CompTIA CAS-004 Online Practice
Questions and Exam Preparation
CAS-004 Exam Details
Exam Code
:CAS-004
Exam Name
:CompTIA Advanced Security Practitioner (CASP+)
Certification
:CompTIA Certifications
Vendor
:CompTIA
Total Questions
:792 Q&As
Last Updated
:Jul 09, 2026
CompTIA CAS-004 Online Questions &
Answers
Question 751:
A security manager discovers that a system's log files contain evidence of potential criminal activity. Which of the following actions should be done next?
A. Power off all systems immediately to block any further actions. B. Perform a thorough investigation with law enforcement. C. Contact the user who appears in the log files. D. Take a system snapshot to preserve any evidence. E. Reach out to the human resources department.
D. Take a system snapshot to preserve any evidence.
Explanation
Question 752:
A large telecommunications equipment manufacturer needs to evaluate the strengths of security controls in a new telephone network supporting first responders. Which of the following techniques would the company use to evaluate data confidentiality controls?
A. Eavesdropping B. On-path C. Cryptanalysis D. Code signing E. RF sidelobe sniffing
A. Eavesdropping
Explanation
Question 753:
A threat hunting team receives a report about possible APT activity in the network. Which of the following threat management frameworks should the team implement?
A. NIST SP 800-53 B. MITRE ATTandCK C. The Cyber Kill Chain D. The Diamond Model of Intrusion Analysis
B. MITRE ATTandCK
Explanation
Question 754:
in a situation where the cost of anti-malware exceeds the potential loss from a malware threat, which of the following is the most cost-effective risk response?
A. Risk transfer B. Risk mitigation C. Risk acceptance D. Risk avoidance
C. Risk acceptance
Explanation
Risk acceptance is the decision to accept the potential risk and continue operating without engaging in extraordinary measures to mitigate it. If the cost of anti-malware exceeds the potential loss from a malware threat, it would be more costeffective to accept the risk rather than spend more on mitigations that don't provide proportional value. This is part of a cost-benefit analysis in risk management.
Question 755:
An organization developed a social media application that is used by customers in multiple remote geographic locations around the world. The organization's headquarters and only datacenter are located in New York City. The Chief Information Security Officer wants to ensure the following requirements are met for the social media application:
1.Low latency for all mobile users to improve the users' experience
2.SSL offloading to improve web server performance
3.Protection against DoS and DDoS attacks
4.High availability
Which of the following should the organization implement to BEST ensure all requirements are met?
A. A cache server farm in its datacenter B. A load-balanced group of reverse proxy servers with SSL acceleration C. A CDN with the origin set to its datacenter D. Dual gigabit-speed Internet connections with managed DDoS prevention
C. A CDN with the origin set to its datacenter
Explanation
Question 756:
SIMULATION
An administrator wants to install a patch to an application.
INSTRUCTIONS
Given the scenario, download, verify, and install the patch in the most secure manner.
The last install that is completed will be the final submission.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
A. See the explanation below. B. PlaceHoder C. PlaceHoder D. PlaceHoder
A. See the explanation below.
Explanation
In this case the second link should be used (This may vary in actual exam). The first link showed the following error so it should not be used.
Also, Two of the link choices used HTTP and not HTTPS as shown when hovering over the links as shown:
Since we need to do this in the most secure manner possible, they should not be used.
Finally, the second link was used and the MD5 utility of MD5sum should be used on the install.exe file as shown. Make sure that the hash matches.
Finally, type in install.exe to install it and make sure there are no signature verification errors.
Question 757:
Which of the following BEST describes a common use case for homomorphic encryption?
A. Processing data on a server after decrypting in order to prevent unauthorized access in transit B. Maintaining the confidentiality of data both at rest and in transit to and from a CSP for processing C. Transmitting confidential data to a CSP for processing on a large number of resources without revealing information D. Storing proprietary data across multiple nodes in a private cloud to prevent access by unauthenticated users
C. Transmitting confidential data to a CSP for processing on a large number of resources without revealing information
Explanation
Question 758:
A company is rewriting a vulnerable application and adding the mprotect() system call in multiple parts of the application's code that was being leveraged by a recent exploitation tool. Which of the following should be enabled to ensure the application can leverage the new system call against similar attacks in the future?
A. TPM B. Secure boot C. NX bit D. HSM
C. NX bit
Explanation
Enabling the NX bit ensures that the rewritten application can effectively use the mprotect() system call to manage memory execution permissions, thereby strengthening its defenses against exploitation tools that attempt to execute code from unauthorized memory regions. This approach aligns with best practices in modern application security to mitigate memory-based vulnerabilities
Question 759:
A cyberanalyst has been tasked with recovering PDF files from a provided image file. Which of the following is the BEST file-carving tool for PDF recovery?
A. objdump B. Strings C. dd D. Foremost
D. Foremost
Explanation
"Foremost is a digital forensic application that is used to recover lost or deleted files. Foremost can recover the files for hard disk, memory card, pen drive, and another mode of memory devices easily. It can also work on the image files that are being generated by any other Application."
dd is a command-line utility for Unix and Unix-like operating systems whose primary purpose is to convert and copy files.
The main purpose of the objdump command is to help in debugging the object file.
In computer software, Strings is a program in Unix, Plan 9, Inferno, and Unix-like operating systems that finds and prints the strings of printable characters in files.
Question 760:
A security analyst is evaluating all third-party software an organization uses. The analyst discovers that each department is violating the organization's policy by provisioning access to SaaS products without oversight from the security group and without using a centralized access control methodology.
Which of the following should the organization use to enforce its SaaS product access requirements?
A. SLDAP B. SAML C. VDI D. TACACS
B. SAML
Explanation
SAML (Security Assertion Markup Language) is a standard for single sign-on (SSO) that provides centralized authentication and authorization, ensuring SaaS access is governed by organizational policies. SLDAP (Secure LDAP) focuses on directory services but does not centralize SaaS product access. VDI (Virtual Desktop Infrastructure) is unrelated to SaaS authentication. TACACS (Terminal Access Controller Access-Control System) is more suited for network devices.
References:
CompTIA CASP+ Exam Objective 2.3: Implement authentication and authorization technologies. CASP+ Study Guide, 5th Edition, Chapter 6, Identity and Access Management.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your CAS-004 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.