitioner (CASP) Certification