1. Home
  2. CompTIA
  3. CAS-004

CompTIA CAS-004 Online Practice Questions and Exam Preparation

CAS-004 Exam Details

  • Exam Code
    :CAS-004
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :792 Q&As
  • Last Updated
    :May 28, 2026

CompTIA CAS-004 Online Questions & Answers

  • Question 481:

    A security engineer estimates the company's popular web application experiences 100 attempted breaches per day. In the past four years, the company's data has been breached two times. Which of the following should the engineer report as the ARO for successful breaches?

    A. 0.5
    B. 8
    C. 50
    D. 36,500

  • Question 482:

    A security analyst is investigating a series of suspicious emails by employees to the security team. The email appear to come from a current business partner and do not contain images or URLs. No images or URLs were stripped from the message by the security tools the company uses instead, the emails only include the following in plain text.

    Which of the following should the security analyst perform?

    A. Contact the security department at the business partner and alert them to the email event.
    B. Block the IP address for the business partner at the perimeter firewall.
    C. Pull the devices of the affected employees from the network in case they are infected with a zero-day virus.
    D. Configure the email gateway to automatically quarantine all messages originating from the business partner.

  • Question 483:

    An employee in the accounting department created a potential security incident by emailing an internal spreadsheet to an external email address. The spreadsheet contained thousands of payment card numbers. A security administrator queried the following filter log and filter policy settings:

    Outbound filter log information for the email:

    Outbound filter policy settings:

    Which of the following would best prevent this scenario from reoccurring without causing disruptions to normal business operations?

    A. Add "Sensitive" data classification tags to all files that include matches to the payment card number format.
    B. Change the Filter action for Card_Data_Policy from Allow to Quarantine.
    C. Add the Filter actions Block and Notify to the Confidential_Policy.
    D. Change the Filter action for all Attachment_Policy from Allow to Block.
    E. Change the Filter action for Personal_Email_Policy from Quarantine to Block.
    F. Configure the Monitor action to send automated alerts to the sender's immediate supervisor.

  • Question 484:

    A company recently deployed new servers to create an additional cluster to support a new application. The corporate security policy states that all new servers must be resilient. The new cluster has a high-availability configuration for a smooth failover. The failover was successful following a recent power outage, but both clusters lost critical data, which impacted recovery time. Which of the following needs to be configured to help ensure minimal delays when power outages occur in the future?

    A. Replication
    B. Caching
    C. Containerization
    D. Redundancy
    E. High availability

  • Question 485:

    A company has hired a security architect to address several service outages on the endpoints due to new malware. The Chief Executive Officer's laptop was impacted while working from home. The goal is to prevent further endpoint disruption. The edge network is protected by a web proxy.

    Which of the following solutions should the security architect recommend?

    A. Replace the current antivirus with an EDR solution.
    B. Remove the web proxy and install a UTM appliance.
    C. Implement a deny list feature on the endpoints.
    D. Add a firewall module on the current antivirus solution.

  • Question 486:

    A security analyst sees that a hacker has discovered some keys and they are being made available on a public website. The security analyst is then able to successfully decrypt the data using the keys from the website. Which of the following should the security analyst recommend to protect the affected data?

    A. Key rotation
    B. Key revocation
    C. Key escrow
    D. Zeroization
    E. Cryptographic obfuscation

  • Question 487:

    A security analyst is reviewing the following vulnerability assessment report:

    Which of the following should be patched FIRST to minimize attacks against Internet-facing hosts?

    A. Server1
    B. Server2
    C. Server 3
    D. Servers

  • Question 488:

    A company is developing an application that will be used to perform e-commerce transactions for a subscription-based service. The application must be able to use previously saved payment methods to perform recurring transactions.

    Which of the following is the most appropriate?

    A. Tokenization through an HSM
    B. Self-encrypting disks with field-level encryption
    C. NX/XN implementation to minimize data retention
    D. Token-based access for application users
    E. Address space layout randomization

  • Question 489:

    Some end users of an e-commerce website are reporting a delay when browsing pages. The website uses TLS 1.2. A security architect for the website troubleshoots by connecting from home to the website and capturing traffic via Wireshark. The security architect finds that the issue is the time required to validate the certificate. Which of the following solutions should the security architect recommend?

    A. Adding more nodes to the web server clusters
    B. Changing the cipher algorithm used on the web server
    C. Implementing OCSP stapling on the server
    D. Upgrading to TLS 1.3

  • Question 490:

    A security analyst identified a vulnerable and deprecated runtime engine that is supporting a public-facing banking application. The developers anticipate the transition to modern development environments will take at least a month. Which of the following controls would best mitigate the risk without interrupting the service during the transition?

    A. Shutting down the systems until the code is ready
    B. Uninstalling the impacted runtime engine
    C. Selectively blocking traffic on the affected port
    D. Configuring IPS and WAF with signatures

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-004 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.