CAS-004 Exam Details

  • Exam Code
    :CAS-004
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :792 Q&As
  • Last Updated
    :Jul 09, 2026

CompTIA CAS-004 Online Questions & Answers

  • Question 731:

    A security engineer is reviewing metrics for a series of bug bounty reports. The engineer finds systematic cross-site scripting issues and unresolved previous findings. Which of the following is the best solution to address the issue?

    A. Implementing a third-party API management solution with input filtering
    B. Leveraging middleware to handle integrations in the application
    C. Introducing secure coding training focused on common issues
    D. Ensuring functional checks are performed in the software development pipeline
    E. Configuring a software composition analysis tool to look for issues

  • Question 732:

    A security administrator is setting up a virtualization solution that needs to run services from a single host. Each service should be the only one running in its environment. Each environment needs to have its own operating system as a base but share the kernel version and properties of the running host. Which of the following technologies would best meet these requirements?

    A. Containers
    B. Type 1 hypervisor
    C. Type 2 hypervisor
    D. Virtual desktop infrastructure
    E. Emulation

  • Question 733:

    An organization that develops military technology is considering expansion into a foreign country. The organization's owners want to understand the risks associated with such an expansion, and the organization does not want to fund an intensive assessment. Which of the following approaches should be taken?

    A. Penetration test
    B. Tabletop assessment
    C. Compliance assessment
    D. Configuration security test

  • Question 734:

    A security engineer has recently become aware of a Java application that processes critical information in real time on the company's network. The Java application was scanned with SAST prior to deployment, and all vulnerabilities have been mitigated. However, some known issues within the Java runtime environment cannot be resolved. Which of the following should the security engineer recommend to the developer in order to mitigate the issue with the LEAST amount of downtime?

    A. Perform software composition analysis on libraries from third parties.
    B. Run the application in a sandbox and perform penetration tests.
    C. Rewrite and compile the application in C++ and then reinstall it.
    D. Embed the current application into a virtual machine that runs on dedicated hardware.

  • Question 735:

    In support of disaster recovery objectives, a third party agreed to provide 99.999% uptime. Recently, a hardware failure impacted a firewall without service degradation. Which of the following resiliency concepts was most likely in place?

    A. Clustering
    B. High availability
    C. Redundancy
    D. Replication

  • Question 736:

    A security architect is reviewing the following proposed corporate firewall architecture and configuration:

    Both firewalls are stateful and provide Layer 7 filtering and routing. The company has the following requirements:

    1.Web servers must receive all updates via HTTP/S from the corporate network.

    2.Web servers should not initiate communication with the Internet.

    3.Web servers should only connect to preapproved corporate database servers.

    4.Employees' computing devices should only connect to web services over ports 80 and 443. Which of the following should the architect recommend to ensure all requirements are met in the MOST secure manner? (Choose two.)

    A. Add the following to Firewall_A: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0/0 TCP 80,443
    B. Add the following to Firewall_A: 15 PERMIT FROM 192.168.1.0/24 TO 0.0.0.0 TCP 80,443
    C. Add the following to Firewall_A: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0/0 TCP/UDP 0-65535
    D. Add the following to Firewall_B: 15 PERMIT FROM 0.0.0.0/0 TO 10.0.0.0/16 TCP/UDP 0-65535
    E. Add the following to Firewall_B: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0 TCP/UDP 0-65535
    F. Add the following to Firewall_B: 15 PERMIT FROM 192.168.1.0/24 TO 10.0.2.10/32 TCP 80,443

  • Question 737:

    A security analyst runs a vulnerability scan on a network administrator's workstation. The network administrator has direct administrative access to the company's SSO web portal. The vulnerability scan uncovers critical vulnerabilities with equally high CVSS scores for the user's browser, OS, email client, and an offline password manager. Which of the following should the security analyst patch FIRST?

    A. Email client
    B. Password manager
    C. Browser
    D. OS

  • Question 738:

    A security assessor identified an internet-facing web service API provider that was deemed vulnerable. Execution of testssl provided the following insight:

    Which of the following configuration changes would BEST mitigate chosen ciphertext attacks?

    A. Enable 3DES ciphers IDEA.
    B. Enable export ciphers.
    C. Enable PFS ciphers.
    D. Enable AEAD.

  • Question 739:

    A web application server is running a legacy operating system with an unpatched RCE (Remote Code Execution) vulnerability. The server cannot be upgraded until the corresponding application code is updated.

    Which of the following compensating controls would prevent successful exploitation?

    A. Segmentation
    B. CASB
    C. HIPS
    D. UEBA

  • Question 740:

    Which of the following is MOST likely to be included in a security services SLA with a third-party vendor?

    A. The standard of quality for anti-malware engines
    B. Parameters for applying critical patches
    C. The validity of program productions
    D. Minimum bit strength for encryption-in-transit.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-004 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.