CAS-004 Exam Details

  • Exam Code
    :CAS-004
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :792 Q&As
  • Last Updated
    :Jul 09, 2026

CompTIA CAS-004 Online Questions & Answers

  • Question 11:

    A forensics investigator is analyzing an executable file extracted from storage media that was submitted for evidence. The investigator must use a tool that can identify whether the executable has indicators, which may point to the creator of the file. Which of the following should the investigator use while preserving evidence integrity?

    A. ldd
    B. bcrypt
    C. SHA-3
    D. ssdeep
    E. dcfldd

  • Question 12:

    A financial institution generates a list of newly created accounts and sensitive information on a daily basis. The financial institution then sends out a file containing thousands of lines of data. Which of the following would be the best way to reduce the risk of a malicious insider making changes to the file that could go undetected?

    A. Write a SIEM rule that generates a critical alert when files are created on the application server.
    B. Implement a FIM that automatically generates alerts when the file is accessed by IP addresses that are not associated with the application.
    C. Create a script that compares the size of the file on an hourly basis and generates alerts when changes are identified.
    D. Tune the rules on the host-based IDS for the application server to trigger automated alerts when the application server is accessed from the internet.

  • Question 13:

    An incident response team completed recovery from offline backup for several workstations. The workstations were subjected to a ransomware attack after users fell victim to a spear-phishing campaign, despite a robust training program. Which of the following questions should be considered during the lessons-learned phase to most likely reduce the risk of reoccurrence? (Choose two.)

    A. Are there opportunities for legal recourse against the originators of the spear-phishing campaign?
    B. What internal and external stakeholders need to be notified of the breach?
    C. Which methods can be implemented to increase speed of offline backup recovery?
    D. What measurable user behaviors were exhibited that contributed to the compromise?
    E. Which technical controls, if implemented, would provide defense when user training fails?
    F. Which user roles are most often targeted by spear phishing attacks?

  • Question 14:

    A law firm experienced a breach in which access was gained to a secure server. During an investigation to determine how the breach occurred, an employee admitted to clicking on a spear-phishing link. A security analyst reviewed the event logs and found the following:

    1.PAM had not been bypassed.

    2.DLP did not trigger any alerts.

    3.The antivirus was updated to the most current signatures.

    Which of the following MOST likely occurred?

    A. Exploitation
    B. Exfiltration
    C. Privilege escalation
    D. Lateral movement

  • Question 15:

    During an adversarial simulation exercise, an external team was able to gain access to sensitive information and systems without the organization detecting this activity.

    Which of the following mitigation strategies should the organization use to best resolve the findings?

    A. Configuring a honeypot for adversary characterization
    B. Leveraging simulators for attackers
    C. Setting up a honey network for attackers
    D. Utilizing decoy accounts and documents

  • Question 16:

    Employees are receiving certificate errors when visiting secure internet websites. A help desk technician reviews a sample of the certificates from various external websites and determines that an internal certificate with the name of the company's proxy is present in the middle of the certificate chain. The help desk technician escalates the issue to the security team. Which of the following should the security team do next to resolve this issue?

    A. Renew and redeploy the intermediate CA certificate.
    B. Contact the external websites about updating their certificates.
    C. Use Wireshark to analyze network traffic for potential malicious activities.
    D. Add the affected websites to the proxy's allow list.

  • Question 17:

    Which of the following security features do email signatures provide?

    A. Non-repudiation
    B. Body encryption
    C. Code signing
    D. Sender authentication
    E. Chain of custody

  • Question 18:

    A security consultant has been asked to recommend a secure network design that would:

    1.Permit an existing OPC server to communicate with a new Modbus server that is controlling electrical relays.

    2.Limit operational disruptions.

    Due to the limitations within the Modbus protocol, which of the following configurations should the security engineer recommend as part of the solution?

    A. Restrict inbound traffic so that only the OPC server is permitted to reach the Modbus server on port 135.
    B. Restrict outbound traffic so that only the OPC server is permitted to reach the Modbus server on port 102.
    C. Restrict outbound traffic so that only the OPC server is permitted to reach the Modbus server on port 5000.
    D. Restrict inbound traffic so that only the OPC server is permitted to reach the Modbus server on port 502.

  • Question 19:

    A Chief Information Officer is considering migrating all company data to the cloud to save money on expensive SAN storage. Which of the following is a security concern that will MOST likely need to be addressed during migration?

    A. Latency
    B. Data exposure
    C. Data loss
    D. Data dispersion

  • Question 20:

    A third-party organization has implemented a system that allows it to analyze customers' data and deliver analysis results without being able to see the raw data. Which of the following is the organization implementing?

    A. Asynchronous keys
    B. Homomorphic encryption
    C. Data lake
    D. Machine learning

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-004 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.