CAS-004 Exam Details

  • Exam Code
    :CAS-004
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :792 Q&As
  • Last Updated
    :Jul 09, 2026

CompTIA CAS-004 Online Questions & Answers

  • Question 61:

    An organization is implementing a new identity and access management architecture with the following objectives:

    1.Supporting MFA against on-premises infrastructure

    2.Improving the user experience by integrating with SaaS applications

    3.Applying risk-based policies based on location

    4.Performing just-in-time provisioning

    Which of the following authentication protocols should the organization implement to support these requirements?

    A. Kerberos and TACACS
    B. SAML and RADIUS
    C. OAuth and OpenID
    D. OTP and 802.1X

  • Question 62:

    An architectural firm is working with its security team to ensure that any draft images that are leaked to the public can be traced back to a specific external party. Which of the following would BEST accomplish this goal?

    A. Properly configure a secure file transfer system to ensure file integrity.
    B. Have the external parties sign non-disclosure agreements before sending any images.
    C. Only share images with external parties that have worked with the firm previously.
    D. Utilize watermarks in the images that are specific to each external party.

  • Question 63:

    A security architect needs to implement a CASB solution for an organization with a highly distributed remote workforce. One Of the requirements for the implementation includes the capability to discover SaaS applications and block access to those that are unapproved or identified as risky. Which of the following would BEST achieve this objective?

    A. Deploy endpoint agents that monitor local web traffic to enforce DLP and encryption policies.
    B. Implement cloud infrastructure to proxy all user web traffic to enforce DI-P and encryption policies.
    C. Implement cloud infrastructure to proxy all user web traffic and control access according to centralized policy.
    D. Deploy endpoint agents that monitor local web traffic and control access according to centralized policy.

  • Question 64:

    A facilities manager requests approval to deploy a new key management system that integrates with logical network access controls to provide conditional access. The security analyst who is assessing the risk has no experience with the category of products.

    Which of the following is the FIRST step the analyst should take to begin the research?

    A. Seek documented industry best practices.
    B. Review the preferred vendor's white papers.
    C. Compare the product function to relevant RFCs
    D. Execute a non-disclosure agreement with the vendor

  • Question 65:

    A software developer must choose encryption algorithms to secure two parts of a mobile application. Given the following part descriptions and requirements:

    The first part of the application is used to transfer large files and must support file parts with transfer start/stop/resume. This part requires strong file encryption. The second part of the application uses a bit stream to continuously authenticate

    both ends of the connection. This part must implement confidentiality for the stream.

    Which of the following encryption algorithms should the developer implement in the code to support both parts of the application? (Select two).

    A. P384
    B. ECDSA
    C. RC5
    D. ChaCha20
    E. bcrypt
    F. RIPEMD

  • Question 66:

    A hospital has fallen behind with patching known vulnerabilities due to concerns that patches may cause disruptions in the availability of data and impact patient care. The hospital does not have a tracking solution in place to audit whether systems have been updated or to track the length of time between notification of the weakness and patch completion Since tracking is not in place the hospital lacks accountability with regard to who is responsible for these activities and the timeline of patching efforts. Which of the following should the hospital do first to mitigate this risk?

    A. Complete a vulnerability analysis
    B. Obtain guidance from the health ISAC
    C. Purchase a ticketing system for auditing efforts
    D. Ensure CVEs are current
    E. Train administrators on why patching is important

  • Question 67:

    The findings from a recent penetration test report indicate a systematic issue related to cross-site scripting (XSS). A security engineer would like to prevent this type of issue for future reports.

    Which of the following mitigation strategies should the engineer use to best resolve the issue?

    A. Implement static analysis with blocking capabilities in the CI/CD system.
    B. Request resources to develop a secure library to address encoding issues.
    C. Leverage an API management system to filter information.
    D. Configure a DAST tool for all applications.
    E. Require all developers to take secure coding training that focuses on OWASP principles.

  • Question 68:

    A security analyst detected a malicious PowerShell attack on a single server. The malware used the Invoke-Expression function to execute an external malicious script. The security analyst scanned the disk with an antivirus application and did not find any IOCs. The security analyst now needs to deploy a protection solution against this type of malware.

    Which of the following BEST describes the type of malware the solution should protect against?

    A. Worm
    B. Logic bomb
    C. Fileless
    D. Rootkit

  • Question 69:

    A security analyst is reviewing the following output from a vulnerability scan of an organization's internet-facing web services:

    1. Line 06: Hostname sent via SNI does not match certificate.

    2. Line 10: Certificate not validated by OCSP.

    3. Line 13: Weak SHA-1 signature algorithm detected.

    4. Line 17: TLS 1.2 cipher suite negotiated.

    5. Line 18: SSL session not using forward secrecy.

    Which of the following indicates a susceptibility whereby an attacker can take advantage of the trust relationship between the client and the server?

    A. Line 06
    B. Line 10
    C. Line 13
    D. Line 18

  • Question 70:

    During a recent security incident investigation, a security analyst mistakenly turned off the infected machine prior to consulting with a forensic analyst. Upon rebooting the machine, a malicious script that was running as a background process was no longer present. As a result, potentially useful evidence was lost. Which of the following should the security analyst have followed?

    A. Order of volatility
    B. Chain of custody
    C. Verification
    D. Secure storage

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-004 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.