1. Home
  2. CompTIA
  3. CAS-004

CompTIA CAS-004 Online Practice Questions and Exam Preparation

CAS-004 Exam Details

  • Exam Code
    :CAS-004
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :792 Q&As
  • Last Updated
    :May 28, 2026

CompTIA CAS-004 Online Questions & Answers

  • Question 711:

    A company wants to prevent a partner company from denying agreement to a transaction. Which of the following is the best solution for the company?

    A. Federation
    B. Key escrow
    C. Salting hashes
    D. Digital signatures

  • Question 712:

    A company's internet connection is commonly saturated during business hours, affecting internet availability. The company requires all Internet traffic to be business related After analyzing the traffic over a period of a few hours, the security administrator observes the following:

    The majority of the IP addresses associated with the TCP/SSL traffic resolve to CDNs

    Which of the following should the administrator recommend for the CDN traffic to meet the corporate security requirements?

    A. Block outbound SSL traffic to prevent data exfiltration.
    B. Confirm the use of the CDN by monitoring NetFlow data.
    C. Further investigate the traffic using a sanctioned MITM proxy.
    D. Implement an IPS to drop packets associated with the CDN.

  • Question 713:

    A security researcher has been given an executable that was captured by a honeypot. Which of the following should the security researcher implement to test the executable?

    A. OSINT
    B. SAST
    C. DAST
    D. OWASP

  • Question 714:

    A security analyst is reviewing a new IOC in which data is injected into an online process. The IOC shows the data injection could happen in the following ways:

    1.Five numerical digits followed by a dash, followed by four numerical digits; or

    2.Five numerical digits

    When one of these IOCs is identified, the online process stops working. Which of the following regular expressions should be implemented in the NIPS?

    A. ^\d{4}(-\d{5})?$
    B. ^\d{5}(-\d{4})?$
    C. ^\d{5-4}$
    D. ^\d{9}$

  • Question 715:

    A security analyst is comparing two virtual servers that were bum from the same image and patched at the same regular intervals Server A is used to host a public-facing website, and Server B runs accounting software inside the firewalled accounting network. The analyst runs the same command and obtains the following output from Server A and Server

    B. respectively:

    Which of the following will the analyst most likely use NEXT?

    A. Exploitation tools
    B. Hash cracking tools
    C. Malware analysis tools
    D. Log analysis tools

  • Question 716:

    An organization offers SaaS services through a public email and storage provider. To facilitate password resets, a simple online system is set up. During a routine check of the storage each month, a significant increase in use of storage can be seen. Which of the following techniques would remediate the attack?

    A. Including input sanitization to the logon page
    B. Configuring an account lockout policy
    C. Implementing a new password reset system
    D. Adding MFA to all accounts

  • Question 717:

    An organization thinks that its network has active, malicious activity on it. Which of the following capabilities would BEST help to expose the adversary?

    A. Installing a honeypot and other decoys
    B. Expanding SOC functions to include hunting
    C. Enumerating asset configurations
    D. Performing a penetration test

  • Question 718:

    An organization is deploying a new, online digital bank and needs to ensure availability and performance. The cloud-based architecture is deployed using PaaS and SaaS solutions, and it was designed with the following considerations:

    Protection from DoS attacks against its infrastructure and web applications is in place.

    Highly available and distributed DNS is implemented.

    Static content is cached in the CDN.

    A WAF is deployed inline and is in block mode.

    Multiple public clouds are utilized in an active-passive architecture.

    With the above controls in place, the bank is experiencing a slowdown on the unauthenticated payments page. Which of the following is the MOST likely cause?

    A. The public cloud provider is applying QoS to the inbound customer traffic.
    B. The API gateway endpoints are being directly targeted.
    C. The site is experiencing a brute-force credential attack.
    D. A DDoS attack is targeted at the CDN.

  • Question 719:

    A new web server must comply with new secure-by-design principles and PCI DSS. This includes mitigating the risk of an on-path attack. A security analyst is reviewing the following web server configuration:

    Which of the following ciphers should the security analyst remove to support the business requirements?

    A. TLS_AES_128_CCM_8_SHA256
    B. TLS_DHE_DSS_WITH_RC4_128_SHA
    C. TLS_CHACHA20_POLY1305_SHA256
    D. TLS_AES_128_GCM_SHA256

  • Question 720:

    DRAG DROP

    A security consultant is considering authentication options for a financial institution. The following authentication options are available security mechanism to the appropriate use case. Options may be used once.

    Select and Place:

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-004 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.