CAS-004 Exam Details

  • Exam Code
    :CAS-004
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :792 Q&As
  • Last Updated
    :Jul 09, 2026

CompTIA CAS-004 Online Questions & Answers

  • Question 21:

    A user forwarded a suspicious email to a security analyst for review. The analyst examined the email and found that neither the URL nor the attachment showed any indication of malicious activities. Which of the following intelligence collection methods should the analyst use to confirm the legitimacy of the email?

    A. HUMINT
    B. UEBA
    C. OSINT
    D. RACE

  • Question 22:

    An attacker infiltrated an electricity-generation site and disabled the safety instrumented system. Ransomware was also deployed on the engineering workstation. The environment has back-to-back firewalls separating the corporate and OT systems. Which of the following is the MOST likely security consequence of this attack?

    A. A turbine would overheat and cause physical harm.
    B. The engineers would need to go to the historian.
    C. The SCADA equipment could not be maintained.
    D. Data would be exfiltrated through the data diodes.

  • Question 23:

    A company created an external application for its customers. A security researcher now reports that the application has a serious LDAP injection vulnerability that could be leveraged to bypass authentication and authorization. Which of the following actions would BEST resolve the issue? (Choose two.)

    A. Conduct input sanitization.
    B. Deploy a SIEM.
    C. Use containers.
    D. Patch the OS
    E. Deploy a WAF.
    F. Deploy a reverse proxy
    G. Deploy an IDS.

  • Question 24:

    Which of the following is the MOST likely reason an organization would decide to use a BYOD policy?

    A. It enables employees to use the devices they are already own, thus reducing costs.
    B. It should reduce the number of help desk and tickets significantly.
    C. It is most secure, as the company owns and completely controls the devices.
    D. It is the least complex method for systems administrator to maintain over time.

  • Question 25:

    A networking team was asked to provide secure remote access to all company employees. The team decided to use client-to-site VPN as a solution. During a discussion, the Chief Information Security Officer raised a security concern and asked the networking team to route the Internet traffic of remote users through the main office infrastructure. Doing this would prevent remote users from accessing the Internet through their local networks while connected to the VPN.

    Which of the following solutions does this describe?

    A. Full tunneling
    B. Asymmetric routing
    C. SSH tunneling
    D. Split tunneling

  • Question 26:

    A security consultant has been asked to identify a simple, secure solution for a small business with a single access point. The solution should have a single SSID and no guest access. The customer facility is located in a crowded area of town, so there is a high likelihood that several people will come into range every day. The customer has asked that the solution require low administrative overhead and be resistant to offline password attacks. Which of the following should the security consultant recommend?

    A. WPA2-Preshared Key
    B. WPA3-Enterprise
    C. WPA3-Personal
    D. WPA2-Enterprise

  • Question 27:

    A company's finance department acquired a new payment system that exports data to an unencrypted file on the system. The company implemented controls on the file so only appropriate personnel are allowed access. Which of the following risk techniques did the department use in this situation?

    A. Accept
    B. Avoid
    C. Transfer
    D. Mitigate

  • Question 28:

    The primary advantage of an organization creating and maintaining a vendor risk registry is to:

    A. define the risk assessment methodology.
    B. study a variety of risks and review the threat landscape.
    C. ensure that inventory of potential risk is maintained.
    D. ensure that all assets have low residual risk.

  • Question 29:

    A company is preparing to deploy a global service.

    Which of the following must the company do to ensure GDPR compliance? (Choose two.)

    A. Inform users regarding what data is stored.
    B. Provide opt-in/out for marketing messages.
    C. Provide data deletion capabilities.
    D. Provide optional data encryption.
    E. Grant data access to third parties.
    F. Provide alternative authentication techniques.

  • Question 30:

    A security administrator needs to implement an X.509 solution for multiple sites within the human resources department. This solution would need to secure all subdomains associated with the domain name of the main human resources web server. Which of the following would need to be implemented to properly secure the sites and provide easier private key management?

    A. Certificate revocation list
    B. Digital signature
    C. Wildcard certificate
    D. Registration authority
    E. Certificate pinning

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-004 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.