1. Home
  2. CompTIA
  3. CAS-004

CompTIA CAS-004 Online Practice Questions and Exam Preparation

CAS-004 Exam Details

  • Exam Code
    :CAS-004
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :792 Q&As
  • Last Updated
    :May 28, 2026

CompTIA CAS-004 Online Questions & Answers

  • Question 171:

    An auditor Is reviewing the logs from a web application to determine the source of an Incident. The web application architecture Includes an Internet-accessible application load balancer, a number of web servers In a private subnet, application servers, and one database server In a tiered configuration. The application load balancer cannot store the logs. The following are sample log snippets:

    Which of the following should the auditor recommend to ensure future incidents can be traced back to the sources?

    A. Enable the x-Forwarded-For header al the load balancer.
    B. Install a software-based HIDS on the application servers.
    C. Install a certificate signed by a trusted CA.
    D. Use stored procedures on the database server.
    E. Store the value of the $_server ( ` REMOTE_ADDR ' ] received by the web servers.

  • Question 172:

    A security researcher at an organization is reviewing potential threats to the VoIP phone system infrastructure, which uses a gigabit Internet connection. The researcher finds a vulnerability and knows placing an IPS in front of the phone system will mitigate the risk. The researcher gathers the following information about various IPS systems:

    The organization is concerned about cost, but call quality is critical to its operations. Which of the following vendors would be BEST for the organization to choose?

    A. Vendor 1
    B. Vendor 2
    C. Vendor 3
    D. Vendor 4
    E. Vendor 5

  • Question 173:

    A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive.

    Based on the output above, from which of the following process IDs can the analyst begin an investigation?

    A. 65
    B. 77
    C. 83
    D. 87

  • Question 174:

    A user in the finance department uses a laptop to store a spreadsheet that contains confidential financial information for the company.

    Which of the following would be the BEST way to protect the file while the user travels between locations? (Choose two.)

    A. Encrypt the laptop with full disk encryption.
    B. Back up the file to an encrypted flash drive.
    C. Place an ACL on the file to only allow access to specified users.
    D. Store the file in the user profile.
    E. Place an ACL on the file to deny access to everyone.
    F. Enable access logging on the file.

  • Question 175:

    A security administrator has been provided with three separate certificates and is trying to organize them into a single chain of trust to deploy on a website. Given the following certificate properties:

    Which of the following are true about the PKI hierarchy? (Select two).

    A. www.budgetcert.com.is the top-level CA.
    B. www.budgetcert.com. is an intermediate CA.
    C. SuperTrust RSA 2018 is the top-level CA.
    D. SuperTrust RSA 2018 is an intermediate CA.
    E. BudgetCert is the top-level CA
    F. BudgetCert is an intermediate CA.

  • Question 176:

    A security engineer is reviewing event logs because an employee successfully connected a personal Windows laptop to the corporate network, which is against company policy. Company policy allows all Windows 10 and 11 laptops to connect to the system as long as the MDM agent installed by IT is running. Only compliant devices can connect, and the logic in the system to evaluate compliant laptops is as follows:

    Which of the following most likely occurred when the employee connected a personally owned Windows laptop and was allowed on the network?

    A. The agent was not running on the laptop, which triggered a false positive.
    B. The OS was a valid version, but the MDM agent was not installed, triggering a true positive.
    C. The OS was running a Windows version below 10 and triggered a false negative.
    D. The OS version was higher than 11. and the MDM agent was running, triggering a true negative.

  • Question 177:

    A SaaS startup is maturing its DevSecOps program and wants to identify weaknesses earlier in the development process in order to reduce the average time to identify serverless application vulnerabilities and the costs associated with remediation. The startup began its early security testing efforts with DAST to cover public-facing application components and recently implemented a bug bounty program. Which of the following will BEST accomplish the company's objectives? (Choose two.)

    A. IAST
    B. RASP
    C. SAST
    D. SCA
    E. WAF
    F. CMS

  • Question 178:

    A company with multiple locations has taken a cloud-only approach to its infrastructure The company does not have standard vendors or systems resulting in a mix of various solutions put in place by each location The Chief Information Security Officer wants to ensure that the internal security team has visibility into all platforms Which of the following best meets this objective?

    A. Security information and event management
    B. Cloud security posture management
    C. SNMFV2 monitoring and log aggregation
    D. Managed detection and response services from a third party

  • Question 179:

    An organization's threat team is creating a model based on a number of incidents in which systems in an air-gapped location are compromised. Physical access to the location and logical access to the systems are limited to administrators and select, approved, on-site company employees. Which of the following is the BEST strategy to reduce the risks of data exposure?

    A. NDAs
    B. Mandatory access control
    C. NIPS
    D. Security awareness training

  • Question 180:

    A company is looking for a solution to hide data stored in databases. The solution must meet the following requirements:

    1.Be efficient at protecting the production environment

    2.Not require any change to the application

    3.Act at the presentation layer

    Which of the following techniques should be used?

    A. Masking
    B. Tokenization
    C. Algorithmic
    D. Random substitution

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-004 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.