CAS-004 Exam Details

  • Exam Code
    :CAS-004
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :792 Q&As
  • Last Updated
    :Jul 09, 2026

CompTIA CAS-004 Online Questions & Answers

  • Question 741:

    A software developer was just informed by the security team that the company's product has several vulnerabilities. Most of these vulnerabilities were traced to code the developer did not write. The developer does not recognize some of the code, as it was in the software before the developer started on the program and is not tracked for licensing purposes. Which of the following would the developer MOST likely do to mitigate the risks and prevent further issues like these from occurring?

    A. Perform supply chain analysis and require third-party suppliers to implement vulnerability management programs.
    B. Perform software composition analysis and remediate vulnerabilities found in the software.
    C. Perform reverse engineering on the code and rewrite the code in a more secure manner.
    D. Perform fuzz testing and implement DAST in the code repositories to find vulnerabilities prior to deployment.

  • Question 742:

    A Chief Information Officer (CIO) wants to implement a cloud solution that will satisfy the following requirements:

    1.Support all phases of the SDLC.

    2.Use tailored website portal software.

    3.Allow the company to build and use its own gateway software.

    4.Utilize its own data management platform.

    5.Continue using agent-based security tools.

    Which of the following cloud-computing models should the CIO implement?

    A. SaaS
    B. PaaS
    C. MaaS
    D. IaaS

  • Question 743:

    An attacker infiltrated the code base of a hardware manufacturer and inserted malware before the code was compiled. The malicious code is now running at the hardware level across a number of industries and sectors.

    Which of the following categories BEST describes this type of vendor risk?

    A. SDLC attack
    B. Side-load attack
    C. Remote code signing
    D. Supply chain attack

  • Question 744:

    A security analyst is investigating unapproved cloud services that are being used in the organization. Which of the following would best allow for discovery of shadow IT?

    A. Monitoring for sign-up emails of cloud services
    B. Centralizing WAF deployment in the data center
    C. Setting up a reverse proxy and web filtering software
    D. Performing attack surface analysis

  • Question 745:

    Due to adverse events, a medium-sized corporation suffered a major operational disruption that caused its servers to crash and experience a major power outage. Which of the following should be created to prevent this type of issue in the future?

    A. SLA
    B. BIA
    C. BCM
    D. BCP
    E. RTO

  • Question 746:

    The email administrator must reduce the number of phishing emails by utilizing more appropriate security controls. The following configurations already are in place:

    1.Keyword blocking based on word lists

    2.URL rewnting and protection

    3.Stopping executable files from messages

    Which of the following is the BEST configuration change for the administrator to make?

    A. Configure more robust word lists for blocking suspicious emails
    B. Configure appropriate regular expression rules per suspicious email received
    C. Configure Bayesian filtering to block suspicious inbound email
    D. Configure the mail gateway to strip any attachments.

  • Question 747:

    An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are confirmed, and clients are reporting the following:

    ERR_SSL_VERSION_OR_CIPHER_MISMATCH

    Which of the following is MOST likely the root cause?

    A. The client application is testing PFS.
    B. The client application is configured to use ECDHE.
    C. The client application is configured to use RC4.
    D. The client application is configured to use AES-256 in GCM.

  • Question 748:

    A security engineer is assessing a legacy server and needs to determine if FTP is running and on which port. The service cannot be turned off, as it would impact a critical application's ability to function. Which of the following commands would provide the information necessary to create a firewall rule to prevent that service from being exploited?

    A. service --status-all | grep ftpd
    B. chkconfig --list
    C. netstat --tulpn
    D. systemctl list-unit-file --type service ftpd
    E. service ftpd status

  • Question 749:

    The Chief information Officer (CIO) of a large bank, which uses multiple third-party organizations to deliver a service, is concerned about the handling and security of customer data by the parties.

    Which of the following should be implemented to BEST manage the risk?

    A. Establish a review committee that assesses the importance of suppliers and ranks them according to contract renewals. At the time of contract renewal, incorporate designs and operational controls into the contracts and a right-to-audit clause. Regularly assess the supplier's post-contract renewal with a dedicated risk management team.
    B. Establish a team using members from first line risk, the business unit, and vendor management to assess only design security controls of all suppliers. Store findings from the reviews in a database for all other business units and risk teams to reference.
    C. Establish an audit program that regularly reviews all suppliers regardless of the data they access, how they access the data, and the type of data, Review all design and operational controls based on best practice standard and report the finding back to upper management.
    D. Establish a governance program that rates suppliers based on their access to data, the type of data, and how they access the data Assign key controls that are reviewed and managed based on the supplier's rating. Report finding units that rely on the suppliers and the various risk teams.

  • Question 750:

    Which of the following is a risk associated with SDN?

    A. Expanded attack surface
    B. Increased hardware management costs
    C. Reduced visibility of scaling capabilities
    D. New firmware vulnerabilities

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-004 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.