CAS-004 Exam Details

  • Exam Code
    :CAS-004
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :792 Q&As
  • Last Updated
    :Jul 09, 2026

CompTIA CAS-004 Online Questions & Answers

  • Question 41:

    An auditor needs to scan documents at rest for sensitive text. These documents contain both text and Images. Which of the following software functionalities must be enabled in the DLP solution for the auditor to be able to fully read these documents? (Select TWO).

    A. Document interpolation
    B. Regular expression pattern matching
    C. Optical character recognition functionality
    D. Baseline image matching
    E. Advanced rasterization
    F. Watermarking

  • Question 42:

    While investigating a security event, an analyst finds evidence that a user opened an email attachment from an unknown source. Shortly after the user opened the attachment, a group of servers experienced a large amount of network and resource activity. Upon investigating the servers, the analyst discovers the servers were encrypted by ransomware that is demanding payment within 48 hours or all data will be destroyed. The company has no response plans for ransomware.

    Which of the following is the NEXT step the analyst should take after reporting the incident to the management team?

    A. Pay the ransom within 48 hours.
    B. Isolate the servers to prevent the spread.
    C. Notify law enforcement.
    D. Request that the affected servers be restored immediately.

  • Question 43:

    A significant weather event caused all systems to fail over to the disaster recovery site successfully. However, successful data replication has not occurred in the last six months, which has resulted in the service being unavailable. Which of the following would BEST prevent this scenario form happening again?

    A. Performing routine tabletop exercises
    B. Implementing scheduled, full interruption tests
    C. Backing up system log reviews
    D. Performing department disaster recovery walk-throughs

  • Question 44:

    After a security incident, a network security engineer discovers that a portion of the company's sensitive external traffic has been redirected through a secondary ISP that is not normally used. Which of the following would BEST secure the routes while allowing the network to function in the event of a single provider failure?

    A. Disable BGP and implement a single static route for each internal network.
    B. Implement a BGP route reflector.
    C. Implement an inbound BGP prefix list.
    D. Disable BGP and implement OSPF.

  • Question 45:

    A security analyst is participating in a risk assessment and is helping to calculate the exposure factor associated with various systems and processes within the organization. Which of the following resources would be most useful to calculate the exposure factor in this scenario?

    A. Gap analysis
    B. Business impact analysis
    C. Risk register
    D. Information security policy
    E. Lessons learned

  • Question 46:

    A security engineer is performing a vulnerability management scan on multihomed Linux systems. The engineer notices that the vulnerability count is high due to the fact that each vulnerability is multiplied by the number of NICs on each system.

    Which of the following should the engineer do to deduplicate the vulnerabilities and to associate the vulnerabilities with a particular host?

    A. Use a SCAP scanner.
    B. Deploy an agent.
    C. Initiate a discovery scan.
    D. Perform an Nmap scan.

  • Question 47:

    A security engineer needs to implement a solution to increase the security posture of user endpoints by providing more visibility and control over local administrator accounts. The endpoint security team is overwhelmed with alerts and wants a solution that has minimal operational burdens. Additionally, the solution must maintain a positive user experience after implementation.

    Which of the following is the BEST solution to meet these objectives?

    A. Implement Privileged Access Management (PAM), keep users in the local administrators group, and enable local administrator account monitoring.
    B. Implement PAM, remove users from the local administrators group, and prompt users for explicit approval when elevated privileges are required.
    C. Implement EDR, remove users from the local administrators group, and enable privilege escalation monitoring.
    D. Implement EDR, keep users in the local administrators group, and enable user behavior analytics.

  • Question 48:

    A cloud security architect has been tasked with finding a solution for hardening VMS. The solution must meet the following requirements:

    1.Data needs to be stored outside of the VMS.

    2.No unauthorized modifications to the VMS are allowed

    3.If a change needs to be done, a new VM needs to be deployed.

    Which of the following is the BEST solution?

    A. Immutable system
    B. Data loss prevention
    C. Storage area network
    D. Baseline template

  • Question 49:

    An IDS was unable to detect malicious network traffic during a recent security incident, even though all traffic was being sent using HTTPS. As a result, a website used by employees was compromised. Which of the following detection mechanisms would allow the IDS to detect an attack like this one in the future?

    A. Deobfuscation
    B. Protocol decoding
    C. Inspection proxy
    D. Digital rights management

  • Question 50:

    A network administrator for a completely air-gapped and closed system has noticed that anomalous external files have been uploaded to one of the critical servers. The administrator has reviewed logs in the SIEM that were collected from security appliances, network infrastructure devices, and endpoints. Which of the following processes, if executed, would be MOST likely to expose an attacker?

    A. Reviewing video from IP cameras within the facility
    B. Reconfiguring the SIEM connectors to collect data from the perimeter network hosts
    C. Implementing integrity checks on endpoint computing devices
    D. Looking for privileged credential reuse on the network

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-004 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.