CompTIA CAS-004 Online Practice
Questions and Exam Preparation
CAS-004 Exam Details
Exam Code
:CAS-004
Exam Name
:CompTIA Advanced Security Practitioner (CASP+)
Certification
:CompTIA Certifications
Vendor
:CompTIA
Total Questions
:792 Q&As
Last Updated
:May 28, 2026
CompTIA CAS-004 Online Questions &
Answers
Question 351:
A network engineer is concerned about hosting web, SFTP. and email services in a single DMZ that is hosted in the same security zone This could potentially allow lateral movement within the environment. Which of the following should the engineer implement to mitigate the risk?
A. Put all the services on a single host to reduce the number of servers. B. Create separate security zones for each service and use ACLs for segmentation. C. Keep the web server in the DMZ and move the other server services to the internal network. D. Deploy a switch and create VLANs for each service.
B. Create separate security zones for each service and use ACLs for segmentation.
Explanation
Question 352:
After establishing coding standards and integrating software assurance tools into CI/CD pipelines, an architect continues to find too many different coding styles throughout the team.
Which of the following additional measures can the architect take to help improve consistency?
A. Establish a chain of custody to govern code quality. B. Create and proliferate framework code. C. Require two-person integrity for code commits. D. Enhance the monitoring of code coverage for unit testing.
B. Create and proliferate framework code.
Explanation
Framework code provides a standardized structure and set of conventions that all team members can follow, ensuring consistency in coding styles across the development team.
Option A (Chain of custody): This relates to tracking and managing code changes for accountability, not standardizing coding styles.
Option C (Two-person integrity): Ensures review and approval for code changes but does not enforce uniform coding styles.
Option D (Code coverage for unit testing): Focuses on test quality rather than addressing inconsistent coding styles.
References:
CompTIA CASP+ Exam Objective 3.3: Apply software development security best practices. CASP+ Study Guide, 5th Edition, Chapter 8, Secure Software Development.
Question 353:
A bank hired a security architect to improve its security measures against the latest threats. The solution must meet the following requirements:
1.Recognize and block fake websites.
2.Decrypt and scan encrypted traffic on standard and non-standard ports.
3.Use multiple engines for detection and prevention.
4.Have central reporting.
Which of the following is the BEST solution the security architect can propose?
A. CASB B. Web filtering C. NGFW D. EDR
C. NGFW
Explanation
While other options like CASB (Cloud Access Security Broker), Web Filtering, and EDR (Endpoint Detection and Response) have their strengths in specific areas of security, a Next-Generation Firewall (NGFW) is a comprehensive solution that aligns well with the listed requirements. NGFWs are known for their versatility in handling various security functionalities, making them a suitable choice for enhancing overall security posture by offering advanced threat detection, content inspection, and centralized management capabilities.
Question 354:
When a remote employee traveled overseas, the employee's laptop and several mobile devices with proprietary tools were stolen. The security team requires technical controls be in place to ensure no electronic data is compromised or changed. Which of the following BEST meets this requirement?
A. Mobile device management with remote wipe capabilities B. Passwordless smart card authorization with biometrics C. Next-generation endpoint detection and response agent D. Full disk encryption with centralized key management
D. Full disk encryption with centralized key management
Explanation
Question 355:
A security engineer is assessing the security controls of loT systems that are no longer supported for updates and patching. Which of the following is the best mitigation for defending these loT systems?
A. Disable administrator accounts B. Enable SELinux C. Enforce network segmentation D. Assign static IP addresses
C. Enforce network segmentation
Explanation
Network segmentation is a method to isolate environments from one another, thus limiting the scope of a potential attack. For IoT systems that cannot be updated or patched, network segmentation is the best mitigation technique. It would contain any compromise to the segmented network and prevent it from affecting the rest of the network infrastructure.
Question 356:
A security analyst is designing a touch screen device so users can gain entry into a locked room by touching buttons numbered zero through nine in a specific numerical sequence. The analyst designs the keypad so that the numbers are randomly presented to the user each time the device is used. Which of the following best describes the design trade-offs? (Select two.)
A. The risk of someone overseeing a pattern as a user enters the numbers is decreased. B. The routines to generate the random sequences are trivial to implement. C. This design makes entering numbers more difficult for users. D. The device needs to have additional power to compute the numbers. E. End users will have a more difficult time remembering the access numbers. F. Weak or easily guessed access numbers are more likely.
A. The risk of someone overseeing a pattern as a user enters the numbers is decreased. C. This design makes entering numbers more difficult for users.
Explanation
A: Randomizing the keypad reduces the risk of shoulder-surfing attacks by eliminating predictable patterns.
C: Randomization increases the cognitive load on users, making it harder to input numbers quickly.
D: Additional computational power is minimal and not typically a trade-off.
E and F: Remembering access numbers or weak passwords are unrelated to keypad randomization.
CASP+ Exam Objectives 3.4 ?Evaluate usability and security trade-offs in design.
Question 357:
A cloud engineer is tasked with improving the responsiveness and security of a company's cloud-based web application. The company is concerned that international users will experience increased latency.
Which of the following is the BEST technology to mitigate this concern?
A. Caching B. Containerization C. Content delivery network D. Clustering
C. Content delivery network
Explanation
Content Delivery Network (CDN) is an example of implementing horizontal scalability. CDNs leverage the global footprint of cloud platforms by distributing and replicating the components of any service, such as web apps, media, and storage, across all the key service areas needing access to the content. This approach allows for the fastest delivery of content to local regions and provides unmatched scalability and performance. Typically, CDN Edge Servers are placed at the Internet Exchange Points (IXP) between different networks. The CDN Servers handle traffic originating in each network and communicate back to the Origin Server. CDN architecture improves website load times; improves availability and redundancy; reduces costs by limiting the amount of content delivered directly by an origin server; and improves website security by mitigating DDoS attacks, distributing digital certificates, and facilitating the use of specialized encryption hardware.
Question 358:
A company recently acquired a SaaS company and performed a gap analysis. The results of the gap analysis indicate security controls are absent throughout the SDLC and have led to several vulnerable production releases.
Which of the following security tools best reduces the risk of vulnerable code being pushed to production in the future?
A. Static application security testing B. Regression testing C. Code signing D. Sandboxing
A. Static application security testing
Question 359:
An engineer has had scaling issues with a web application hosted on premises and would like to move to a serverless architecture. Which of the following cloud benefits would be best to utilize for this project?
A. Cost savings for hosting B. Automation of resource provisioning C. Providing geo-redundant hosting D. Eliminating need to patch
B. Automation of resource provisioning
Explanation
Question 360:
During a vendor assessment, an analyst reviews a listing of the complementary user entity controls included in the audit report.
Which of the following is the most important aspect to consider when reviewing this list with the security team?
A. How the organization will implement and monitor the user entity controls B. How the CSP performs the controls on behalf of the user entity C. How the organization should monitor the CSP's execution of the user entity controls D. How the user entity will audit the CSP's implementation of the user entity controls
A. How the organization will implement and monitor the user entity controls
Explanation
User entity controls are responsibilities that must be implemented by the organization, so determining how to implement and monitor them is critical. Monitoring the CSP or auditing their implementation pertains to the CSP's responsibilities, not complementary user entity controls.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your CAS-004 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.