1. Home
  2. CompTIA
  3. CAS-004

CompTIA CAS-004 Online Practice Questions and Exam Preparation

CAS-004 Exam Details

  • Exam Code
    :CAS-004
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :792 Q&As
  • Last Updated
    :May 28, 2026

CompTIA CAS-004 Online Questions & Answers

  • Question 631:

    A company wants to quantify and communicate the effectiveness of its security controls but must establish measures. Which of the following is MOST likely to be included in an effective assessment roadmap for these controls?

    A. Create a change management process.
    B. Establish key performance indicators.
    C. Create an integrated master schedule.
    D. Develop a communication plan.
    E. Perform a security control assessment.

  • Question 632:

    A penetration tester is trying to gain access to a building after hours as part of a physical assessment of an office complex. The tester notes that each employee touches a badge near a small black box outside the side door, and the door unlocks. The tester uses a software-defined radio tool to determine a 125kHz signal is used during this process. Which of the following technical solutions would be BEST to help the penetration tester gain access to the building?

    A. Generate a 125kHz tone.
    B. Compromise the ICS/SCADA system.
    C. Utilize an RFID duplicator.
    D. Obtain a lock pick set.

  • Question 633:

    A security engineer receives reports through the organization's bug bounty program about remote code execution in a specific component in a custom application. Management wants to properly secure the component and proactively avoid similar issues.

    Which of the following is the best approach to uncover additional vulnerable paths in the application?

    A. Implement fuzz testing focused on the component and inputs uncovered by the bug bounty program.
    B. Leverage a software composition analysis tool to find all known vulnerabilities in dependencies.
    C. Use a vulnerability scanner to perform multiple types of network scans to look for vulnerabilities.
    D. Utilize a network traffic analyzer to find malicious packet combinations that lead to remote code execution.
    E. Run an exploit framework with all payloads against the application to see if it is able to gain access.

  • Question 634:

    Which of the following is the best way to protect the website browsing history for an executive who travels to foreign countries where internet usage is closely monitored?

    A. DoH
    B. EAP-TLS
    C. Geofencing
    D. Private browsing mode

  • Question 635:

    A security engineer performed an assessment on a recently deployed web application. The engineer was able to exfiltrate a company report by visiting the following URL:

    www.intranet.abc.com/get-files.jsp?file=report.pdf

    Which of the following mitigation techniques would be BEST for the security engineer to recommend?

    A. Input validation
    B. Firewall
    C. WAF
    D. DLP

  • Question 636:

    A company in the financial sector receives a substantial number of customer transaction requests via email. While doing a root-cause analysis conceding a security breach, the CIRT correlates an unusual spike in port 80 traffic from the IP address of a desktop used by a customer relations employee who has access to several of the compromised accounts. Subsequent antivirus scans of the device do not return an findings, but the CIRT finds undocumented services running on the device.

    Which of the following controls would reduce the discovery time for similar in the future.

    A. Implementing application blacklisting
    B. Configuring the mall to quarantine incoming attachment automatically
    C. Deploying host-based firewalls and shipping the logs to the SIEM
    D. Increasing the cadence for antivirus DAT updates to twice daily

  • Question 637:

    In preparation for the holiday season, a company redesigned the system that manages retail sales and moved it to a cloud service provider. The new infrastructure did not meet the company's availability requirements. During a postmortem analysis, the following issues were highlighted:

    1.International users reported latency when images on the web page were initially loading.

    2.During times of report processing, users reported issues with inventory when attempting to place orders.

    3.Despite the fact that ten new API servers were added, the load across servers was heavy at peak times.

    Which of the following infrastructure design changes would be BEST for the organization to implement to avoid these issues in the future?

    A. Serve static content via distributed CDNs, create a read replica of the central database and pull reports from there, and auto-scale API servers based on performance.
    B. Increase the bandwidth for the server that delivers images, use a CDN, change the database to a non-relational database, and split the ten API servers across two load balancers.
    C. Serve images from an object storage bucket with infrequent read times, replicate the database across different regions, and dynamically create API servers based on load.
    D. Serve static-content object storage across different regions, increase the instance size on the managed relational database, and distribute the ten API servers across multiple regions.

  • Question 638:

    A company's Chief Information Security Officer is concerned that the company's proposed move to the cloud could lead to a lack of visibility into network traffic flow logs within the VPC. Which of the following compensating controls would be BEST to implement in this situation?

    A. EDR
    B. SIEM
    C. HIDS
    D. UEBA

  • Question 639:

    A large number of emails have been reported, and a security analyst is reviewing the following information from the emails:

    As part of the image process, which of the following is the FIRST step the analyst should take?

    A. Block the email address carl b@comptia1 com, as it is sending spam to subject matter experts
    B. Validate the final "Received" header against the DNS entry of the domain.
    C. Compare the 'Return-Path" and "Received" fields.
    D. Ignore the emails, as SPF validation is successful, and it is a false positive

  • Question 640:

    A software assurance analyst reviews an SSH daemon's source code and sees the following:

    Based on this code snippet, which of the following attacks is MOST likely to succeed?

    A. Race condition
    B. Cross-site scripting
    C. Integer overflow
    D. Driver shimming

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-004 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.