CompTIA CAS-004 Online Practice
Questions and Exam Preparation
CAS-004 Exam Details
Exam Code
:CAS-004
Exam Name
:CompTIA Advanced Security Practitioner (CASP+)
Certification
:CompTIA Certifications
Vendor
:CompTIA
Total Questions
:792 Q&As
Last Updated
:May 28, 2026
CompTIA CAS-004 Online Questions &
Answers
Question 311:
Which of the following describes how a risk assessment is performed when an organization has a critical vendor that provides multiple products?
A. At the individual product level B. Through the selection of a random product C. Using a third-party audit report D. By choosing a major product
A. At the individual product level
Explanation
When conducting a risk assessment for a vendor that provides multiple products, it is important to perform the assessment at the individual product level. Each product might have different risk factors, security requirements, and vulnerabilities, so assessing each one ensures a comprehensive understanding of the risks involved. Assessing randomly or only major products could leave gaps in understanding the risks for smaller but still critical products. CASP+ emphasizes that risk assessments should be detailed and product-specific for a thorough evaluation.
References:
CASP+ CAS-004 Exam Objectives: Domain 1.0
Risk Management (Vendor and Product Risk Assessments)
CompTIA CASP+ Study Guide: Vendor Risk Management
Question 312:
Which of the following technologies would need to be in an unmanaged state to perform forensic analysis on a laptop with an unknown encryption key?
A. FIM B. ECC C. FTK D. TPM
D. TPM
Explanation
"The Trusted Platform Module (TPM) securely stores the cryptographic keys used for full-disk encryption. In a managed state, the TPM will automatically release the key when system integrity measurements pass, decrypting the disk without user input. To perform true forensic analysis on an encrypted volume when the actual key is not known, the TPM must be taken out of its managed (active) mode so that it cannot auto-unlock the drive. This 'unmanaged' state prevents transparent decryption and allows the forensic examiner to employ cold-boot, memory-dump, or other advanced techniques to extract or brute-force the key material."
CompTIA CASP+ Official Study Guide, Third Edition, Chapter 7: Forensics and Incident Response, pp. 478-479. Discuss disk encryption and hardware root-of-trust devices, such as TPM. Highlight that, for forensic capture on encrypted endpoints, the TPM must be disabled or set to an unmanaged state so that full-disk encryption keys are not automatically provisioned.
CompTIA CASP+ CAS-004 Exam Objectives (v7.1), Section 5.2: Forensic Analysis Techniques, p. 33. By disabling or putting the TPM into an unmanaged state, the forensic process will not benefit from automatic key release, thereby preserving the encrypted volume's integrity for offline analysis.
References:
CompTIA CASP+ Official Study Guide, Third Edition, Chapter 7: Forensics and Incident Response, pp. 478-479
In order to save money, a company has moved its data to the cloud with a low-cost provider. The company did not perform a security review prior to the move; however, the company requires all of its data to be stored within the country where the headquarters is located. A new employee on the security team has been asked to evaluate the current provider against the most important requirements. The current cloud provider that the company is using offers:
1.Only multitenant cloud hosting
2.Minimal physical security
3.Few access controls
4.No access to the data center
The following information has been uncovered:
1.The company is located in a known floodplain. which flooded last year.
2.Government regulations require data to be stored within the country.
Which of the following should be addressed FIRST?
A. Update the disaster recovery plan to account for natural disasters. B. Establish a new memorandum of understanding with the cloud provider. C. Establish a new service-level agreement with the cloud provider. D. Provision services according to the appropriate legal requirements.
D. Provision services according to the appropriate legal requirements.
Explanation
Given that the company requires all its data to be stored within the country and the provider offers only multitenant cloud hosting with minimal security measures, the first step should be to ensure that the data storage complies with legal requirements. This is particularly important because government regulations require data to be stored domestically, which is a legal requirement that takes precedence over other considerations.
Question 314:
When implementing serverless computing, an organization must still account for:
A. the underlying computing network infrastructure. B. hardware compatibility. C. the security of its data. D. patching the service.
C. the security of its data.
Explanation
Question 315:
To save time, a company that is developing a new VPN solution has decided to use the OpenSSL library within its proprietary software. Which of the following should the company consider to maximize risk reduction from vulnerabilities introduced by OpenSSL?
A. Include stable, long-term releases of third-party libraries instead of using newer versions. B. Ensure the third-party library implements the TLS and disable weak ciphers. C. Compile third-party libraries into the main code statically instead of using dynamic loading. D. Implement an ongoing, third-party software and library review and regression testing.
D. Implement an ongoing, third-party software and library review and regression testing.
Explanation
Question 316:
A penetration tester obtained root access on a Windows server and, according to the rules of engagement, is permitted to perform post-exploitation for persistence. Which of the following techniques would BEST support this?
A. Configuring systemd services to run automatically at startup B. Creating a backdoor C. Exploiting an arbitrary code execution exploit D. Moving laterally to a more authoritative server/service
B. Creating a backdoor
Explanation
Question 317:
A security consultant is designing an infrastructure security solution for a client company that has provided the following requirements:
1. Access to critical web services at the edge must be redundant and highly available.
2. Secure access services must be resilient to a proprietary zero-day vulnerability in a single component.
3. Automated transition of secure access solutions must be able to be triggered by defined events or manually by security operations staff.
Which of the following solutions BEST meets these requirements?
A. Implementation of multiple IPSec VPN solutions with diverse endpoint configurations enabling user optionality in the selection of a remote access provider. B. Remote access services deployed using vendor-diverse redundancy with event response driven by playbooks. C. Two separate secure access solutions orchestrated by SOAR with components provided by the same vendor for compatibility. D. Reverse TLS proxy configuration using OpenVPN/OpenSSL with scripted failover functionality that connects critical web services out to endpoint computers.
B. Remote access services deployed using vendor-diverse redundancy with event response driven by playbooks.
Explanation
Access Redundancy and High Availability: The use of vendor-diverse redundancy ensures that even if one vendor's solution experiences an outage, the other can continue to provide access to critical web services. This helps achieve redundancy and high availability.
Resilience to Proprietary Zero-Day Vulnerability: By using diverse vendors, the risk of a zero-day vulnerability affecting both solutions simultaneously is reduced. Additionally, playbooks can be created to respond to events, including the detection of vulnerabilities. This allows for a quick transition to the alternative solution if a vulnerability is detected.
Automated Transition and Manual Triggering: Playbooks provide the automation required to trigger transitions in response to defined events. Additionally, they can be manually triggered by security operations staff when necessary.
Question 318:
A company wants to improve the security of its web applications that are running on in-house servers. A risk assessment has been performed, and the following capabilities are desired:
1.Terminate SSL connections at a central location
2.Manage both authentication and authorization for incoming and outgoing web service calls
3.Advertise the web service API
4.Implement DLP and anti-malware features
Which of the following technologies will be the BEST option?
A. WAF B. XML gateway C. ESB gateway D. API gateway
D. API gateway
Explanation
An API gateway is a device or software that acts as an intermediary between clients and servers that provide web services through application programming interfaces (APIs). An API gateway can provide various functions such as: Terminating SSL connections at a central location, reducing the overhead on the backend servers and simplifying certificate management Managing both authentication and authorization for incoming and outgoing web service calls, enforcing security policies and access control Advertising the web service API, providing documentation and discovery features for developers and consumers Implementing DLP and anti-malware features, preventing data leakage and malicious code injection A web application firewall (WAF) is a device or software that filters and blocks malicious web traffic from reaching an application. A WAF can provide some protection for web services, but it does not provide all the functions of an API gateway. An XML gateway is a device or software that validates, transforms, and routes XML messages between clients and servers that provide web services. An XML gateway can provide some functions of an API gateway, but it is limited to XML-based web services and does not support other formats such as JSON. An enterprise service bus (ESB) gateway is a device or software that integrates and orchestrates multiple web services into a single service or application. An ESB gateway can provide some functions of an API gateway, but it is more focused on business logic and workflow rather than security and performance.
References: [CompTIA Advanced Security Practitioner (CASP+) Certification Exam Objectives], Domain 2: Enterprise Security Architecture, Objective 2.3: Implement solutions for the secure use of cloud services
Question 319:
An IT director is working on a solution to meet the challenge of remotely managing laptop devices and securely locking them down. The solution must meet the following requirements:
1.Cut down on patch management.
2.Make use of standard configurations.
3.Allow for custom resource configurations.
4.Provide access to the enterprise system from multiple types of devices.
Which of the following would meet these requirements?
A. MDM B. Emulator C. Hosted hypervisor D. VDI
D. VDI
Explanation
Cut down on patch management: With VDI, the virtual desktops are managed centrally. Patches and updates can be applied to the master image, which then gets propagated to all virtual desktops. This significantly reduces the complexity and workload of patch management. Standard configurations: VDI allows for the deployment of standardized desktop images, ensuring consistency across all user desktops. Allow for custom resource configurations: VDI can be configured to allocate different levels of resources (CPU, memory, storage) based on the needs of different users or groups. Provide access to the enterprise system from multiple types of devices: Users can access their virtual desktops from various devices, including laptops, tablets, and smartphones, as long as they have a network connection.
Question 320:
A security analyst discovered that the company's WAF was not properly configured. The main web server was breached, and the following payload was found in one of the malicious requests:
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your CAS-004 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.